Chapter
IntelliJ IDEA 13 Ultimate Edition
Conventions Used in This Book
Why Security Is at the End of the Book
Part 1: Creating Enterprise Applications
Chapter 1: Introducing Java Platform, Enterprise Edition
A Timeline of Java Platforms
The Birth of Enterprise Java
Java SE and Java EE Evolving Together
Understanding the Most Recent Platform Features
Understanding the Basic Web Application Structure
Servlets, Filters, Listeners, and JSPs
Directory Structure and WAR Files
The Deployment Descriptor
Class Loader Architecture
Chapter 2: Using Web Containers
Other Containers and Application Servers
Why You'll Use Tomcat in This Book
Installing Tomcat on Your Machine
Installing as a Windows Service
Installing as a Command-Line Application
Configuring a Custom JSP Compiler
Deploying and Undeploying Applications in Tomcat
Performing a Manual Deploy and Undeploy
Debugging Tomcat from Your IDE
Chapter 3: Writing Your First Servlet
Using the Initializer and Destroyer
Configuring a Servlet for Deployment
Adding the Servlet to the Descriptor
Mapping the Servlet to a URL
Running and Debugging Your Servlet
Understanding doGet(), doPost(), and Other Methods
What Should Happen during the service Method Execution?
Using HttpServletResponse
Using Parameters and Accepting Form Submissions
Configuring your Application Using Init Parameters
Using Context Init Parameters
Using Servlet Init Parameters
Uploading Files from a Form
Introducing the Customer Support Project
Configuring the Servlet for File Uploads
Making Your Application Safe for Multithreading
Understanding Requests, Threads, and Method Execution
Protecting Shared Resources
Chapter:4 Using JSPs to Display Content
Is Easier Than output.println("
")
What Happens to a JSP at Run Time
Understanding the File Structure
Directives, Declarations, Scriptlets, and Expressions
Adding Imports to Your JSP
Using Java within a JSP (and Why You Shouldn't!)
Using the Implicit Variables in a JSP
Why You Shouldn't Use Java in a JSP
Combining Servlets and JSPs
Configuring JSP Properties in the Deployment Descriptor
Forwarding a Request from a Servlet to a JSP
A Note about JSP Documents (JSPX)
Chapter 5: Maintaining State Using Sessions
Understanding Why Sessions Are Necessary
Enabling Application Workflow
Using Session Cookies and URL Rewriting
Understanding the Session Cookie
Storing Data in a Session
Configuring Sessions in the Deployment Descriptor
Storing and Retrieving Data
Storing More Complex Data in Sessions
Applying Sessions Usefully
Adding Login to the Customer Support Application
Detecting Changes to Sessions Using Listeners
Maintaining a List of Active Sessions
Clustering an Application That Uses Sessions
Using Session IDs in a Cluster
Understand Session Replication and Failover
Chapter 6: Using the Expression Language in JSPs
Understanding Expression Language
Understanding the Base Syntax
Writing with the EL Syntax
Object Properties and Methods
Static Field and Method Access
Using Scoped Variables in EL Expressions
Using the Implicit EL Scope
Using the Implicit EL Variables
Accessing Collections with the Stream API
Understanding Intermediate Operations
Using Terminal Operations
Putting the Stream API to Use
Replacing Java Code with Expression Language
Chapter 7: Using the Java Standard Tag Library
Introducing JSP Tags and the JSTL
Using the Core Tag Library (C Namespace)
Putting Core Library Tags to Use
Using the Internationalization and Formatting Tag Library (FMT Namespace)
Internationalization and Localization Components
Putting i18n and Formatting Library Tags to Use
Using the Database Access Tag Library (SQL Namespace)
Using the XML Processing Tag Library (X Namespace)
Replacing Java Code with JSP Tags
Chapter 8: Writing Custom Tag and Function Libraries
Understanding TLDs, Tag Files, and Tag Handlers
Reading the Java Standard Tag Library TLD
Comparing JSP Directives and Tag File Directives
Creating Your First Tag File to Serve as an HTML Template
Creating a More Useful Date Formatting Tag Handler
Creating an EL Function to Abbreviate Strings
Replacing Java Code with Custom JSP Tags
Chapter 9: Improving Your Application Using Filters
Understanding the Purpose of Filters
Compression and Encryption Filters
Creating, Declaring, and Mapping Filters
Understanding the Filter Chain
Mapping to URL Patterns and Servlet Names
Mapping to Different Request Dispatcher Types
Using the Deployment Descriptor
Using Programmatic Configuration
Ordering Your Filters Properly
URL Pattern Mapping versus Servlet Name Mapping
Exploring Filter Order with a Simple Example
Using Filters with Asynchronous Request Handling
Investigating Practical Uses for Filters
Adding a Simple Logging Filter
Compressing Response Content Using a Filter
Simplifying Authentication with a Filter
Chapter 10: Making Your Application Interactive with WebSockets
Evolution: From Ajax to WebSockets
Problem: Getting New Data from the Server to the Browser
Solution 1: Frequent Polling
Solution 3: Chunked Encoding
Solution 4: Applets and Adobe Flash
WebSockets: The Solution Nobody Knew Kind of Already Existed
Understanding the WebSocket APIS
HTML5 (JavaScript) Client API
Creating Multiplayer Games with WebSockets
Implementing the Basic Tic-Tac-Toe Algorithm
Creating the Server Endpoint
Writing the JavaScript Game Console
Playing WebSocket Tic-Tac-Toe
Using WebSockets to Communicate in a Cluster
Simulating a Simple Cluster Using Two Servlet Instances
Transmitting and Receiving Binary Messages
Testing the Simulated Cluster Application
Adding "Chat with Support" to the Customer Support Application
Using Encoders and Decoders to Translate Messages
Creating the Chat Server Endpoint
Writing the JavaScript Chat Application
Chapter 11: Using Logging to Monitor Your Application
Understanding the Concepts of Logging
What Content You Might Want to See in Logs
Using Logging Levels and Categories
Why Are There Different Logging Levels?
How Logging Categories Work
Choosing a Logging Framework
API versus Implementation
A Quick Look at Apache Commons Logging and SLF4J
Integrating Logging into Your Application
Creating the Log4j 2 Configuration Files
Utilizing Fish Tagging with a Web Filter
Writing Logging Statements in Java Code
Using the Log Tag Library in JSPs
Logging in the Customer Support Application
Part 2: Adding Spring Framework Into the Mix
Chapter 12: Introducing Spring Framework
What Is Spring Framework?
Inversion of Control and Dependency Injection
Aspect-Oriented Programming
Data Access and Transaction Management
Model-View-Controller Pattern for Web Applications
Multiple User Interfaces Utilizing One Code Base
Understanding Application Contexts
Bootstrapping Spring Framework
Using the Deployment Descriptor to Bootstrap Spring
Programmatically Bootstrapping Spring in an Initializer
Configuring Spring Framework
Creating an XML Configuration
Creating a Hybrid Configuration
Configuring Spring with Java Using @Configuration
Utilizing Bean Definition Profiles
Understanding How Profiles Work
Considering Antipatterns and Security Concerns
Chapter 13: Replacing Your Servlets with Controllers
Understanding @RequestMapping
Using @RequestMapping Attributes to Narrow Request Matching
Specifying Controller Method Parameters
Selecting Valid Return Types for Controller Methods
Using Spring Framework's Model and View Pattern
Using Explicit Views and View Names
Using Implicit Views with Model Attributes
Returning Response Entities
Making Your Life Easier with Form Objects
Adding the Form Object to Your Model
Using the Spring Framework
Obtaining Submitted Form Data
Updating the Customer Support Application
Enabling Multipart Support
Converting Servlets to Spring MVC Controllers
Creating a Custom Downloading View
Chapter 14: Using Services and Repositories to Support Your Controllers
Understanding Model-View-Controller Plus Controller-Service-Repository
Recognizing Different Types of Program Logic
Repositories Provide Persistence Logic
Services Provide Business Logic
Controllers Provide User Interface Logic
Using the Root Application Context Instead of a Web Application Context
Reusing the Root Application Context for Multiple User Interfaces
Moving Your Business Logic from Controllers to Services
Using Repositories for Data Storage
Improving Services with Asynchronous and Scheduled Execution
Understanding Executors and Schedulers
Configuring a Scheduler and Asynchronous Support
Creating and Using @Async Methods
Creating and Using @Scheduled Methods
Applying Logic Layer Separation to WebSockets
Adding Container-Managed Objects to the Spring Application Context
Using the Spring WebSocket Configurator
Remember: A WebSocket Is Just Another Interface for Business Logic
Chapter 15: Internationalizing Your Application with Spring Framework i18n
Why Do You Need Spring Framework i18n?
Making Internationalization Easier
Localizing Error Messages Directly
Using the Basic Internationalization and Localization APIS
Understanding Resource Bundles and Message Formats
Message Sources to the Rescue
Using Message Sources to Internationalize JSPs
Con"guring Internationalization in Spring Framework
Creating a Message Source
Understanding Locale Resolvers
Using a Handler Interceptor to Change Locales
Providing a User Profile Locale Setting
Including Time Zone Support
Understanding How Themes Can Improve Internationalization
Internationalizing Your Code
Handling Application Errors Cleanly
Updating the Customer Support Application
Using the Message Source Directly
Chapter 16: Using JSR 349, Spring Framework, and Hibernate Validator for Bean Validation
Understanding the Annotation Metadata Model
Using Bean Validation with Spring Framework
Configuring Validation in the Spring Framework Container
Configuring the Spring Validator Bean
Setting Up Error Code Localization
Using a Method Validation Bean Post-Processor
Making Spring MVC Use the Same Validation Beans
Adding Constraint Validation Annotations to Your Beans
Understanding the Built-in Constraint Annotations
Understanding Common Constraint Attributes
Putting Constraints to Use
Using @Valid for Recursive Validation
Checking Constraint Legality at Compile-Time
Configuring Spring Beans for Method Validation
Annotating Interfaces, Not Implementations
Using Constraints and Recursive Validation on Method Parameters
Validating Method Return Values
Indicating That a Class Is Eligible for Method Validation
Using Parameter Validation in Spring MVC Controllers
Displaying Validation Errors to the User
Writing Your Own Validation Constraints
Inheriting Other Constraints in a Custom Constraint
Creating a Constraint Validator
Understanding the Constraint Validator Life Cycle
Integrating Validation in the Customer Support Application
Chapter 17: Creating RESTful and SOAP Web Services
Understanding Web Services
In the Beginning There Was SOAP
RESTful Web Services Provide a Simpler Approach
Con"guring RESTful Web Services with Spring MVC
Segregating Controllers with Stereotype Annotations
Creating Separate Web and REST Application Contexts
Handling Error Conditions in RESTful Web Services
Mapping RESTful Requests to Controller Methods
Improving Discovery with an Index Endpoint
Testing Your Web Service Endpoints
Making Requests to Your Web Service
Using Spring Web Services for SOAP
Writing Your Contract-First XSD and WSDL
Adding the SOAP Dispatcher Servlet Configuration
Chapter 18: Using Messaging and Clustering for Flexibility and Reliability
Recognizing When You Need Messaging and Clustering
What Is Application Messaging?
How Do Messaging and Clustering Work Together?
Adding Messaging Support to your Application
Creating Application Events
Subscribing to Application Events
Publishing Application Events
Making your Messaging Distributable Across a Cluster
Updating Your Events to Support Distribution
Creating and Configuring a Custom Event Multicaster
Using WebSockets to Send and Receive Events
Discovering Nodes with Multicast Packets
Simulating a Cluster with Multiple Deployments
Distributing Events with AMQP
Configuring an AMQP Broker
Creating an AMQP Multicaster
Running the AMQP-Enabled Application
Part 3: Persisting Data with JPA and Hibernate ORM
Chapter 19: Introducing Java Persistence API and Hibernate ORM
What Is Data Persistence?
Relational Database Systems
Object-Oriented Databases
Schema-less Database Systems
What Is an Object-Relational Mapper?
Understanding the Problem of Persisting Entities
O/RMs Make Entity Persistence Easier
JPA Provides a Standard O/RM API
A Brief Look at Hibernate ORM
Using Hibernate Mapping Files
Understanding the Session API
Getting a Session from the SessionFactory
Creating a SessionFactory with Spring Framework
Preparing a Relational Database
Installing MySQL and MySQL Workbench
Installing the MySQL JDBC Driver
Creating a Connection Resource in Tomcat
A Note About Maven Dependencies
Chapter 20: Mapping Entities to Tables with JPA Annotations
Getting Started with Simple Entities
Marking an Entity and Mapping It to a Table
Indicating How JPA Uses Entity Fields
Specifying Column Names and Other Details
Creating and Using a Persistence Unit
Designing the Database Tables
Understanding Persistence Unit Scope
Creating the Persistence Configuration
Using the Persistence API
Mapping Complex Data Types
Using Enums as Entity Properties
Understanding How JPA Handles Dates and Times
Mapping Large Properties to CLOBs and BLOBs
Chapter 21: Using JPA in Spring Framework Repositories
Using Spring Repositories and Transactions
Understanding Transaction Scope
Using Threads for Transactions and Entity Managers
Taking Advantage of Exception Translation
Configuring Persistence in Spring Framework
Creating a Persistence Unit in Code
Setting Up Transaction Management
Creating and Using JPA Repositories
Injecting the Persistence Unit
Implementing Standard CRUD Operations
Creating a Base Repository for All Your Entities
Demarking Transaction Boundaries in Your Services
Using the Transactional Service Methods
Converting Data with DTOs and Entities
Creating Entities for the Customer Support Application
Securing User Passwords with BCrypt
Transferring Data to Entities in Your Services
Chapter 22: Eliminating Boilerplate Repositories with Spring Data JPA
Understanding Spring Data's Uni"ed Data Access
Avoiding Duplication of Code
Using the Stock Repository Interfaces
Creating Query Methods for Finding Entities
Providing Custom Method Implementations
Con"guring and Creating Spring Data JPA Repositories
Enabling Repository Auto-Generation
Writing and Using Spring Data JPA Interfaces
Refactoring the Customer Support Application
Converting the Existing Repositories
Adding Comments to Support Tickets
Chapter 23: Searching for Data with JPA and Hibernate Search
An Introduction to Searching
Understanding the Importance of Indexes
Taking Three Different Approaches
Using Advanced Criteria to Locate Objects
Creating Complex Criteria Queries
Creating Useful Indexes to Improve Performance
Taking Advantage of Full-Text Indexes with JPA
Creating Full-Text Indexes in MySQL Tables
Creating and Using a Searchable Repository
Making Full-Text Searching Portable
Indexing Any Data with Apache Lucene and Hibernate Search
Understanding Lucene Full-Text Indexing
Annotating Entities with Indexing Metadata
Using Hibernate Search with JPA
Chapter 24: Creating Advanced Mappings and Custom Data Types
Converting Nonstandard Data Types
Understanding Attribute Converters
Understanding the Conversion Annotations
Creating and Using Attribute Converters
Embedding POJOs Within Entities
Indicating That a Type Is Embeddable
Marking a Property as Embedded
Overriding Embeddable Column Names
Defining Relationships Between Entities
Understanding One-to-One Relationships
Using One-to-Many and Many-to-One Relationships
Creating Many-to-Many Relationships
Addressing Other Common Situations
Versioning Entities with Revisions and Timestamps
Defining Abstract Entities with Common Properties
Mapping Basic and Embedded Collections
Persisting a Map of Key-Value Pairs
Storing an Entity in Multiple Tables
Creating Programmatic Triggers
Acting before and after CRUD Operations
Refining the Customer Support Application
Mapping a Collection of Attachments
Lazy Loading Simple Properties with Load Time Weaving
Part 4: Securing Your Application with Spring Security
Chapter 25: Introducing Spring Security
Integrating Authentication
Understanding Authorization
Understanding the Spring Security Foundation
Using Spring Security's Authorization Services
Configuring Spring Security
Chapter 26: Authenticating Users with Spring Security
Choosing and Configuring an Authentication Provider
Configuring a User Details Provider
Working with LDAP and Active Directory Providers
Authenticating with OpenID
Exploring Other Authentication Providers
Writing Your Own Authentication Provider
Bootstrapping in the Correct Order
Creating and Configuring a Provider
Mitigating Cross-Site Request Forgery Attacks
Chapter 27: Using Authorization Tags and Annotations
Authorizing by Declaration
Checking Permissions in Method Code
Using Annotations to Declare Permissions
Defining Method Pointcut Rules
Understanding Authorization Decisions
Using Access Decision Voters
Using Access Decision Managers
Creating Access Control Lists for Object Security
Understanding Spring Security ACLs
Configuring Access Control Lists
Populating ACLs for Your Entities
Adding Authorization to Customer Support
Switching to Custom User Details
Securing Your Service Methods
Using Spring Security's Tag Library
Chapter 28: Securing RESTful Web Services with OAuth
Understanding Web Service Security
Comparing Web GUI and Web Service Security
Choosing an Authentication Mechanism
Understanding the Key Players
Using Spring Security OAuth
Creating on OAuth 2.0 Provider
Creating an OAuth 2.0 Client
Finishing the Customer Support Application
Generating Request Nonces and Signatures
Implementing Client Services
Implementing Nonce Services
Implementing Token Services
Customizing the Resource Server Filter
Reconfiguring Spring Security
Creating an OAuth Client Application
Customizing the REST Template
Configuring the Spring Security OAuth Client
Testing the Provider and Client Together