Spring: Spring Framework is the most popular application development framework

of Java. The main feature of the Spring Framework is dependency

Injection or Inversion of Control (IoC). With the help of Spring Framework, we
can develop a loosely coupled application. It is better to use if application type or
characteristics are purely defined.

Spring Boot: Spring Boot is a module of Spring Framework. It allows us to build a

stand-alone application with minimal or zero configurations. It is better to use if we
want to develop a simple Spring-based application or RESTful services.

Under the hood, Spring is just a Java application itself - and it responds to our configuration
in a predictable way. When a Spring application starts, it scans your code base for specially-
marked class files and configuration options. It uses that information to instantiate your
application components as Java objects, and it stores them in a special data structure called
the application context. This context is ultimately very similar to a Map or a python
dictionary, and it can be queried at runtime to find specific components when needed. This
is a closed system, so components instantiated outside of Spring won't automatically be
injected with dependencies like those instantiated by Spring. Mind the new keyword!

Key Terms
 Configuration Files: Project files that configure some part of Spring's operation.
Some are embedded in Java classes, like we just discussed, and others
are .properties , .yaml , and .xml files that we'll discuss later this lesson. Some
of them configure the IoC context, like the ones we just discussed, and others
configure more abstract pieces of Spring's system.
 Component Annotations: Component annotations are annotations that identify
application components for Spring to manage. @Bean and @Configuration are
examples from the most recent videos, and in the next section we'll
discuss @Component and @Service as well.
 Application Context: Spring's application context is just a giant data structure
that holds all application component instances. It can be queried to gain access to
a specified component at runtime, and it's what Spring uses to resolve
dependencies.
 Beans: "Beans" are Spring's name for generic application components, and
include any value Spring has stored in the application context. A bean is always
either an object or primitive value.
 Closed System: Spring's application context is a closed system, which means
that it manages all of the components stored within. It is not possible to
instantiate a component manually and still link it fully with Spring - it will never
be aware of the components inside of Spring's application context, and vice
versa.
 @SpringBootApplication : An annotation put on the main application class of a
Spring Boot project. It serves as an alias of three other
annotations, @Configuration , @EnableAutoConfiguration ,
and @ComponentScan
 @Configuration : A class annotated with @Configuration is instantiated and
managed by Spring as a component, but also as a bean factory. Any methods of
 the configuration class that are annotated with @Bean are used by Spring to
create new beans to add to the application context.
 @Bean : A method annotated with @Bean inside of a configuration class will be
used by Spring to generate a bean of the method's return type. This means that
the developer can manually configure beans to be included in the application
context.
 @EnableAutoConfiguration : A class annotated
with @EnableAutoConfiguration tells Spring to try to automatically match
beans to dependencies based primarily on type. This reduces the need for
boilerplate code explicitly identifying individual beans as dependencies.
 @Primary : This annotation distinguishes the annotated bean method as the
default dependency of its type. This is used to resolve conflicts that arise from
having multiple bean definitions of the same type when auto configuration is
enabled.
 @Qualifier : This annotation distinguishes the annotated bean method or
dependency declaration as a qualified bean or dependency. Qualified beans are
considered for unqualified dependencies, but only matching qualified beans are
considered for qualified dependencies.

Spring MVC

Spring MVC is built around the browser as a platform, and it organizes these roles
like this:

 HTML templates are the views - each one represents a specific screen or screen
component that the user is shown.
 In the template, we need to add Thymeleaf attributes to our HTML. In our
example so far, we added the th:text attribute to the heading we want to
be dynamic, like so:
 th:text attribute ( ${welcomeMessage} ). The syntax of this expression is fairly
simple: the ${} indicates an expression to evaluate, and by using
a name like welcomeMessage inside of it, we're telling Thymeleaf to look up a
value in the model supplied for this template with the same name.

 Spring beans are the controllers - specifically, Spring MVC gives

an @Controller annotation that we can use to register our beans as controllers.
Think of Spring bean controllers as specialized application components that can
define methods to handle specific user requests. Those methods are responsible
for choosing the HTML template that is generated in response, as well as for
populating the Model object for that template.
 In order to actually bind the controller to a specific request URL -
like /home in our example - we have to define a method in the controller
and annotate it with @RequestMapping . We also have to return a String
from this method - this is the name of the template we want to render.
For this first step into web development, that's all we do - return the
String "home" to indicate that we want the home.html template to be
rendered when a user requests the /home URL.
  Model objects are the models - every controller method can take an
optional Model argument, and by reading and changing the data inside of it, the
controller can read user-submitted data and populate the template with the
changes. Think of the Model class a simple data-transfer object: something that
can store various bits of data with keys to look that data up, and that can be
passed between the browser, the template engine, and the controller to facilitate
the transfer of data between the user and the application.
 Model is a special class that Spring MVC will send to Thymeleaf to render
the template, and we can set various attributes on it to add named values. As
you can see, we're adding a value of "Hi Hello" to the model with the
name "welcomeMessage" - which is exactly the name we're referencing in
our template! Now when we render the template, the message Hi Hello will
appear on the web page instead of Hello, homepage!

The key elements to focus on are the new arguments to each of these methods -
the MessageForm class is a POJO specifically designed to hold the form data we
defined in the previous video.
For the GET request handling method, we declare the MessageForm argument to
ensure that the object exists and is added to the model by Spring automatically. This
is necessary, because Thymeleaf needs an object with the name newMessage to be
present in the model to render properly, even if there isn't any data in the object yet.
For the POST request handling method, we declare the MessageForm argument to tell
Spring that it should look for data that matches that in the body of the request we're
handling. Spring will then automatically extract that data and put it in
a MessageForm object before calling our method, passing it to us so we can use the
data as we see fit.
In both cases, we're annotating this argument with @ModelAttribute . This allows us
to specify that Spring should add the object to our Model before asking Thymeleaf to
render the template. That means we don't have to add it manually! Pretty handy.

 ORM: Object-Relational Mapping. A general term describing a set of technology that

can be used to automatically convert data between database representation and
application representation.
 JDBC: Java Database Connectivity API, which is a specification for making SQL
requests from Java.
 MyBatis: A thin ORM over JDBC that automatically generates code to execute SQL
statements over JDBC and maps the results to Java objects.
 Mapping: Drawing a relationship between a field in a Java class and a column in a
SQL table.
 One to One: A relationship between two objects in which one entity is on each side
of the relationship.
 Many to Many: A relationship between two objects in which multiple copies of each
entity can be related to multiple copies of the other entity.
 @Select, @Insert, @Update, @Delete: Annotations representing SQL statements
to be executed. Each annotation takes a string for a SQL statement of the
corresponding type. For example, a @Select annotation takes a string for a
SQL SELECT statement.
  @Options: Annotation providing access to switches and configuration options for
JDBC statements.
 Onion Pattern: Sometimes also called Tiered Architecture, Multi-tiered
Architecture, or n-tiered Architecture. This is a design pattern that separates areas
of the application into controller, service, and data layers (and sometimes more).
User flows originate from the controller tier, which passes them to the service tier,
which then reaches a data access bean.
 Encryption: Modifying data before storing it, with the intention of using another
algorithm to return the data to its original form once it needs to be used.
 Hashing: Modifying data before storing it with the intention of never returning it to
its original form. The modified data will be compared to other modified data only.
 Salt: random data that is combined with the input string when hashing so that the
resultant hashed values are unique for each row. This means that two users with the
same password would not have the same hash in the database.

NEXT

Security

1. Configure security with SecurityConfig

a. @Configuration
b. @EnableWebSecurity
c. Extending WebSecurityConfigurerAdapter and overriding
i. configure(AuthenticationManagerBuilder auth)
 Here we will delegate security calls to Authentication Service
ii. configure(HttpSecurity http)
 Here we will configure which resources to skip authentication,
default login page and default successful URL.
2. Create an AuthenticationService by
a. Extending AuthenticationProvider and overriding
i. public Authentication authenticate(Authentication authentication)
 Authentication object contains the form data sent from client side
 This should return new Authentication object specifying the type of
authentication. E.g. UsernamePasswordAuthenticationToken
ii. boolean supports(Class<?> authentication)
 This method lets server know which authentication method this
authentication supports which type of authentication E.g.
UsernamePasswordAuthenticationToken
b.