1. Understanding of
spring Spring is an open source framework, so what is a framework and what is the use of a framework? What are its advantages and disadvantages?
What is its applicable scenario?
I think the framework is like a semi-finished software, but this semi-finished software is the architectural foundation of your software, just like the frame of a house. Generally speaking, the design structure of the house is always built first, and then The color of the shape is completely up to you to add it later. This is also a bit like the decorator pattern, or the top-level class in polymorphism, the ancestor of vampires, and the skeleton of a human being is the same, but it still depends on the shape. Looking at the internal genes and painting haha...
The role of the frame is self-evident, the positioning of the spring frame is probably similar to our room design, which has become a classic. Of course, the analogy between framework and architecture is not completely appropriate, because there are many APIs left in the software, which can be easily extended when some performance does not meet your requirements. The most different is that a principle of software architecture is closed for modification and open for extension.
Not to mention the benefits of using an off-the-shelf framework, and it's free. It not only greatly shortens the software development cycle, but also the architecture design is excellent.
The advantages listed by the Spring team:
1. Non-intrusive framework, which minimizes the target program's dependence on the framework, and the application can run without spring or other containers.
2. The consistent programming model enables applications to be developed directly using POJOs, which can be isolated from the running environment.
3. Spring promotes the transformation of application object-oriented and interface-oriented programming, and improves the reusability and testability of the code.
4. Improves the choice of architecture. Spring can integrate and encapsulate many other architectures, such as S2SH. Of course, SpringMVC also has Own implementation for data persistence and WebUI layer.
Inadequacy of spring:
Personally, I think that using a framework to develop can really solve a lot of business duplication, but it will make people too dependent on the framework and not know what the underlying implementation mechanism is, and it is easy for others to exploit the vulnerabilities of this framework to attack open source code. your website.
In Mr. Wu's security book, he mentioned web framework security issues and springMVC command execution vulnerabilities.
Spring security provides springMVC with many security mechanisms, but it lacks solutions to problems such as XSS and CSRF.
Since the spring framework can update the value of the object according to the value provided by the client, this will also cause the attacker to modify the properties of the class loader loaded by the class.classloader, and it is possible to execute arbitrary commands.
Spring's two core IOC dependency inversion and AOP aspect-oriented programming
IOC container are the core modules of Spring, the two main container series of IOC.
1. A simple container series that implements the BeanFactory interface. This series of containers only implements the most basic functions of the container.
2. Implement the ApplicationContext application context, which exists as an advanced form of the container. Based on the simple container, the application context adds many framework-oriented features and makes many adaptations to the application environment.
IOC interface diagram
1. From interface beanFactory to HierarchicalBeanFactory to ConfigurableBeanFactory is the main BeanFactory design path. BeanFactory defines the basic IoC container specification.
The interface function of getParentBeanFactory() is added to HIerarchicalBeanFactory, so that BeanFactory has the management function of parent IoC container.
ConfigurableBeanFactory mainly defines some configuration functions for BeanFactory
2, from BeanFactory to ListableBeanFactory to ApplicationContext and then to the commonly used WebApplicationContext or ConfigurableApplication. Common application contexts are basically implementations of WebApplicationContext or ConfigurableApplication.
Many BeanFactory functions are refined in the ListableBeanFactory interface, while ApplicationContext implements interfaces such as MessageSource, ResourceLoader, and ApplicationEventPublisher, and adds support for many advanced container features to the BeanFactory simple IOC container, making it more adaptable to the application context.
The IOC container initialization process
is divided into three steps. The first step: Resource positioning is the positioning of the beanDefinition. The
second step: BeanDefinition loading. Rules are parsed. Finally, complete the processing of BeanDefinition.
Part 3: Inject these BeanDefinitions into the container. The BeanDefinition is injected into the HashMap through the BeanDefinitionRegistry interface, and the IOC container holds the BeanDefinition data through the HashMap.
The process of IOC container initialization does not include bean dependency injection. Bean loading and dependency injection are two independent processes.
Dependency injection of IOC
Dependency injection generally occurs when the application requests beans from the container through getBean for the first time. Of course, the attribute lazyinit can also be used to implement pre-instantiation configuration. In the interface diagram of the IOC above, you can see that there is a definition of the getBean() interface in the BeanFactory, and the implementation of this interface is where dependency injection is triggered.
1. The first step is to generate a Bean according to the BeanDefinition
getBean - call -> createBean -> the bean object is generated according to the BeanDefinition definition -> some properties will be initialized later.
There are two ways to instantiate bean objects. One is that BeanUtils uses JVM reflection. When it comes to JVM reflection, it is actually a mechanism to obtain class information and dynamically invoke class methods through the class itself. The other is through the Enhancer class of CGLIB to complete
2. The second step is to realize the real injection after parsing the bean dependencies
Reference: Spring Technology Insider