Java framework learning (1) JavaWeb foundation: Maven, Spring, Tomcat, Mybatis, Springboot

Maven

Maven is a project management tool that includes a project object model (Project Object Model, pom file), a project life cycle (command), and a dependency management system (coordinates).

The benefits of using Maven:
1. It is convenient to build modules for the project, simplify the project structure, facilitate the development of division of labor, and improve development efficiency.
2. Maven can manage the dependencies of different systems in a unified way, and can transfer and inherit dependencies, which is convenient for project upgrades.
3. Maven also has many plug-ins, which are convenient for function expansion, such as maven-shade, which is used to package multiple jar packages into one jar package; maven-compiler-plugin, which is used to compile the source code of the project, etc.

Maven repository

The Maven warehouse is used to store resources and manage various jar packages.

Warehouses are divided into three types:

1. Central warehouse: the only one in the world maintained by the Maven team
2. Local warehouse: a directory on your own computer
3. Remote warehouse: a private warehouse generally built by the company team

Maven coordinates

• groupId : Organization ID, which defines the name of the organization to which the current Maven project belongs (usually reversed domain name, for example: com.qjk)
• artifactId: Project ID, which defines the current Maven project name (usually the module name, such as order-service, goods-service)
• version : defines the current project version number
• packaging: Define the way the Maven project is packaged. If there is no packaging, the default is jar package.
• classifier : This element is used to help define some attachments to the build output. The subsidiary components correspond to the main components.

Why does Maven perform dependency management, but there are still dependency conflicts? What is the means of handling dependency conflicts?

Reasons for dependency conflicts:

1. Transitive dependencies lead to conflicts between different versions of jar packages. Maven adopts the principle of proximity to exclude jar packages with long dependency paths, resulting in ClassNotFoundsuch errors.
2. Different jar packages have the same classpath.

Solutions to jar package conflicts:

• idea can follow the Maven Helper plugin to help analyze conflicting jar packages.
• Use Ctrl + shift + alt + n to find the jar package where the classpath is located, and exclude the corresponding jar package from the pom.

Talk about scope dependency scope in detail

• compile: the default scope, which is valid during runtime and needs to be included in the package
• test: only valid in the test program and will not be included in the package
• provided: It is valid during compilation, and does not need to be provided during runtime, and will not be included in the package
• runtime: not needed during compilation, valid during runtime, and needs to be included in the package

Maven's life cycle

The life cycle of Maven is to abstract and unify the construction process of all Maven projects.
In the idea, we end up focusing on the following 5 stages (in order):

• clean: remove the files generated by the previous build
• compile: Compile the project source code
• test: use a suitable unit testing framework for testing, such as Junit
• package: Package the compiled file into a jar or war package
• install: install the project to the local warehouse

Note: In the same set of life cycle, when the later stage is run, the previous stage will be run.

Clicking a certain stage of the life cycle under lifecycle in the idea is actually completed by the corresponding Maven plug-in.

Maven Advanced

Sub-module design

The modular design facilitates the division of labor in development, the management, expansion and maintenance of later projects, and the integration of existing module functions in other projects. When integrating, you only need to introduce the corresponding Maven dependencies.

inherit

Different modules may need to introduce the same dependencies, so we can extract the public dependencies of the modules and build a parent project, and other sub-modules that need this dependency only need to inherit the dependencies of the parent project.

The inheritance of the Maven project is similar to the inheritance in Java, and multiple inheritance is not allowed, that is, a module project can only inherit one parent project

Tips: Summary of packaging methods:

Therefore, when we use Maven to implement the project inheritance relationship, we should use the pom method to package:
use the label <packaging> pom </packaging>to specify, if not specified, the default is the jar package.

Inheritance relationship implementation:

version locking

In the parent project, the dependency version is managed uniformly through the tag < dependencyManagement >, so that the sub-project does not need to specify the version number. When the version needs to be changed, it only needs to be changed uniformly in the parent project.

The < dependencies > tag is a direct dependency. If the tag is configured in the parent project, the child project will inherit it directly.

< dependencyManagement > is a unified dependency management version that does not directly depend on it. If the sub-project needs this dependency, it needs to be introduced in the pom file, but there is no need to specify the version number, and the version number specified in the parent project will be used.

However, in the parent project, the version numbers of each dependency are also scattered in the version tags of each dependency, in order to centrally manage the version tags. You can use the functions provided by Maven 自定义属性和引用属性.

polymerization

The purpose of aggregation is to organize multiple modules into a whole, so that Maven's life cycle operations (such as clean compile test install package) can be executed with one click.

Similarities and differences between inheritance and aggregation in Maven

private server

The private server is the Maven dependency library that is managed uniformly within the company.

This process is similar to Github remote repository. . .

Step 1: Set the user name and password for private server access: use the server label

Step 2: Specify the configuration upload (publish) address.

Step 3: Set the address of the warehouse group that the private server depends on downloading

At the same time, it is set to allow downloading from private servers. (By default, the snapshots version cannot be downloaded from private servers.)

Tomcat

Tomcat is a lightweight web server, also known as web container, servlet container, web server encapsulates HTTP protocol operations, simplifies web program development, is used to deploy web projects, and provides online information browsing services.

servlet

Layered decoupling

Three-tier architecture

Based on the principle of single responsibility, a three-tier architecture is adopted to complete the back-end functions of business data access, logic processing and response.

• Controller: the control layer, which receives the request sent by the front end, processes the request, and responds to the data.
• Service: Business logic layer, which handles specific business logic.
• Dao: (data access object, data access object layer), responsible for data access operations, including adding, deleting, checking and modifying the database.

According to the idea of ​​three-tier architecture, the front-end request first passes through the Controller layer, receives the request, and then performs logical processing through the Service layer. Objects logically processed by the Service layer need to obtain data objects through the Dao layer. After the business operation is completed, the Controller layer responds to the data to the front end.

IOC (Inversion of Control) and DI (Dependency Injection)

According to the code written in the three-tier architecture, the middle service layer is coupled with the upper Controller layer and the lower Dao layer respectively.

In order to achieve layered decoupling, Spring provides inversion of control (inversion of control, IOC) and dependency injection (dependency injection, DI) technology.

Inversion of control transfers objects to container management, and dependency injection injects objects where they need to be used.

• Inversion of Control (IOC): Control of object creation is transferred from the program to the outside (container).
• Dependency Injection (DI): The container provides the resources that the application depends on at runtime.
• The objects created and managed in the container are calledbean

The specific implementation process:

1. Use @Componentannotations to hand over the implementation classes of the service layer and the dao layer to the IOC container for management.
2. Where the controller layer needs to rely on the implementation class of the service layer and where the service layer needs to rely on the implementation class of the dao layer, use @Autowiredannotations.

Detailed explanation of IOC

IOC is to hand over objects to container management. In actual development, in addition to the annotations used above, @Componentin fact, we use more annotations as @Controller, @Service, @Repository, which correspond to the controller layer, service layer and dao layer respectively.

Looking at @Servicethe annotation, you will find that it is @Componentcomposed of annotations and meta-annotations, so, in fact, it is a derived annotation of Component.

• Using annotations will declare a Java bean object in the container. When declaring a bean, you can specify the name of the bean through the value attribute. If not specified, the default is the first letter of the class name in lowercase.
• Beans can be declared using the above four annotations, but in springboot integrated web development, the bean declared controller can only be used. @ControllerIn addition, since the annotation @RestControlleris a composite annotation integrated @Controllerwith and @Requestbody, it can also be used to declare the bean of the controller type object.

Bean component scanning

• The four major annotations of the declared bean need to be @ComponentScanscanned by component scanning annotations if they want to take effect.
• @ComponentScanAlthough the annotation does not display the configuration, it is actually included in the startup class declaration annotation @SpringBootApplication.The scope of the default scan is the package where the startup class is located and its subpackages.

If you want to scan bean components outside the package where the startup class is located, you need to use annotations at the startup class @ComponentScan, and the parameter is the package name. Note that using annotations @ComponentScanwill invalidate the default annotations, so you need to re-specify the package where the startup class is located.

Detailed explanation of DI

The DI dependency injection @Autowiredannotation is to obtain the corresponding bean object according to the type from the container. If there are multiple beans of the same type, an error will be reported: solve it

through the following solutions;

• @Primary: When there are multiple annotations of the same type, the bean object declared with this annotation is injected first.
• @Qualifier: Use this annotation with the @autowired annotation to specify the name of the bean.
• @Resource: Use this annotation alone to specify the bean name.

@AutowiredDifferences from @Resourceannotations:

• @AutowiredIt is the annotation provided by the spring framework, @Resourcebut the annotation provided by JDK
• @AutowiredThe default is to inject by type, @Resourcebut to inject by name by default

My shoe

• MyBatis is an excellent persistence layer framework
• MyBatis avoids almost all JDBC (Java Database Connect) code and the process of manually setting parameters and obtaining result sets
• MyBatis can use simple XML or annotations to configure and map native information, and map interfaces and Java entity classes [Plain Old Java Objects, ordinary Java objects] into records in the database.
• MyBatis was originally an open source project of apache, ibatis. In 2010, this project was migrated from apache to google code and renamed MyBatis.
• Mybatis official document: http://www.mybatis.org/mybatis-3/zh/index.html
• GitHub : https://github.com/mybatis/mybatis-3

configuration process

@MapperThe annotation will manage the implementation class of the interface in the container, so when we want to use the implementation class object of the interface, we only need to declare an implementation class object, and use the annotation to automatically inject, and we will get the object declared by @Autowiredthe Mapperannotation .

JDBC（Java DataBase Connectivity）

Traditional jdbc operations have many repetitive code blocks, such as encapsulation when fetching data, establishing connection to the database, etc., and the role of Mybatis is to help programmers store data in the database and fetch data from the database based on the framework.

database connection pool

lombok toolkit

@DataSimplify entity class writing through annotations .

Basic operation of Mybatis

There are two ways to configure SQL statements in Mybatis:

• annotation based
• XML based mapping file

delete

precompiled SQL

• Precompiled SQL has better performance. For example, for the same SQL, only the parameters are different. Using precompiled SQL can cache the SQL, apply the cache to replace the parameters, and execute it directly. Using cache can skip SQL syntax parsing check, SQL optimization and SQL compilation, so the performance is higher.
• Prevent SQL injection, more secure.SQL injection is a method of modifying the pre-defined SQL statement by manipulating the input data to execute the code to attack the server

Case of SQL injection attack:
Enter in login: account name is arbitrary, password is 'or '1' = '1'

when verifying in the background:

you can see that ==or '1' = '1'== is always established, then naturally you can always log in successfully!

In addition to using #parameter placeholders, you can also use $placeholders, the differences are as follows:

Add

Primary key return:
Use @Optionsannotations, useGeneratedKeys = true, assign the primary key to the id attribute.

Revise

Inquire

Data encapsulation:

When the attribute name of the entity class is inconsistent with the field name, the field value cannot be automatically encapsulated into the attribute value of the class.

The solution is as follows:

1. Solution 1: Alias ​​the field so that the alias is consistent with the attribute of the entity class.
2. Solution 2: Manually map and encapsulate through the @Result annotation
3. Solution 3: In the spring configuration file ( application.properties), enable the automatic mapping switch of mybatis hump namingmybatis.configuration.map-underscore-to-camel-case =true

When using %wildcards in fuzzy queries, you need to use single quotation marks splicing, and #the wildcards used cannot exist in quotation marks. In order to continue to use the #provided SQL precompilation function, use concatthe character splicing method.

XML mapping file

XML mapping files can also be used to configure SQL.

The XML file written according to the specification can be normally located and the SQL statement in it can be executed.

The use of mybatis annotations is mainly to complete some simple functions of addition, deletion, modification and query. If you need to implement complex SQL functions, it is recommended to use XML to configure SQL statements.

Mybatis dynamic SQL

SQL statements that change with user input or changes in external conditions are called dynamic SQL.

Writing dynamic SQL mainly relies on some label statements:

• < if >: Used to judge whether the condition is true, use the test attribute to judge the condition, if the condition is true, splicing SQL.
• < where > : The where element will only insert the where clause when the child element has content, and will automatically remove the and or or at the beginning of the clause.

• < set > : dynamically inserts the set keyword at the beginning of the line, and removes the extra comma. (used in update statement)
  
• < foreach >：
  • collection: the collection to traverse
  • item: elements traversed
  • separator: separator
  • open: SQL fragment spliced ​​before traversal starts
  • close: SQL fragment spliced ​​after traversal.
    This tag is mainly used in scenarios that require batch operations, such as the following example of fatigue deletion:
    
• <sql> and <include>: For a large number of repeated use of SQL fragments, you can use the <sql> tag to extract high-frequency repeated tags and set the id name. Where it needs to be used, use the <include> tag and set refid to id Name, reference replacement.

Restful style API

Representation State Transfer, representational state transition, a software architectural style.

Use URLs to locate resources, and HTTP verbs (request methods) to describe operations:

• Query: Get
• Added: Post
• Modification: Put
• Delete: Delete

properties configuration file

parameter configuration

Set the configuration information attribute values ​​in the application.properties file, and @Valueinject the attribute values ​​of the external configuration file through annotations in the Java file.

yml configuration file

Using configuration files in yml or yaml format is more concise and the hierarchical structure is clearer.

ConfigurationProperties

Using @Valueinjected configuration properties is tedious, is there any possibility to simplify this step?

Through @ConfigurationPropertiesannotations, the property values ​​​​in the configuration file are injected into the object.

Dependencies can be added to Maven:

Case implementation - login verification

When the server receives the request, it checks whether it is in the login state. If it is, it processes the request normally. If not, it intercepts it.

The server generally adopts unified interception for the realization of the login verification function, and marks it if it is logged in.

conversational technology

cookie

Cookie: client session tracking technology, technology supported by http protocol. After successful login, the server responds with set-cookie and sends the cookie to the browser. The browser caches the cookie locally, and the subsequent request headers carry the cookie. Verify login status.

Disadvantages of cookies:

• Mobile APP is not available
• Not secure, user can disable cookies
• Cookies cannot cross domains
  • Cross-domain is divided into three dimensions, protocol, IP, port

session

Session is a server-side session tracking technology. The session is stored on the server side, and its bottom layer is still based on cookies.

The principle of session tracking:
The browser login request gives JSESSION, that is, the session id, the server sets the session id through set-cookie, and saves it on the server, and then checks the session id in the cookie carried by the browser when sending the request Whether it is consistent with the one saved by the server can determine whether it is a session.

Disadvantages of session:
Because the session is stored on the server, the session cannot be used in the server cluster.

token technology

After the browser logs in successfully, the server generates a token for the client, and the client saves the token, which is carried in subsequent requests. If information needs to be shared in the same session, the information is stored in the token.

advantage:

• The token token can be stored in a cookie or locally on the client side, so it supports PC and mobile terminals.
• It can solve the authentication problem in the cluster environment.

Disadvantage: token token needs to be implemented by yourself

JWT token

JWT (Json Web Token), json network token, defines a concise] self-contained format for securely transmitting information in json data format between two communicating parties. Due to the existence of digital signatures, these messages are reliable.

A JWT token mainly consists of three parts, .connected by two points:

• header (header), record token type, signature algorithm
• payload (payload), carrying some custom information, default information.
• signature (signature), to prevent the token from being tampered with, to ensure security, add the header and payload to the specified secret key, and calculate it through the specified signature algorithm.

JWT is originally a json, how is it converted into a string?

Through base64 encoding, the so-called base64 encoding is an encoding method consisting of 64 characters (0-9, az, AZ, +, /). Any data encoded by base64 will be converted into a string of 64 characters.

The base64 encoding and decoding of jwt tokens can be performed on the following website:
https://jwt.io/

Generate JWT based on Java code:
the payload part is stored in a hash table and constructed in the constructor mode.

The generated JWT can be parsed by the secret key within the expiration time:

if the token expires or is tampered with, it will be wrong!

Filter

Filter: Filter, which intercepts requests for resources to achieve some special functions. Filters generally complete some common operations, such as: login verification, Unicode processing, sensitive character processing, etc.

Steps to build interception:

1. Define Filter: Define the Filter class to implement the Filter interface and rewrite all its methods.
2. Configure Filter: Add @WebFilter annotation to the Filter class, configure the interception resource path, and add @ServletComponentScan to the boot class (where the main function is located) to enable Servlet component support.

Add attributes to the @WebFilter annotation urlPatternsto configure the intercepted request path.

Detailed explanation of Filter execution process

The Filter interface requires us to rewrite three methods:

• init: initialization, only executed once
• doFilter: Called after intercepting the request, it can be called multiple times, and the release request can be executed here chain.doFilter().
• destroy: The destruction method is called only once.
  
  

filter chain

The execution order priority of the filter chain is according to the natural ordering of the filter class name (string)

Login Verification Filter Process

interceptor

An interceptor is a mechanism similar to a filter, but the interceptor is provided by the Spring framework.

Using interceptors in Java:

1. Define the interceptor class to implement the HandlerInterceptor interface and override the method. Since the interceptor is provided by the Spring framework, @Componentannotations can be used directly to hand over the class to the container for management.
2. Register interceptor: use @Configutation annotation to declare a configuration class, implement the WebMvcConfigurerinterface in this configuration class, inject the above interceptor class using annotation AutoWired, and then add interception path mode to the interceptor class in the addInterceptors method.
   
   Interceptor mode:
   

The difference between filters and interceptors

• The interface specification is different: the filter implements the Filter interface, and the interceptor implements the HandlerInterceptor interface
• The scope of interception is different: the filter filter will intercept all resources, and the interceptor will only intercept resources in the Spring environment. If there are both filters and interceptors in the project, the filter filter will be executed first.

exception handling

In the spring framework, if an exception occurs, it will have an impact between layers. It is recommended to use a global exception handler to handle exceptions uniformly.

global exception handler

Use @RestControllerAdvice annotation.

Spring transaction management

Application case: When deleting a department, all employees under the department should be deleted at the same time.

Implementation method: using annotations. @Transactional
The annotations are placed on the methods, classes, and interfaces of the business layer (Service) layer.
Function: Hand over the current method to spring for transaction management. Before the method is executed, start the transaction. After successful execution, submit the transaction. If an exception occurs, roll back the transaction.

Enable log configuration for transaction management:

Advanced business

In the above case, we directly use the @Transactional annotation on the delete method to start a transaction.

By default, the exception is rolled back only when a runtime exception occurs. Specifying attributes in @Transactional rollbackForcan be used to control what type of exception occurs and roll back the transaction.

In addition to rollbackForattributes, the transaction annotation @Transactional can also specify propagation behavior propagationattributes.

The default transaction propagation behavior is to add the method to the existing transaction if there is a transaction, and create a new transaction if there is no transaction.

What's the problem?
Consider the following requirements:

because the operation log is required regardless of the success or failure of the transaction, then we should put the method of the operation log into the final in try-catch-finally to achieve it.

However, in the actual execution process, if the transaction execution fails, causing a rollback, the method of executing the operation log in the finally code block will also be rolled back!

The solution is:
the transaction annotation of the method of inserting the operation into the log, and specify the propagation mode as propagation = Propgation.REQUEST_NEW.
In this way, the method of operating the log will start a new transaction and will not be affected by the rollback of the failed transaction.

AOP (Aspect Oriented Programming)

AOP (Aspect Oriented Programming, Aspect-Oriented Programming) is actually method-oriented programming, which can be an enhancement of the original method or an adaptation of the original method.

AOP aspect-oriented programming is realized through the dynamic proxy mode.

AOP core concept

• Connection point: JoinPoint, a method that can be controlled by AOP (implies relevant information when the method is executed)
• Notification: Advice, which refers to the repeated logic, that is, the common function (finally embodied as a method)
• Pointcut: PointCut, matching the condition of the join point, the advice will only be applied when the pointcut method is executed. Usually pointcut expressions are used to match the cut-in method.
• Aspect: Aspect, describing the corresponding relationship between notification and entry point (notification + entry point)
• Target object: Target, the object to which the notification applies.

Advanced AOP

notification type

@PointcutPointcut expressions can be extracted via annotations . Then reuse where needed:

notification order

pointcut expression

execution

Match according to the return value, package name, class name, method name, method parameters and other information of the method, and use the execution

entry point expression wildcard:

annotation

An annotation is used to match methods identified with a specific annotation.

Define an annotation:

Add this annotation to the method that needs to be notified:

Junction

Used to get information about the actual running method.

Spring

configuration priority

Sping attribute configuration:

Bean management

Get Bean

Actual steps:

1. The applicationContext of the IOC container object is obtained by injection (using the annotation @Autowired).
2. The API provided by the applicationContext object gets the bean.
   

bean scope

The obtained bean object created by the default scope is a singleton, and you can use the @Scope annotation to configure the scope.

third-party beans

Third-party dependencies can also generate beans. Need to use @Bean annotation.

Principles of Spring Boot

SpringBoot simplifies the Spring Framework. The main principle is that the bottom layer provides starting dependencies and automatic configuration.

The principle of starting dependencies is Maven's dependency transfer.

Principle of automatic configuration

The startup class of the spring project will add annotations to the startup class by default @ComponentScan, scan the annotations under the package where the startup class is located Component, and add the class with the annotation to the IOC container.

Then, if the configuration class of the third-party library wants to realize automatic assembly, the first solution is to use annotation @ComponentScancomponent scanning.

But the disadvantage of this solution is that every time an annotation is declared @ComponentScan, all files under a package need to be scanned, which is cumbersome to use and has low performance.

Option 2: Use the @Import annotation.

• @Import can be declared on a normal class or on a configuration class annotated by @Configuration. can be directly imported into the IOC container.
• Create an import class and implement the ImportSelecter interface. The methods provided by this interface need to be rewritten to return the full class name string array that needs to be imported into the IOC container.
• In the above method, we need to know exactly which classes need to be imported into the IOC container. Third-party dependencies are actually the clearest which classes need to be imported into the IOC container. Therefore, third-party dependencies can provide annotations @EnableXxxx, which encapsulate @Importannotations. When we use it, we only need to add annotations to the startup class @EnableXxxx.
  

@SpringBootConfiguration

@SpringBootConfiguration annotation:

• The @ComponentScan annotation is integrated, so all classes containing the @Component annotation in the package where the startup class resides and subpackages are scanned.
• Integrate the @Configuration annotation, therefore, you can also configure @Bean for third-party dependency declarations in the startup class, which is also a configuration annotation.
• The most important thing: it contains the EnableAutoConfiguration annotation, which implements the return of the two files under the spring-boot-autoconfigure package in the form of a string list, and the records in these two files need to be imported into IOC The fully qualified class name of the container's class.
  

@Conditional

Judging according to certain conditions, the bean object will be registered in Spring's IOC container only after the given conditions are met.

• ConditionalOnClass: Determine whether the bytecode file exists in the environment, and then add the Bean to the IOC container.
  
• ConditionalOnMissingBean: Determine whether the bean exists in the environment, and if not, the bean will be registered in the IOC container.Generally used for default Bean declaration
• ConditionalOnProperty: Whether there are corresponding properties and values ​​in the configuration file, the Bean is registered in the IOC container.

custom starter

Naming convention:
Spring-boot-starter-function is the name of the startup dependency package officially provided by Spring.
The startup dependent package name provided by other technologies will put the function name first: function-spring-boot-starter

A custom starter needs to complete two packages: startup dependencies and automatic configuration, which respectively complete the dependency management function and automatic configuration function.

Case: Customizing the Alibaba Cloud OSS launcher

Step 1: Create two modules, Enabler and Autoconfig.

The launcher is dependent on auto-configuration:

Step 2: Complete the implementation of Alibaba Cloud OSS logic functions.

First import dependencies, including spring-web and Alibaba Cloud oss ​​dependencies:

realize the writing of the AliOSSUtills class, which needs to pass configuration information when using it.

Configuration information also needs to customize a class object, and its attribute values @ConfigurationProperties​​refer to the object attributes prefixed with "aliyun.oss" in the configuration file through annotations.

Step 3: Build the auto-configuration class.

Use the @EnableConfigurationProperties annotation to follow the automatic configuration path of spring, create a configuration file, and list the class names that need to be registered in the container: Step 4: Test use The

test
module only needs to introduce the starter module dependency just now.

In the configuration file, configure the configuration properties of Alibaba Cloud oss:

then it can be injected directly when using it!

Summarize