Article directory
-
- 1.What is SpringBoot?
- 2. Why do you need Spring Boot?
- 3. What are the characteristics of SpringBoot?
- 4.What are the two strategies of SpringBoot?
- 5. Tell us about SpringBoot’s automatic assembly process?
- 6. Tell me what is a Bean?
- 7. What is a CSRF attack? How to avoid it?
- 8. What are the formats of Spring Boot configuration files? What's the difference between them?
- 9.Is Spring Boot compatible with old Spring projects?
- 10.How do you understand the Spring Boot configuration loading order?
- 11.What embedded web containers does Spring Boot support?
1.What is SpringBoot?
Spring Boot is an open source framework used to simplify Spring application development. It is based on the Spring framework and provides a faster, more convenient and automated way to build and deploy Spring applications. The goal of Spring Boot is to reduce the complexity of Spring application development, increase productivity, and provide a common set of configurations by default to reduce boilerplate code.
2. Why do you need Spring Boot?
- Simplified configuration: Default configuration and automatic configuration reduce the need for cumbersome XML configuration files and code settings, making development simpler and more efficient.
- Rapid Development: Out-of-the-box templates and components allow you to quickly start new projects, while a built-in web server is provided to run applications without manual configuration.
- Integration: Integrates with many commonly used libraries and frameworks, making integration with various data stores, message queues, security and cloud services easier.
- Microservice support: Spring Boot provides good support for building microservice architecture, allowing developers to easily create, deploy and manage distributed applications.
- Automated tasks: Spring Boot supports scheduled tasks, batch processing and other automated tasks, allowing developers to handle background processing and scheduling more easily.
- Ecosystem: With a huge ecosystem and active community support, you can obtain a large number of extension modules and documentation resources.
- Openness: Developers choose their favorite development tools and supports multiple build tools such as Maven and Gradle.
3. What are the characteristics of SpringBoot?
- Auto-Configuration: Spring Boot attempts to configure Spring applications based on the project's dependencies and resources on the classpath through automatic configuration. This means that developers do not need to manually configure a large number of Spring configuration files, Spring Boot will automatically configure the application based on the environment and dependencies.
- Starter Dependencies: Spring Boot provides a set of predefined "starter dependencies" that contain specific types of functions and libraries and can be added to the project as needed. Starter dependencies simplify dependency management and make building Spring applications more convenient.
- Embedded Servlet containers such as Tomcat or Jetty;
- Production-Ready: Spring Boot provides a set of functions, such as health checks, indicator monitoring, remote configuration, etc., to help turn applications into a production-ready state. The Spring Boot Actuator module provides these functions.
- External configuration: Spring Boot supports separating the application configuration from the code, which can be configured through property files, YAML files, environment variables, etc. This makes the application easier to configure and manage.
- No code generation and XML configuration required: Spring Boot uses a Java-based configuration method, reducing the use of XML configuration files. At the same time, it simplifies development through conventions and default configurations, eliminating the need to generate a lot of boilerplate code.
- Ecosystem: Spring Boot has a powerful ecosystem, including a large number of plug-ins and extensions for integrating various databases, message queues, security and other functions.
4.What are the two strategies of SpringBoot?
(1) Using
Outofbox out of the box refers to adding relevant dependency packages to the pom file of the MAVEN project during the development process, and then using corresponding annotations to replace cumbersome XML configuration files to manage the life of the object. cycle. This feature allows developers to get rid of complex configuration work and dependency management work, and focus more on business logic.
(2)
Convention over configuration is a software design paradigm in which SpringBoot itself configures the target structure and developers add information to the structure. Although this feature reduces some flexibility and increases the complexity of BUG location, it reduces the number of decisions developers need to make, reduces a large amount of XML configuration, and allows the code to be compiled, tested, and packaged. Work automation.
5. Tell us about SpringBoot’s automatic assembly process?
- When it comes to the Springboot automatic assembly process, it is inseparable from Springboot's core annotation @SpringbootApplication, which is a compound annotation. It consists of the following annotations:
@EnbaleAutoConfiguration automatic assembly annotation. Springboot can easily inherit other third-party frameworks through this annotation. For example, if you write a JDBC framework yourself and want to integrate it, you need this annotation.
The main job of the @ComponentScan annotation is to scan classes or methods annotated with @Service, @Controller, etc. After scanning, the Springboot framework will be notified to generate an object. Dependency injected beans are scanned by this annotation. - The @EnbaleAutoConfiguration annotation was mentioned above, which is also a composite annotation. It consists of the following annotations:
The @Import annotation imports a Java class EnbaleAutoConfigurationImportSelector.class. Import configuration.
EnbaleAutoConfigurationImportSelector, this is an automatic configuration import selector. Its function is to configure the selector according to the convention. This provision is to select according to your own needs in Spring.factories under META-INF. This is a characteristic of Springboot – convention is greater than configuration. - EnbaleAutoConfigurationImportSelector inherits the AutoConfigurationImportSelector class. There is a method in the class:
selectImports method, which is called
List<String> configurations = this.getCandidateConfigurations(annotationMetadata, attributes);
- The loadFactoryNames method is called in the getCandidateConfigurations method. This method details the source of the configuration items that need to be loaded. The source code is as follows:
public static List<String> loadFactoryNames(Class<?> factoryClass, ClassLoader classLoader) {
String factoryClassName = factoryClass.getName();
try {
Enumeration<URL> urls = classLoader != null ? classLoader.getResources("META-INF/spring.factories") : ClassLoader.getSystemResources("META-INF/spring.factories");
ArrayList result = new ArrayList();
while(urls.hasMoreElements()) {
URL url = (URL)urls.nextElement();
Properties properties = PropertiesLoaderUtils.loadProperties(new UrlResource(url));
String factoryClassNames = properties.getProperty(factoryClassName);
result.addAll(Arrays.asList(StringUtils.commaDelimitedListToStringArray(factoryClassNames)));
}
return result;
} catch (IOException var8) {
throw new IllegalArgumentException("Unable to load [" + factoryClass.getName() + "] factories from location [" + "META-INF/spring.factories" + "]", var8);
}
}
Automatic assembly diagram after SpringBoot1.5 version:
Before SpringBoot1.5:
6. Tell me what is a Bean?
Beans are just ordinary Java objects. In the Spring Boot context, they are treated as Java objects + objects that are automatically initialized when the application starts and managed by the Spring IOC container. We have the "@Bean" annotation to achieve this.
7. What is a CSRF attack? How to avoid it?
In a CSRF attack, the attacker attempts to exploit the user's identity to perform unauthorized operations by tricking the user into performing malicious operations while logged in without their explicit authorization.
- Use CSRF token: Generate a random CSRF token for each user session and embed it in the form or include it in the request header. The server verifies that the CSRF token matches the user's session when receiving the request and rejects the request if it does not match.
- Check the Referer header: The server can check the Referer header of the request to ensure that the request comes from a legitimate website. But this is not a completely reliable method because some browsers may not send the Referer header, or an attacker can forge the Referer header.
- Same-Origin Policy: Web browsers implement a same-origin policy to restrict cross-domain requests. Therefore, ensure that sensitive operations are only accessible from specific domains or subdomains to reduce the risk of cross-site request forgery.
8. What are the formats of Spring Boot configuration files? What's the difference between them?
There are mainly .propertiesand .ymlformat. The main difference between them is the writing format. Additionally, .yml the format does not support @PropertySourceannotation import configuration.
9.Is Spring Boot compatible with old Spring projects?
To be compatible, use the @ImportResource annotation to import the old Spring project configuration file.
10.How do you understand the Spring Boot configuration loading order?
The Spring Boot configuration loading order priority is: propertiese files, YAML files, system environment variables, and command line parameters.
11.What embedded web containers does Spring Boot support?
Tomcat、Jetty、Undertow。