SSM framework introduced
(1) persistence (Mybatis): Dao layer (Mapper)
DAO layer: DAO layer is mainly done work data persistence layer, is responsible for some liaison tasks are encapsulated in this database.
DAO layer is designed first and foremost designed DAO interface.
Then define classes that implement this interface in Spring configuration file.
Then you can call this interface module for processing data traffic, without concern for this particular interface implementation class is which class, it is very clear structure.
DAO source configuration data layer, and the parameters relating to database connections are configured in Spring configuration file.
(2) the business layer (Spring): Service Layer
Service Layer: Service layer is responsible for application design business logic module.
First, the interface design, re-design class of its implementation.
Then configure associated with its implementation in the Spring configuration file. So that we can call the Service interface applications to business processes.
Business Service layer implementation, specific interfaces DAO layer has been defined to be called to.
Service package business logic layer in favor of the independence of the common business logic and reusability, the program is very simple.
(3) the presentation layer (springMVC): Controller layer (Handler layer)
Controller Layer: Controller layer is responsible for control module specific business processes.
Inside this layer to layer Service call interface to control business processes.
Configuration control is also carried out in which Spring configuration file for the specific business processes, have different controllers, the process may be summarized in the abstract the specifics of our design process, design process modules may subunit reused , so that not only the structure of the program became clear, also greatly reduces the amount of code.
(4) the view layer: View layer
View layer: View layer more closely combined with the control layer needs to combine the two cooperative work hair. View layer is mainly responsible for representation reception jsp page.
SSM Framework face questions
1, how to understand the Spring?
2, tell us about the Spring of things management
3, SSM advantages and disadvantages, usage scenarios?
4, MyBatis What is the difference in use # and $ write placeholder?
5. Explain the role of MyBatis namespace (namespace) of.
6. What is the IoC and DI? DI is how to achieve?
7, explain what AOP (Aspect Oriented Programming)?
8. How do you understand the "cross-cutting concerns," the concept?
9. How do you understand the connection point (Joinpoint) AOP in the cut point (Pointcut), enhanced (Advice), introducing (Introduction), weaving (Weaving), section (Aspect) these concepts?
10, Spring's transaction management support What types? Which way you use in your project?
11, Spring MVC works is like?
12. What is XSS attack?
13, SQL injection attacks?
14. What is CSRF attack?
15, a brief Mybatis, secondary cache
16, JDBC programming what shortcomings, how MyBatis is to solve these problems?
Frame parsing face questions SSM
1, how to understand the Spring?
Specifically Spring is a lightweight container for managing business related objects. The core functions mainly: IOC, AOP, MVC.
IOC: Inversion of Control, the creation of an object to a container, so that the life cycle management of container objects such as creation, initialization, destruction and so on.
AOP: Aspect Oriented Programming, focus on modular, by programming a feature point, such as logging, there are many classes need to log method of recording, logging proxy method is created, you need to call this function is just call the proxy method, which is AOP.
MVC: Web framework SpringMvc, Spring offer based on MVC pattern design, now one of the relatively popular frameworks.
2, tell us about the Spring of things management
The transaction is a series of database operations (such as insert multiple data) unified commit or rollback, if you insert success, then together, if there is a middle of an exception, so all operations before the rollback. This will prevent dirty data, database data to prevent problems.
To avoid this development generally transaction management. Spring also has its own transaction management mechanism, generally using TransactionMananger management, this function can be done by Spring injection.
Spring transaction management supports the following two ways:
Programmatic transaction management: This means that you can bring a great deal of flexibility programmatically manage affairs in this way, but it is difficult to maintain.
Declarative transaction management: This approach means that you can separate transaction management and business code. You only need annotations or XML configuration management affairs.
Generally choose declarative transaction management, because in this way and less associated with the application.
3, SSM advantages and disadvantages, usage scenarios?
Different (1) Mybatis and hibernate, it is not exactly an ORM framework, because MyBatis require programmers to write their own Sql statement, but mybatis can be flexibly configured to run sql statement by way of XML or annotation, and java objects and mapping sql statement generating sql executed last, the final results will then map generation performed sql java object.
(2) Mybatis learning threshold is low, easy to learn, programmers write directly to the original ecology sql, sql execution performance can be strictly controlled, high flexibility, ideal for less demanding on the relational data model of software development, such as the Internet software business operations class software, as such software requirements change frequently, but the needs of a rapid change in output required outcomes. But that flexibility can not be done on the premise that mybatis database-independent, supports multiple databases need to implement if the software you need to customize sets of sql mapping file, the heavy workload.
(3) Hibernate object / relational mapping capabilities strong, independent of the database is good for high-relational model requires software (such as fixed demand customized software) if hibernate developers can save a lot of code and improve efficiency. But learning Hibernate high threshold, higher threshold to master, and how design O / R mapping, how to balance between performance and object model, and how to make good use of Hibernate need to have strong experience and ability to the job.
(4) In summary, in accordance with the needs of users in resource-limited settings can be made as long as maintenance, scalability good software architecture is good architecture, it is only suitable framework is the best.
4, MyBatis What is the difference in use # and $ write placeholder?
A: # incoming data as a string, the incoming data will automatically add quotation marks; $ incoming display data directly generated SQL.
Note: Use KaTeX parse error: Expected 'EOF' , got '#' at position 21: ... will lead to SQL injection attacks, do not place the # can use , when written order by clause should be used rather than the $ # .
5. Explain the role of MyBatis namespace (namespace) of.
A: In large projects, there may be a large number of SQL statements, this time from a unique identification (ID) for each SQL statement becomes not easy. To solve this problem, in MyBatis, you can play a unique namespace for each mapping file, so that each SQL statement is defined in the map file has become the definition of an ID in this namespace. As long as we can ensure that every namespace this ID is unique, even in the same statement ID different mapping file, it will not produce a conflict.
6. What is the IoC and DI? DI is how to achieve?
A: IoC called inversion of control, is Inversion of Control is an abbreviation, DI (Dependency Injection) called dependency injection, IoC is a simpler interpretation. The call control right inversion is traditionally controlled by the program object code directly to the container, and the assembly is achieved through the container management object assembly. The so-called "inversion of control" that is, the transfer of control of the Component Object, transferred from the program code itself to the outside of the container, the container to create objects and manage dependencies between objects. IoC embodies the Hollywood principle - "Don'tcallme, we willcallyou". The basic principle is that dependency injection application components should not be responsible for finding resources or other collaborative object depends. Configuration object work should be the responsibility of the vessel, the logic should look for resources extracted from the code application components, the container to be done. DI is a more accurate description of the IoC, i.e. dependencies between components at runtime determined by the container, for the image, i.e., the injection of a certain dependency of the container into the dynamic component.
7, explain what AOP (Aspect Oriented Programming)?
A: AOP (Aspect-Oriented Programming) refers to a programming paradigm, which is configured in a language paradigm called facets (Aspect) as the basis, a new section is modular mechanism to be described in dispersed crosscutting concerns (crosscutting concern) objects, classes or methods.
8. How do you understand the "cross-cutting concerns," the concept?
A: "crosscutting concerns" will affect the functionality of the entire application concerned, it is with normal business logic is orthogonal, not necessarily linked, but almost all of the business logic functions are related to these concerns. Typically, the transaction log, and safety concerns crosscutting concerns is the function of the application.
9. How do you understand the connection point (Joinpoint) AOP in the cut point (Pointcut), enhanced (Advice), introducing (Introduction), weaving (Weaving), section (Aspect) these concepts?
A:. A connection point (Joinpoint): a specific position of program execution (such as: before a method call, after call, after the method throws an exception). Class or a specific section of the program code has a boundary point having properties, in particular point code is the point of attachment. Spring supports only connection point methods.
b tangent point (Pointcut):. If the connection point corresponding to record data, then the point of tangency corresponding to the query conditions, a cut point may match a plurality of connection points. Spring AOP rule parsing engine query is responsible for parsing cut-off point set, find the corresponding connection point.
. Enhanced C (Advice): enhancement is woven into a program code on the connection point of the target class. Spring provides enhanced interfaces are with the orientation of the names, such as: BeforeAdvice, AfterReturningAdvice, ThrowsAdvice and so on. A lot of information will enhance translated as "notice" this is obviously lied in translation, so many programmers confused for a long time.
Description: Advice in a lot of written information in the country have been translated as "notice", but it is clear that this translation can not express its nature, will have a small amount of reading material for the translation of the word "enhanced", this translation is more accurate Advice interpretation, we crosscutting concerns by AOP features added to the original business logic, this is a logical enhancement of existing business, this enhancement can be enhanced front, rear enhancement, after returning enhanced Throws when enhancement and surround-type enhancement.
d introduce (Introduction):. introducing a special reinforcement, which add some properties and methods for the class. In this way, even if one had no business class implements an interface, by introducing the function, you can not add dynamic class implements the business logic interface, allowing business class become the class that implements the interface.
. E weaving (Weaving): weaving the reinforcing is added to the process-based target specific point of attachment, AOP weaving three ways:
① compile-time weaving: the need for special Java compile time (such as AspectJ's ajc);
② Load of weaving: requires special class loader, class enhanced when loading the class;
③ weaving Runtime: generating agent for enhanced target classes at runtime. Spring uses dynamic proxy approach to achieve the weaving operation, and using the compile AspectJ weaving and weaving manner of loading.
f section (Aspect):. tangent point and the cut is enhanced (introducing) composition, which comprises the definition of crosscutting concerns function, including the definition of the point of attachment.
10, Spring's transaction management support What types? Which way you use in your project?
A: Spring support programmatic transaction management and declarative transaction management. Many users of the Spring Framework choose declarative transaction management, because in this way and less associated with the application, and therefore more in line with the concept of lightweight containers. Declarative transaction management is better than programmatic transaction management, although it was weaker than in terms of flexibility programmatic transaction management, because programmatic transaction allows you to control traffic through code.
11, Spring MVC works is like?
(1) All client requests are handed over to the front controller DispatcherServlet to deal with, it will be responsible for calling the system's other modules to really deal with the user's request.
(2) DispatcherServlet after receiving the request, according to the information request (including the URL, HTTP protocol methods, request header, the request parameters, Cookie, etc.), and arranged to find HandlerMapping Handler process the request (any object can be used as a request Handler).
(3) Spring HandlerAdapter be encapsulated by the processor in this place.
(4) HandlerAdapter is an adapter, which call for a variety of Handler Methods with a unified interface.
After (5) Handler to complete processing requested by the user, a return to the DispatcherServlet ModelAndView object,
ModelAndView name suggests, contains the information model and the data of the corresponding view.
(6) ModelAndView of view is the logical view, DispatcherServlet but also with ViewResolver complete work from the logical view to resolve the real view of the object.
(7) obtained when the real view object, DispatcherServlet model data will be rendered using the view object.
(8) clients get a response, it may be a normal HTML page, or XML or JSON string can also be a picture or a PDF file.
12. What is XSS attack?
A: XSS (Cross Site Script, cross-site scripting attacks) is to inject malicious script execution attacks malicious script in the user's browser when the user to browse the web page. Cross-site scripting attacks divided into two forms: a reflective type attack (entice users to click on a link embedded in a malicious script to achieve the target of attack, there are many attackers use forums, microblogging publishing URL containing malicious script belongs to this database mode) and durable type attack (to submit malicious script to the attack site, when users browse the web, malicious scripts loaded from the database to the page execution, an earlier version of QQ-mail once being used as a durable type cross-site scripting attack of the platform). Although XSS is not a new thing, but the way the attack was ever-changing, there are two main aspects to prevent XSS: disinfection (to escape dangerous characters) and HttpOnly (Cookie prevent XSS attacks to steal data).
13, SQL injection attacks?
A: SQL injection attacks are the most common form of injection attack (in addition to OS injection attacks (Struts 2 high-risk vulnerabilities is through the implementation of OS OGNL injection attacks caused)), when the server request parameters using SQL statement is constructed, malicious SQL It is embedded into the SQL database to perform. SQL Injection attack requires the attacker to carry out in order to understand the database structure, the attacker wants to get a table structure a number of ways:
(1) If you build a website using open source system, the database structure is open (there are many ready-made system can be directly set up the forum, electricity's website, although the risk is convenient but must be carefully assessed);
(2) Echo error (an error message if the server is displayed directly on the page, an attacker could trigger a page fault by illegal parameter to understand the structure of the database by an error message, Web application should be set up friendly error page, on the one hand meet the minimum surprise in principle, on the one hand block out potentially dangerous errors to echo information system);
(3) the blinds. To prevent SQL injection attacks disinfection way can also be used by regular expressions to validate the request parameters, in addition, is also a good parameter binding means, such as a malicious SQL is SQL parameters rather than command is executed, JDBC in the statement is the PreparedStatement object supports parameter binding, from the performance and security are much better than statement.
14. What is CSRF attack?
A: CSRF attacks (Cross Site Request Forgery, CSRF) is a cross-site request by the attacker, illegal operation (such as transfer or posting, etc.) in a legitimate user. CSRF principle is to use the Session Cookie browser or server, identity theft, the principle shown below. CSRF prevention is the primary means of identification of the requester, mainly in the following ways:
(1) tokens in the form (token);
(2) codes;
(3) check request header Referer.
Tokens and authentication features have a consumer, so consistent in principle, but the code is a poor user experience, do not use this code is not necessary under the circumstances, the current practice is that if many sites in short many times before submitting a request form does not succeed within the time code, you will get a better user experience.
15 Mybatis a brief, two cache
1) a cache: a HashMap based PerpetualCache local cache, which stores a scope of Session, Session after the flush or close, all of the Cache will be cleared in the Session.
2) a secondary cache and cache the same mechanism, but also using default PerpetualCache, HashMap stored, it is stored in a different scope as Mapper (Namespace), and may be custom storage source, such as Ehcache. To enable a second level cache, you need to add one line to your SQL Mapping file:
3) For data cache update mechanism, when performing the C / U / D operation of a certain scope (a cache Session / secondary cache the Namespaces) after default select the scope of all the cache will be clear.
16, JDBC programming what shortcomings, how MyBatis is to solve these problems?
(1) create a database link, the release of frequent system resources are wasted thus affecting the performance of the system, if you use a database connection pooling solve this problem.
Solution: Configure Data Link SqlMapConfig.xml pool, use the connection pool management database links.
(2) Sql statement written in the code caused the code is not easy to maintain, practical application sql change may be larger, sql changes need to change the java code.
Solution: Configure the Sql statement separate from the java code XXXXmapper.xml file.
(3) pass parameters to the trouble sql statement, because where conditions are not necessarily sql statement, may be more or less a placeholder and required parameters one by one.
Solve: Mybatis automatically map the java object to sql statement.
(4) Analytical results set trouble, sql parsing code change results in a change, and the need to resolve the traversal, if the database record can resolve objects pojo packaged into convenient.
Solve: Mybatis automatically map the results to sql java objects.
Additional reference answer
Frequent create a data connection, close the resource, resulting in decreased performance, using data library connection pool to solve this problem with the database connection pool. C3p0 DBCP database connection pool configuration in SqlMapConfig.xml
Jdbc programming sql maintainability is not high. Mybatis using configuration files the way to solve the problem sql maintainable
Mapper.xml disposed in, and is code-sql increases the maintainability
Jdbc pass parameters too much trouble. Sometimes multi-parameter, parameters and placeholders to-one correspondence.
Type paremterType Mybatis parameters defining input statement of
Analytical results is too much trouble. Mybatis use resultType automatically mapped to pojo addressed in the analysis result jdbc trouble
