Eyal Lupu Software Blog

Introduction As a software architect one of the common tasks I have to deal with is web applications security. Usually I would try to make sure that security is automatically enforced by the infrastructure, however this is not always that easy – sometimes the underlying frameworks don’t provide any built in support or configuration which globally turns on a security attribute. This is why the new org.springframework.web.servlet.support.RequestDataValueProcessor interface in Spring MVC 3.1 seems to be very interesting: it provides a clean way to implement automatic CSRF protection.

One of the new features in Spring 3.0 is the Spring Expression Language (Spring EL or SpEL). While evaluation Spring 3.0 I was also checking out the SpEL capabilities, in this blog entry I'll try to cover some of the more interesting, and less obvious, features and aspects of the SpEL. The Basics In its basics SpEL is yet another Expression Language, similar to Unified EL, it supports expressions (no control statements in the language) mainly used to access bean properties, the Spring Expression Language can be used as part of the Spring bean factory configuration (XML or annotation based) but can also be evaluated directly by the application code - meaning we can read and evaluate expressions at runtime. Here is the most basic example of SpEL used in XML factory bean: <!-- Classic - Simple bean with random value --> <bean id="randomNumber" class="java.lang.Math" factory-method="random"/> <bean id="classicBean" class=...

Hi all, One of the new features in Spring 3.0 is REST support, REST clients can use the restTemplate class and server as part of the MVC framework. In chapter 18 of the 3.0.M3 documentation we can find a section describing content negotiation using the ContentNegotiatingViewResolver class. Lately I was invited to give a lecture about the new Spring 3.0 features and I prepared a detailed HOWTO example (if you want to skip the theory scroll down to HOTWO) of REST content negotiation which I decided to load to my blog, here it is What is Content Negotiation? Sometimes different HTTP clients would like to get different representations of a the same resource, for example the resource http://localhost/app/rest/users will list all of the users in a specific server - however one client would like to get the result as a XML document, another in a JSON format and the third as a human readable fancy HTML table - the process in which a client notifying the server about the preferred format (...

Hi, this one is about  Wicket  integration with  Spring . Wicket has a built-in integration with  Spring  using the wicket-spring module, but this module doesn't (or at least I didn't find any) support the usage of Spring's Application context as a Wicket message provider (as we know Spring application context is a org.springframework.context.MessageSource). Probably some, if not the most, of you think "what do I need this for?" well…here is a real life situation I've encountered: An existing application uses EJB3 (both entities and session beans), a Swing client, and it heavily usages  Spring . The  Spring's  ApplicationContext is also the messages provider for the application, using the standard ResourceBundleMessageSource, and it aggregates few property files: module-a module-b module-c module-d module-e And the requirement is: "we would like to add a...