On this page:
Target audience:
Users of the extension providing Spring MVC support for Web Services.
Summary: This document provides basic information about the extension providing Spring MVC support for Web Services.
What's new in 1.5.3
- Fire type links (fireLink, fireSelectLink, ...) from Spring Web Service Operations are substituted by callLinks to be consistent with the TCC configuration for transactions
- Update of dependency versions (solving related bugs)
What's new in 1.5.2
- better support for unicode
What's new in 1.5.1
- Major performance issue fixed
Description
This extension provides support for Spring MVC.
In what situation should you install this extension?
The main purpose of this extension is to create HTTP API entry points for JEE back-end applications that are used to create REST API Services. If you need to have links from a Client Front-end (see examples below) to the Spring MVC/JEE Back-end you should install this extension.
 |  |
| iOS Front-End Example | AngularJS Front-End Example |
Features
This extension handles Spring MVC Web Services used in JEE applications, for example:
@RequestMapping("/users")
public class UserController {
@RequestMapping(method = RequestMethod.GET, produces = "application/json; charset=utf-8")
@ResponseBody
public PagedResources<UserResource> collectionList(...){
...
}
For each class annotated with
- org.springframework.web.bind.annotation.RequestMapping (@RequestMapping )
- org.springframework.web.bind.annotation.GetMapping (@GetMapping )
- org.springframework.web.bind.annotation.PostMapping (@PostMapping )
- org.springframework.web.bind.annotation.PutMapping (@PutMapping )
- org.springframework.web.bind.annotation.DeleteMapping (@DeleteMapping )
org.springframework.web.bind.annotation.PatchMapping (@PatchMapping ),
the following will be done:
- a Web Service object will be created
- a Web Service Port object child of the web service will be created
- for each Method annotated with "Annotation"Mapping, the following will be created:
- a Web Service operation child of the Web Service Port with correct get/put/delete/post type
- a fire link from the Web Service operation to the method
Basic case @RequestMapping
The following Java code
@RequestMapping("/home")
public class HomeController {
@RequestMapping(value="/method0")
@ResponseBody
public String method0(){
return "method0";
}
}
will generate:
Several urls
The following Java code:
@RequestMapping("/home")
public class HomeController {
@RequestMapping(value={"/method1","/method1/second"})
@ResponseBody
public String method1(){
return "method1";
}
}
will generate one operation per url mapping:
Several methods
The following Java code:
@RequestMapping("/home")
public class HomeController {
@RequestMapping(value="/method3", method={RequestMethod.POST,RequestMethod.GET})
@ResponseBody
public String method3(){
return "method3";
}
}
will generate one operation per receiving method:
Spring 4 annotations
The syntax @GetMapping, @PostMapping, @PutMapping, @DeleteMapping, @PatchMapping are supported. Example with the following Java code:
@RestController
public class CustomerRestController {
@GetMapping("/customers")
public List getCustomers() {
// ...
}
@DeleteMapping("/customers/{id}")
public ResponseEntity deleteCustomer(@PathVariable Long id) {
// ...
}
}
will generate:
Property evaluation
Properties used inside annotations are evaluated by looking them into properties file. Example with the following Java code:
@RequestMapping("${my.home}")
public class HomeController {
@RequestMapping(value="${my.service1}")
@ResponseBody
public String method0(){
return "method0";
}
}
With properties file:
my.home=/home my.service1=/method0
will generate:
Support of thymeleaf
The following syntaxes are supported for thymeleaf templating:
<form ... th:action="@{/seedstartermng}"... method="post">
Will create a link from the HTML5 content to a call to a webservice with url '/seedstartermng'
'th:href' are also supported:
<... th:href="@{/css/stsm.css}"/>
Support for User Input Security
Service entry points are created automatically for applications that have a presentation layer based on SpringMVC with @RequestMapping (and associated annotations) usage. This can be seen in the analysis log file as follows:
2018-09-13 10:00:40,148 INFO SecurityAnalyzer.FlawAnalysisEnvironment LoadBlackboxesForApplication cast#spec cast#lib SpringMVCServiceEntryPoints
This corresponds to the generation of a file in the following location:
<BytecodeFolder>\com.castsoftware.springmvc\ServiceEntryPoints.blackbox.xml
Function Point, Quality and Sizing support
- Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
- Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
| Function Points (transactions) | Quality and Sizing |
|---|---|
 |  |
CAST AIP release | Supported |
|---|---|
| 8.3.x | |
| 8.2.x | |
| 8.1.x | |
| 8.0.x | |
| 7.3.4 and all higher 7.3.x releases | |
Supported DBMS servers
This extension is compatible with the following DBMS servers:
| CSS |  |
|---|---|
| Oracle | |
| Microsoft | |
Prerequisites
| An installation of any compatible release of CAST AIP (see table above) |
Dependencies with other extensions
Some CAST extensions require the presence of other CAST extensions in order to function correctly. The Spring MVC extension requires that the following other CAST extensions are also installed:
- Web services linker service (internal technical extension)
Download and installation instructions
Please see:
The latest release status of this extension can be seen when downloading it from the CAST Extend server.
CAST Transaction Configuration Center (TCC) Entry Points
In Spring MVC ≥ 1.3.x, if you are using the extension with CAST AIP ≥ 8.3.x, a set of Spring MVC specific Transaction Entry Points are now automatically imported when the extension is installed. These Transaction Entry Points will be available in the CAST Transaction Configuration Center:
Manual import action for CAST AIP ≤ 8.2.x
- Locate the .TCCSetup file in the extension folder: Configuration\TCC\Base_Java_SpringMVC.TCCSetup
- In the CAST Transaction Configuration Center, ensure you have selected the Templates node:
- This .TCCSetup file is to be imported into the CAST Transaction Calibration Center using either the:
- File > Import Configuration menu option:
- Or right clicking on the Template node and selecting Import Configuration:
- The import of the "Base_Java_SpringMVC.TCCSetup" file will provide you with a sample Transaction Entry point in the Free Definition node under Templates:
- Now right click the "Standard Entry Point" item and select copy:
- Paste the item into the equivalent node under the Application, for example, below we have copied it into the Application MEUDON:
- Repeat for any additional items or generic sets that have been imported from the .TCCSetup file.
Packaging, delivering and analyzing your source code
Once the extension is installed, no further configuration changes are required before you can package your source code and run an analysis. The process of packaging, delivering and analyzing your source code does not change in any way:
- Package and deliver your application (that includes source code which uses Spring MVC) in the exact same way as you always have.
- Analyze your delivered application source code in the CAST Management Studio in the exact same way as you always have - the source code which uses Spring MVC will be detected and handled correctly.
Log messages
Warnings
| Message ID | Message Type | Logged during | Impact | Remediation | Action |
|---|---|---|---|---|---|
| SPMVC-001 | Warning | Analysis | Various | None | Contact CAST Technical Support |
| SPMVC-002 | Warning | Analysis | A property could not be found so we could not determine the name of a service. | Provide properties file with the value |
AIA expectations
At the end of the log file you will find a message indicating how many services have been found:
5 Spring-MVC web service operations created.
Note on JEE analyser warnings
The JEE analyser will complain that some annotations specific to SpringMVC are not handled by an environment profile while they are handled by this extension; you can simply ignore these warnings:
Warning MODULMSG ; Job execution Annotation 'org.springframework.web.bind.annotation.RequestMapping' is not managed in Environment Profiles Warning MODULMSG ; Job execution Annotation 'org.springframework.web.bind.annotation.GetMapping' is not managed in Environment Profiles ...
What results can you expect?
Once the analysis/snapshot generation has completed, HTTP API transaction entry points will be available for use when configuring the CAST Transaction Configuration Center. In addition, you can view the results in the normal manner (for example via CAST Enlighten).
Click to enlarge:
Objects
Server side
The following objects are displayed in CAST Enlighten on the Java side:
| Icon | Description |
|---|---|
 | Spring MVC Delete Operation Service |
 | Spring MVC Get Operation Service |
 | Spring MVC Post Operation Service |
 | Spring MVC Put Operation Service |
 | Spring MVC Port |
 | Spring MVC Service |
Rules
None.
Known limitations
- any other HandlerMapping than
RequestMappingHandlerMapping
