...
| Code Block | ||
|---|---|---|
| ||
@RequestMapping("/home")
public class HomeController {
@RequestMapping(value="/method0")
@ResponseBody
public String method0(){
return "method0";
}
} |
will generate:
Several urls
The following Java code:
...
will generate one operation per url mapping:
...
Several methods
The following Java code:
...
will generate one operation per receiving method:
...
Spring 4 annotations
The syntax @GetMapping, @PostMapping, @PutMapping, @DeleteMapping, @PatchMapping are supported. Example with the following Java code:
| Code Block | ||
|---|---|---|
| ||
@RestController
public class CustomerRestController {
@GetMapping("/customers")
public List getCustomers() {
// ...
}
@DeleteMapping("/customers/{id}")
public ResponseEntity deleteCustomer(@PathVariable Long id) {
// ...
}
} |
will generate:
Property evaluation
...
| Code Block | ||
|---|---|---|
| ||
my.home=/home my.service1=/method0 |
will generate:
...
SimpleUrlHandlerMapping
The SimpleUrlHandlerMapping mapping class allows to specify the mapping of URL patterns to handlers (methods of Controllers). This class can be declared using XML bean definitions in at least three different ways as shown below (all of them being supported). Only the servlet XML files explicitly or implictly (default) referenced in the web.xml deployment configuration file are considered. For each URL path we will create a different Spring MVC Any Operation object.
Method 1
| Code Block | ||
|---|---|---|
| ||
<beans ...>
<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="urlMap">
<map>
<entry key="/home.htm">
<ref local="homeController"/>
</entry>
...
</map>
</property>
</bean>
<bean id="homeController" class="com.castsoftware.example.HomeController" />
</beans> |
Method 2
| Code Block | ||
|---|---|---|
| ||
<beans ...>
<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<value>
/home.htm=homeController
...
</value>
</property>
</bean>
<bean id="homeController" class="com.castsoftware.example.HomeController" />
</beans> |
Method 3
| Code Block | ||
|---|---|---|
| ||
<beans ...>
<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="home.htm">homeController</prop>
...
</props>
</property>
</bean>
<bean id="homeController" class="com.castsoftware.example.HomeController" />
</beans> |
| Code Block | ||
|---|---|---|
| ||
<bean id="manageSomeController"
class="com.cingular.km.lbs.gearsadmin.web.controller.DTVAddressDataController ">
...
<property name="methodNameResolver">
<bean
class="org.springframework.web.servlet.mvc.multiaction.PropertiesMethodNameResolver">
<property name="mappings">
<props>
<prop key="/*/deleteAddress">deleteAddress</prop>
... |
Creation of links between web service operations and controller methods
When defining a URL mapping to a given controller class, each type of controller (determined by its ancestors) can have a set of overridden methods to further customize the response behavior to a URL loading. These methods are usually called by the framework itself (such as onSubmit in the SimpleFormController). The com.castsoftware.springmvc analyser will create a callLink from the Spring MVC Any Operation object and to each of the overridden methods of the corresponding controller. Potential overriding of default intra-method calls is ignored. When using the XML property PropertiesMethodNameResolver, the CallLinks are created to the explicitly referenced callback methods (custom methods added to the controller class). For example, returning to the code snippet above illustrating the use of the methodNameResolver property, we can observe a reference to the method of the controller defined below:
| Code Block | ||
|---|---|---|
| ||
public class DTVAddressDataController extends MultiActionController {
public ModelAndView deleteAddress(HttpServletRequest request, HttpServletResponse response) throws Exception {
....
}
...
} |
The corresponding link would appear as below:
Note that the Spring MVC Any Operation will be created below the same Java File (denoted by the Belong link) where the referenced controller is found. In addition to the above mentioned links, a callLink from the Spring MVC Any Operation object to the controller class' constructor method (if present) will be created when using the above mentioned Method 1-2-3 mapping approaches.
Support of BeanNameUrlHandlerMapping, ControllerClassNameHandlerMapping
These similarly work by configuring web services via xml files (web.xml, dispatcher-servlet.xml, ...) as SimpleUrlHandlerMapping (see above), but with different rules.
Support of thymeleaf
The following syntaxes are supported for thymeleaf templating:
| Code Block |
|---|
<form ... th:action="@{/seedstartermng}"... method="post"> |
Will create a link from the HTML5 content to a call to a webservice with url '/seedstartermng'
'th:href' are also supported:
| Code Block |
|---|
<... th:href="@{/css/stsm.css}"/> |
Support for User Input Security
Service entry points are created automatically for applications that have a presentation layer based on SpringMVC with @RequestMapping (and associated annotations) usage. This can be seen in the analysis log file as follows:
| Code Block | ||
|---|---|---|
| ||
2018-09-13 10:00:40,148 INFO SecurityAnalyzer.FlawAnalysisEnvironment LoadBlackboxesForApplication cast#spec cast#lib SpringMVCServiceEntryPoints |
This corresponds to the generation of a file in the following location:
| Code Block | ||
|---|---|---|
| ||
<BytecodeFolder>\com.castsoftware.springmvc\ServiceEntryPoints.blackbox.xml |
| Info |
|---|
| Note that while the ServiceEntryPoints.blackbox.xml file is generated when the extension is used with any release of CAST AIP, it will only be exploited by the CAST User Input Security feature in CAST AIP ≥ 8.3.3. |
Function Point, Quality and Sizing support
...