Spring Boot Basic

1. What is Spring Framework & Spring Boot?

• Spring Framework is a Java framework that provides infrastructure support for building enterprise-level applications. Its biggest feature is Inversion of Control (IoC): instead of you creating and wiring objects yourself (new SomeClass()), Spring creates and manages objects (beans) for you, injecting them where needed.

• Spring Boot is a tool built on top of Spring Framework that makes development much faster by:

  • Auto-configuring things (no XML configs anymore).
  • Providing “starter” dependencies (just add one line in pom.xml instead of 10).
  • Embedding Tomcat/Jetty so you can run apps with just java -jar.

Without Spring Boot, you’d need to manually configure database connections, servlet containers, and beans. With Spring Boot, it’s mostly automatic.

---

2. Spring Core

• IoC Container: A box that creates and manages your objects (beans).
• ApplicationContext: The main Spring container that loads bean definitions and wires dependencies.
• Bean Lifecycle: How beans are created, initialized, and destroyed.

Example:

@Configuration
public class AppConfig {
    @Bean
    public MessageService messageService() {
        return new MessageService();
    }
}

public class MessageService {
    public String getMessage() {
        return "Hello, Spring!";
    }
}

public class Main {
    public static void main(String[] args) {
        ApplicationContext context =
            new AnnotationConfigApplicationContext(AppConfig.class);

        MessageService service = context.getBean(MessageService.class);
        System.out.println(service.getMessage());
    }
}

Explanation:

• @Configuration tells Spring this class defines beans.
• @Bean registers a bean (MessageService) inside the container.
• ApplicationContext loads the beans and manages them.
• Instead of new MessageService(), we ask Spring for it (getBean).

Bean Scopes:

• singleton (default) → one instance for the whole app.
• prototype → new instance each time you ask for it.
• request → one per HTTP request (web apps only).
• session → one per user session.

---

3. Interceptors & Filters

• Filters (Servlet level): Work before a request even reaches Spring. Good for logging, authentication, etc.
• Interceptors (Spring MVC level): Work before/after controllers. Good for cross-cutting concerns like measuring execution time.

Example: Filter

@Component
public class LoggingFilter implements Filter {
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
        throws IOException, ServletException {
        System.out.println("Request received at: " + new Date());
        chain.doFilter(req, res);
    }
}

Explanation: Every request goes through this filter. It logs the time, then continues (chain.doFilter).

Example: Interceptor

@Component
public class RequestInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler) {
        System.out.println("Before Controller: " + req.getRequestURI());
        return true; // continue request
    }
}

Explanation: Before Spring MVC calls your controller method, this interceptor runs. You can stop the request by returning false.

---

4. Properties / YAML Files

Spring Boot uses application.properties or application.yml for configuration.

application.properties

server.port=8081
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.username=sa
spring.datasource.password=

Explanation:

• server.port=8081 → runs your app on port 8081.
• spring.datasource.url=... → configures database connection.

Spring Boot reads this automatically — no manual parsing required.

---

5. Dependencies

Example pom.xml:

<dependencies>
    <!-- Web Starter (REST APIs, Tomcat embedded) -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <!-- JPA + H2 -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>com.h2database</groupId>
        <artifactId>h2</artifactId>
        <scope>runtime</scope>
    </dependency>

    <!-- Security -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
</dependencies>

Explanation:

• spring-boot-starter-web gives you Spring MVC + Tomcat.
• spring-boot-starter-data-jpa gives you Hibernate + JPA.
• h2 gives you an in-memory database (great for testing).
• spring-boot-starter-security adds authentication & authorization.

---

6. H2 Database Configuration

application.properties:

spring.h2.console.enabled=true
spring.h2.console.path=/h2-console
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driver-class-name=org.h2.Driver

Explanation:

• spring.h2.console.enabled=true lets you open a web-based DB viewer.
• Visit http://localhost:8080/h2-console to see your in-memory DB.

---

7. Build a Todo REST API

Entity

@Entity
public class Todo {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String title;
    private boolean completed;
}

Explanation:

• @Entity maps this class to a DB table.
• @Id marks the primary key.
• @GeneratedValue lets DB auto-generate IDs.

Repository

public interface TodoRepository extends JpaRepository<Todo, Long> { }

Explanation:

• JpaRepository already provides methods like save(), findAll(), deleteById().
• No need to write SQL manually.

Controller

@RestController
@RequestMapping("/api/todos")
public class TodoController {
    @Autowired
    private TodoRepository repo;

    @GetMapping
    public List<Todo> getAll() {
        return repo.findAll();
    }

    @PostMapping
    public Todo create(@RequestBody Todo todo) {
        return repo.save(todo);
    }

    @PutMapping("/{id}")
    public Todo update(@PathVariable Long id, @RequestBody Todo todo) {
        todo.setId(id);
        return repo.save(todo);
    }

    @DeleteMapping("/{id}")
    public void delete(@PathVariable Long id) {
        repo.deleteById(id);
    }
}

Explanation:

• @RestController → class returns JSON.
• @RequestMapping("/api/todos") → all endpoints start with /api/todos.
• @GetMapping → returns all todos.
• @PostMapping → creates a todo (data comes from request body).
• @PutMapping → updates a todo.
• @DeleteMapping → deletes a todo by ID.

---

8. Basic Auth Security

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .authorizeHttpRequests(auth -> auth
                .requestMatchers("/api/**").authenticated()
                .anyRequest().permitAll()
            )
            .httpBasic();
        return http.build();
    }

    @Bean
    public UserDetailsService users() {
        UserDetails user = User.builder()
            .username("admin")
            .password("{noop}password") // {noop} = plain text
            .roles("USER")
            .build();
        return new InMemoryUserDetailsManager(user);
    }
}

Explanation:

• csrf().disable() disables CSRF protection (simplifies APIs).
• .httpBasic() enables HTTP Basic Auth → browsers prompt for username/password.
• InMemoryUserDetailsManager defines a test user (admin/password).
• Now, GET /api/todos requires authentication.