Spring Config Client XML equivalent of #RefreshScope - spring

We have an existing Spring MVC application (non Spring-boot application) with all (or most) of the beans configured in the XML. We wanted to use this as a Spring Cloud Config Client (we have a Spring Boot application acting as config server).
In this regard, what is the XML equivalent of configuring the beans in XML with refresh scope (same as #RefreshScope annotation). Tried configuring the RefreshScope as bean and using scope="refresh" but could see that the beans are not reflected with new values after peforming /refresh endpoint (from actuator)
Any help on this is highly appreciated

As pointed out in other answers 'refresh' scope is just another scope. However there's an issue where the bean properties are not updated with new values after /refresh call - if you define and inject properties in XML. More on the issue here. However the bean (i.e. actually the proxy) is instantiated after each /refresh call - but you need "aop:scoped-proxy" config since bean to which you inject the 'refresh' scoped bean, could be on a different scope. i.e.
<bean name="xmlValueBean" class="me.fahimfarook.xml.XMLValueBean" scope="refresh">
<aop:scoped-proxy proxy-target-class="true" />
</bean>

Well if you want to use #RefreshScope in core Spring(also Spring MVC) as people already pointed out, you have to implement the scope yourself also.
I also had the same dilemma and I did, I also wrote a blog about it, you can find there all the implementation details.
You can also use Spring Boot Configuration Server with your Spring MVC application, if you like to.
#RefreshScope for Spring MVC

#RefreshScope is just another scope. Look at how the RefreshScope class is implemented. It is creating a new scope named "refresh".
That means you should be able to use the new scope in your XML configuration, like this.
<bean id = "..." class = "..." scope = "refresh">
</bean>

Related

Is there an annotation equivalent to the Spring AOP aop:include configuration for autoproxies

When specifying the XML configuration below:
<aop:aspectj-autoproxy>
<aop:include name="myBean" />
</aop:aspectj-autoproxy>
We all know that the #EnableAspectJAutoProxy annotation is the equivalent to the aspectj-autoproxy XML configuration but is there a java-based annotation equivalent for the aop:include XML configuration? I searched extensively and could not find.
Normally you tell Spring that you are using a particular feature, like Transaction management and it will create the proxies needed.
For instance #EnableTransactionManagement will cause Spring to create proxies for Components (services, controllers and repositories) which use #Transactional, you don't need to declare this, Spring automatically finds the beans that need to be proxied.
It works the same way with #EnableScheduling causing Spring to detect #Scheduled methods, and #EnableCaching to detect #Cached method.

Purpose of using #Configuration annotation

I have created a spring mvc based application but I didn't use this #Configuration annotation. What is the purpose of using #Configuration annotation? By using this, what are we communicating to springMVC container?
Assuming your application is using xml configuration rather than AnnotationConfig so it is not loaded to ApplicationContext at all.
#Configuration is used when ApplicationContext has been initialized and bean registration.
#Configuration annotation is a core Spring annotation, and not Spring MVC. It is a core entry point to configuring Spring-based application using Java config instead of XML config.
Please, use Spring Documentation more often because it is a place where you will find answers to most of your questions. Like this one:
Indicates that a class declares one or more Bean #Bean methods and may
be processed by the Spring container to generate bean definitions and
service requests for those beans at runtime

Hard?: Spring security on classes that are not Spring Beans?

Definitely need some expert help with this! I think this is mainly a Spring Security question, but as I don't know for sure, so I am also tagging with the general Spring tag!
When the Application Context is loaded (mine is all via Java Config, though I don't believe that matters), the "DefaultListableBeanFactory" is processed and eventually (via the ProxyFactory) Spring Security Advisors are added. This is great when I have Spring Beans as I have Permissions that need authorization.
My question is: how do I get the same effect when I no longer require those classes to be Spring Beans? Said differently, if I have an object instance created as a singleton bean via Java Config and the authorization is working correctly, is it possible to maintain that with the object instance being a POJO? Again, for the experts, I want the interception chain returned in the JdkDynamicAopProxy to contain the Spring Security interceptors.
And "no", I am not really expecting an answer to this, maybe just hoping!!!
To add security interceptors to beans not instantiated by spring container
switch global-security tag to mode aspectj and weave the provided AnnotationSecurityAspect in the aspecj module.
For your second question I suppose that you want to do one of the following:
Use a ProxyFactoryBean to secure a bean.
Create security proxies programmatically: Use ProxyFactory.addAdvice() method.
Add the security interceptor to all proxies created by an AutoProxyCreator: This usually don't needed, but you can use the AbstractAutoProxyCreator.interceptorNames property to add common interceptors. The global-security tag parser uses a generated name for the MethodSecurityInterceptor, so you need to configure the interceptor manually and set a consistent SecurityMetadataSource.

Spring: Serialization of session scoped bean

I have a Spring bean with scope session. This bean holds a reference to another singleton bean which is not serializable. What is the best approach if I want to serialize the session scoped bean?
The same question is already asked here: Spring session-scoped beans (controllers) and references to services, in terms of serialization
The accepted answer is that:
[...]this issue is resolved in spring 3.0 by providing a proxy of non-serializable beans, which obtains an instance from the current application context
As far as I understand the speaker in the linked video it should "just work". But in my case it doesn't! When I try to serialize my session scoped bean i get a NotSerializableException.
How can I solve this problem?
You need to instruct Spring to create that proxy. In XML-based config, via <aop:scoped-proxy/> tag, in component-scan mode via annotation:
#Scope(proxyMode = ScopedProxyMode.INTERFACES)
on your controller class.
You may mark singleton reference field as transient. Then check How to execute method after deserialization and load reference from ApplicationContext.
Also, please provide stacktrace.
P.S.
It is not too good idea to use session passivation.

spring applicationConfig beans node

In the spring configuration file applicationConfig.xml, the root node is beans.
But it doesn't contain only beans. In fact, security configuration requires an http element.
My question is: while http is not (seems to me not to be) a bean, is it "bean like" in the sense that it determines the creation of a service, or refers to a running service (say the http listener for the application)?
PS. In "Spring Security Reference documentation" 3.1.0-DRAFT at 2.1.1:
"Web/HTTP Security (...) Sets up the filters and related service beans used to apply the framework authentication mechanisms ..."
Yes, everything in a Spring config is just setting up beans. You could--and in fact used to be forced to--set up all the beans yourself, but along about Spring 2.0, the framework added a nifty feature that they called "Extensible XML Authoring", which gives other people/projects a way to define their own, custom XML syntax that gets translated into Spring beans at startup via a NamespaceHandler.

Resources