I'm trying to learn Spring boot and I notice there are two options.
spring-boot-starter-web - which according to the docs gives support for full-stack web development, including Tomcat and web-mvc
spring-boot-starter-tomcat
Since #1 supports Tomcat why would one want to use #2?
What are the differences?
Thanks
Since #1 supports Tomcat why would one want to use #2?
spring-boot-starter-web contains spring-boot-starter-tomcat. spring-boot-starter-tomcat could potentially be used on its own if spring mvc isn't needed (contained in spring-boot-starter-web).
Here is the dependency hierarchy of spring-boot-starter-web:
What are the differences?
spring-boot-starter-web contains spring web dependencies (including spring-boot-starter-tomcat):
spring-boot-starter
jackson
spring-core
spring-mvc
spring-boot-starter-tomcat
spring-boot-starter-tomcat contains everything related to an embdedded tomcat server:
core
el
logging
websocket
What if you want to use spring mvc without the embedded tomcat server?
Just exclude it from the dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
Well a simple answer is that not all web applications are SpringMVC applications. For example if you wish to use JaxRS instead perhaps you have client applications that use RestTemplate and you like how they interact it doesn't mean you can't use spring boot or embedded tomcat
Here is an example application that uses spring-boot-starter-tomcat but not spring-boot-starter-web
Simple Jersey application in spring boot using spring-boot-starter-tomcat
https://github.com/spring-projects/spring-boot/tree/master/spring-boot-samples/spring-boot-sample-jersey
It's also important to remember that tomcat is not the only option for an embedded servlet container in spring boot. It's also easy to get started using jetty. And having spring-boot-starter-tomcat makes it easy to exclude all as one module while if they were all just part of spring-web it would be more work to exclude the tomcat libraries to bring in spring-boot-starter-jersey instead
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
</dependency>
I copied this code from another SO question here.
How to configure Jetty in spring-boot (easily?)
Related
I am confused what is the different between these dependencies and which one should I use. Would you explain the differences?
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!---------------------------------------------------------->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<!---------------------------------------------------------->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<!---------------------------------------------------------->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
and when to use
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
spring-boot-starter-xxx are with no surprise starters for applications with Spring. It:
pulls most the dependencies you need on a subject
auto-wires many useful beans
enables to define many configuration options from properties (application.properties, application.yaml, command line arguments, environment variables,...)
For OAuth2, there are two starters provided by Spring:
spring-boot-starter-oauth2-resource-server if your app is a resource-server (contains #RestController or #Controller with #ResponseBody)
spring-boot-starter-oauth2-client if your app is a client
#Controller with methods returning a template name
using a REST client like WebClient to consume a web-service secured with OAuth2
I also wrote starters which are thin wrappers arround spring-boot-starter-oauth2-resource-server and enable to replace all of necessary Java configuration with just a few properties. Refer to README and tutorials for more details (and to figure out how much effort and errors it can save)
It is possible for an app to be both a resource-server and a client, in which case you'll need to declare both starters in your dependencies.
You can have a look at the tutorials I already linked if you have doubts on how to configure resource-servers. There are a few whith Spring starters or mine. One is even both a resource-server and a client with Thymeleaf page consuming secured REST resources with WebClient)
You don't need to declare dependencies on spring-boot-starter-security, spring-security-oauth2-client or spring-security-oauth2-jose when using OAuth2 starters as all are transitive dependencies.
spring-security-config is useful for defining Spring #Beans in Java configuration files. You might need it in addition to starters.
If I create a custom spring boot starter module, Do I need to include the dependency spring-boot-starter ?
In the spring boot's github :
some starters add the dependency spring-boot-starter to its pom.xml (spring-boot-starter-web, spring-boot-starter-thymeleaf)
some others starters doesn't (spring-boot-starter-log4j2, spring-boot-starter-undertow, spring-boot-starter-tomcat).
Is there a reason to no adding it into the dependencies ?
If your starter depends on spring-boot-starter, any application that depends only on your starter will have all the dependencies that it needs to be a Spring Boot application. Generally speaking, this is how you want a starter to behave.
spring-boot-stater-log4j2, spring-boot-starter-undertow, and spring-boot-starter-tomcat are slightly different as they are not intended to be used on their own. The Spring Boot documentation calls them technical starters. They are intended to be used alongside an existing starter to change the underlying technology that's used. For example, if you are building a web application, you would depend on spring-boot-starter-web. This starter uses Tomcat as the embedded container by default. If you want to swap to Undertow, you'd exclude spring-boot-starter-tomcat and add a dependency on spring-boot-starter-undertow alongside your spring-boot-starter-web dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<!-- Exclude the Tomcat dependency -->
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Use Undertow instead -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
We have Spring Boot Application(version 1.5.8). We tried to check if it's compatible with upcoming Spring Boot 2 release (currently it's M5).
And two classes are missing in spring-boot-autoconfigure dependency(UserInfoTokenServices and ResourceServerProperties).
Are there any replacements of them?
Thanks
Try it this. it's helped me with Oauth2 after migration to SpringBoot 2.
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
Quoting Spring Boot 2.0.0.M5 release notes
Functionality from the Spring Security OAuth project is being migrated
to core Spring Security. OAuth 2.0 client support has already been
added and additional features will be migrated in due course.
If you depend on Spring Security OAuth features that have not yet been
migrated you will need to add
org.springframework.security.oauth:spring-security-oauth2 and
configure things manually. If you only need OAuth 2.0 client support
you can use the auto-configuration provided by Spring Boot 2.0. We’re
also continuing to support Spring Boot 1.5 so older applications can
continue to use that until an upgrade path is provided.
I think you have to define oauth2 dep, like
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
ive tried the spring REST tutorial and i also got a simple JSF application (running on glassfish), both projects are maven based and i would like to "combine" them.
Meaning, putting the REST project jar into the JSF project.
Does that make sense?
The JSF page should send a request to the microservice REST project when it starts and display the result.
the REST project uses spring-boot and therefore tomcat.
this pom.xml is supposed to use glassfish instead of tomcat, at least thats what the author tells on a spring blog.
Theres a part in it:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
That says to "exclude" tomcat - which is fine, but how does maven or spring know to use glassfish instead?
Is there maybe a better way to combine these two projects?
I would like to keep the projects seperate because of the dependencys in the pom.xml.
Answer #1 in this question solves the confusion:
Using JSF as view technology of Spring MVC
spring mvc and jsf are rivals.
Can you explain to me how to properly build a web app with Spring? I know that the latest version of Spring framework is 4.0.0.RELEASE, but the latest version of Spring Security is 3.2.0.RELEASE, and it depends on spring 3.2.6... maybe i'm wrong :)
How can I integrate it with Maven?
Can I use Spring 4 or must I use the previous version?
What is the proper way?
If it`s not hard for you could you show me you pom.xml?
You should be fine using Spring 4. As described in the documentation:
"Spring Security builds against Spring Framework 3.2.6.RELEASE, but is also tested against Spring Framework 4.0.0.RELEASE. This means you can use Spring Security 3.2.0.RELEASE with Spring Framework 4.0.0.RELEASE."
They go on to describe strategies for integrating Spring 4 with Spring Security in your project. Like this one:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.0.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>