What is Spring proxy - spring

I know what is Proxy in network community (server intermediary), but what is proxy in Spring ? Why spring beans are wrapped proxy ? I don't understand the idea of proxy in Spring. Thanks for response.

A proxy is a Spring generated class, that wraps your class for a given purpose, ie: adding transactional behaviour
Take a deeper look at the documentation here

It's a class that wraps your class. It is a proxy because all calls to methods of your class pass through it before actually getting to your class. The goal is to enhance your class with additional functionality, for example as #CristianMeneses said, to add transactional behavior to it, or inject some resources.

Related

Spring proxy default impl

I think I have a good idea of how spring uses proxy concept with #Transactional annotation but I can't find anything about "default" implementation. Basically what I'm looking for is the code which wraps the invocation of original method (method from wrapped object).
There is no such thing as a default implementation because it all depends on the class implementing the method where you add the #Transactional annotation to.
If that class inherits from an interface then JDK Dynamic Proxy will be used.
If not, then an external library called CGLIB will be used to create the proxy.
Dynamic proxy will create a proxy that implements all interfaces your target class also implements while CGLIB will create a proxy that extends your target class.
Also make sure to read this SO question concerning the difference between Dynamic Proxy and CGLIB proxy as it contains valuable information as well.

Impossibility of adding advice to final methods when using Spring MVC

I'm reading this official page of Spring documentation and then I read this sentence which I didn't understand :
You cannot add advice to final methods when you use Spring MVC. For
example, you cannot add advice to the
AbstractController.setSynchronizeOnSession() method. Refer to Section
10.6.1, “Understanding AOP proxies” for more information on AOP proxies and why you cannot add advice to final methods.
Can anybody explain to me what they mean by this, and specially by advice?
An advice is a method that should be called before or after a method of another class is invoked.
An example could be a logging advice, that is attached to every method of a service to log out the invocation of every service method.
In order to attach an advice to a method, Spring subclasses the class, the method belongs to and overrides the method with an implementation that calls the advice when the method is invoked. Additionaly the proxy method will also call the overwritten method (the super method) to obtain the original functionality.
A final method cannot be overidden, so Spring cannot create a proxy and you cannat attach an advice.
Its a general limitation, that it is impossible to use a subclass proxy for final methods. It is not a special limitation for aspects.
An advice isn't something specific to Spring MVC, but rather a concept from Aspect Oriented Programming (or AOP for short, see this wikipedia page for a general introduction).
The way Spring Beans work, and the way they allow for AOP, is by taken the class you annotated as a bean, and creating a proxy based on that class, which means on-the-fly / at runtime creating a subclass instance that inherits from your class and which provides custom implementations for each method ('overriding' them). As you know, overriding final methods is inherently impossible (that's what makes them final). That's the reason why the documentation states:
you cannot add advice to final methods

How does #transactional works?

I want to know how spring change my method that has #transactional annotation on it?
for example I read here about how to run a transactional method without using #transactional.
What spring do exactly?
Spring effectively makes proxies for your objects. So if class "MyApplication" injects "DBService", and DBService has a #Transactional on it, spring will make a DBService Proxy. The Proxy will be injected into MyApplication, and all calls to methods of the DBService will instead call that Proxy. That Proxy would then be allowed to start transactions or do whatever it needs before calling the actual DBService method.
MyApplication -> DBService Proxy (intercepts calls) -> DBService
The details of how the proxy is made may change based on spring version and the way you've setup your code. You can use interfaces allowing spring to make a proxy of that, although, if you choose not to use interfaces, spring can extend the actual class too (using a library called CGLIB. Pre 4, this required a default constructor, although, in the latest Spring 4 the default constructor is not required and it does it via a slightly different mechanism)

Hard?: Spring security on classes that are not Spring Beans?

Definitely need some expert help with this! I think this is mainly a Spring Security question, but as I don't know for sure, so I am also tagging with the general Spring tag!
When the Application Context is loaded (mine is all via Java Config, though I don't believe that matters), the "DefaultListableBeanFactory" is processed and eventually (via the ProxyFactory) Spring Security Advisors are added. This is great when I have Spring Beans as I have Permissions that need authorization.
My question is: how do I get the same effect when I no longer require those classes to be Spring Beans? Said differently, if I have an object instance created as a singleton bean via Java Config and the authorization is working correctly, is it possible to maintain that with the object instance being a POJO? Again, for the experts, I want the interception chain returned in the JdkDynamicAopProxy to contain the Spring Security interceptors.
And "no", I am not really expecting an answer to this, maybe just hoping!!!
To add security interceptors to beans not instantiated by spring container
switch global-security tag to mode aspectj and weave the provided AnnotationSecurityAspect in the aspecj module.
For your second question I suppose that you want to do one of the following:
Use a ProxyFactoryBean to secure a bean.
Create security proxies programmatically: Use ProxyFactory.addAdvice() method.
Add the security interceptor to all proxies created by an AutoProxyCreator: This usually don't needed, but you can use the AbstractAutoProxyCreator.interceptorNames property to add common interceptors. The global-security tag parser uses a generated name for the MethodSecurityInterceptor, so you need to configure the interceptor manually and set a consistent SecurityMetadataSource.

Spring application has Cglib2AopProxy warnings

Upon starting my application, I get numerous warnings along the lines of o.s.aop.framework.Cglib2AopProxy 'Unable to proxy method [public final void org.springframework.jdbc.core.support.JdbcDaoSupport.setDataSource(javax.sql.DataSource)] because it is final: All calls to this method via a proxy will be routed directly to the proxy.' for about a dozen or so functions.
Now I perfectly understand that proxy-based aspects cannot be applied to final methods. However, I did not (on purpose, at least) try to weave any aspects into JdbcDaoSupport. I suspect it comes from <tx:annotation-driven />. Is there anything I can do to silence these warnings or, better yet, exclude those classes from the aspect weaving?
This is most likely caused by the #Transactional annotation, Spring wraps your DAO in a proxy to add the transactional behavior.
I would recommend to make your DAO implement an Interface (create and use an interface for your DAO), this will allow Spring to use a JDK dynamic proxy instead of having to use CGLib.
Using CGLIB has a limitation that methods marked as final in target class can’t be advised as final methods can’t be overridden (CGLIB creates a subclass of target class at runtime) but this limitation disappears in case of using JDK dynamic proxies.
Reference
Maybe you have extended JdbcDaoSupport and added #Transactional annotations.
You can set the Cglib2AopProxy logger to log level ERROR to avoid the warn messages. For example if using log4j and log4j.properties:
log.logger.org.springframework.aop.framework.Cglib2AopProxy = ERROR
You should use interfaces for dependency injection, the most reasons for this are described here and here.
You can read documentation about proxying mechanic for details why you see this warning.
And please vote for feature request of inspection for IntelliJ that may helps us to avoid this warnings. BTW It also contains a good explanation.
Spring Boot now uses CGLIB proxying by default, including for the AOP support. If you need interface-based proxy, you’ll need to set the spring.aop.proxy-target-class to false.
spring.aop.proxy-target-class=false

Resources