frameworks

1. Spring DI IoC
without frameworks, normally to invoke methods on another class (loose coupling), we need to create an instance of the class, then call the method.
IoC, inversion of control, is pre set up this for us, so called inversion of control. instead we call that method on that object, the object is prepared and injected for us.

DI is one implementation of IoC. Both spring and Guice are DI frameworks.
This saves a lot of efforts for developers, the cost is slower app start up time (so the effort/time is brought forward to spend). This is initial reason why spring started becoming popular even during webwork/struts days.

2. @autowired
spring used to use XML for bean creation, and DI. basically tell what’s the beans/class/Objects to be managed by spring bean factory/context. and what’s needed fields/beans for the beans to be created. Spring library would read these configuration and do the set up job.

with the annotation (using reflection) becomes popular, this saves efforts to maintain separate XML files, (at the same time, become less maintainable). So the XML configuration start having the annotation equivalent. @Auowired is the equivalent of telling needed constructs for bean creations in XML.

3. Spring MVC
this is the spring implementation of MVC pattern, corresponding to structs and java default servlet and other framework. basically to tell what’s the URL mapped to which class, and what’s the result(view), with the model passing around. (in XML)

with annotation this become, @RestController @Controller @RequestMapping @RequestParamter etc

4. thread safety in Spring
by default, spring beans are singleton, though this can be changed to be prototype (one bean per each request)

singleton beans are not thread safe, same as servlet, which is shared among requests/threads.

5. spring AOP
AOP is for those code cross cutting or scattering. there are a lot common tasks, like audit or access control, which without AOP, could be duplicating the same code in multiple different places
AOP basically define the point cut (places), cross point and advice (the real business to be done, like audit /access control)
Spring has mostly two proxy mechanism for AOP, default JDK dhynamic proxy or CGLIB (JDK is preferred by spring for performance consideration)

6. spring boot
spring boot trying to make the developers’ job easier, by providing a lot defaults (configuration over convention)
instead of XML, or a lot annotations, Spring boot assume conventions (and library on classpath)to preset up

7. hibernate
new Java EE ORM implemntation (no more EJBs), JPA, has same origin as new hibernate implementation. so there are a lot commonality.
Hibernate probably is the most popular JPA provider for now

8. myBatis
While hibernate translate between objects and SQLs, where we call objects create/insert/update/delete actually call the hbernate generated SQL to be run on RDBMS (or other DB);
myBatis is more for the reverse. if the DB is old, not possible to change schema, direct SQL is preferred than leaving to Hibernate to construct simple queries.
Even though hibernate has its own HQL, mybatis is since beginning more on the direct SQL type

9. apache camel vs spring integration
both are EIP. Apache Camel has a massive of supported start points/URI, like HTTP, MQ, Timer etc.
With Spring framework become more and more popular, it started to incorporate various other functionality (besides DI), Spring integration is Spring’s counterparts for Camel.

AI for system support

Have tried to build an AI bot since almost 3 years back, finally did a prototype, in case anybody would like to do something similar:

Technologies:

Java, Spring Boot, Spring, SQLlite, PostGre, Scala, Python, Anaconda, Scikit Learn,  EWS, BootStrap, AngularJS/JQuery/HTML/CSS, Symphony API, Cisco API,

Components:

Data Set

  1. I have built a scala web crawler, to download all historical support issues.
  2. at the same time, have manually cleaned up/read through each of the thousand of support issues, put in corresponding resolutions corresponding to each
AI
  1. have leveraged on anaconda & scikit learn, to NLP, to tokenize each support issue (text), remove stop words, stemmed each, remove punctuations
  2. have leveraged on anaconda & scikit learn, bag each token of the text as feature vs class, to feed into linear regression classifier, tried SLDA, so far working at 72% accuracy
AI Exposer
  1. have exposed AI as a service
Issue Feeder
  1. have leveraged EWS to read in all issues, post to AI service
UI
  1. have built a web user interface, on top of HTML5 + JQuery + Bootstrap, to show the support emails + AI responded resolutions
  2. have a option on UI, to provide user feedback to AI, to keep its intelligence updated
Notifier
  1. leverage on Java Mail API, EWS, Chat API, phone API, to post alerts for critical issues

aspect not working as aspectOf factory method not found

for my case, the reason being, the aspect is not waved at compile time.

it works well in Eclipse/IDE, as there is plugsin, aspectJRuntime plugin. however, when i build the war; my ant didnt call aspectjtools to weave compile the aspect.

[20-05-2014 21:47:00.957] [516102] [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/clientinquiryweb]] [ERROR] [MSC service thread 1-10]
Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener: org.springframework.beans.fa
ctory.BeanCreationException: Error creating bean with name 'pageDeco' defined in ServletContext resource [/WEB-INF/spring/applicationContext.xml]: No matchin
g factory method found: factory method 'aspectOf()'. Check that a method with the specified name exists and that it is static.
        at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:528)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java
:1015)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:911)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
        at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:3392)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:3850)
        at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:722)

struts, spring integration is very cool

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
	<package name="prc-buySellAvail" namespace="/1" extends="prc-root">
		<!-- Buy / Sell Availability starts here  -->
		<action name="rtrvCurrencies"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="rtrvCurrencies">
			<interceptor-ref name="prcRootStack">
				<param name="scope.type">start</param>
				<param name="scope.session">masterProdList</param>
			</interceptor-ref>
			<result name="success" type="tiles">rtrvCurrencies</result>
		</action>
		
		<!-- jackie, retrieve denom list, ST -->
		<action name="rtrvCurrenciesDenom"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="rtrvCurrenciesDenom">
			<interceptor-ref name="prcRootStack">
				<param name="scope.type">start</param>
				<param name="scope.session">prodDto</param>
			</interceptor-ref>
			<result name="success" type="tiles">rtrvCurrenciesDenom</result>
		</action>
		<!-- jackie, retrieve denom list, EN -->
		
		<action name="rtrvCcyList"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="rtrvCcyList">
			<result name="success">/WEB-INF/jsp/availability/CurrencyList.jsp</result>
		</action>
		<action name="rtrvMetals"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="rtrvMetals">
			<interceptor-ref name="prcRootStack">
				<param name="scope.type">start</param>
				<param name="scope.session">masterProdList</param>
			</interceptor-ref>
			<result name="success">/WEB-INF/jsp/availability/MetalSetup.jsp</result>
		</action>
		<action name="searchAvailMetals"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="searchAvailMetals">
			<result name="success">/WEB-INF/jsp/availability/MetalList.jsp</result>
		</action>
		<action name="rtrvPendingProducts"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="rtrvPendingProducts">
			<result name="success">/WEB-INF/jsp/availability/AuthorizeProducts.jsp</result>
		</action>
		
		<action name="populateMetalList" method="populateMetalList"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction">			
			<result name="success" type="json">
				<param name="root">productsList</param>
			</result>
		</action>
		<!-- Buy / Sell Availability starts here  -->
	</package>
	
	
	
	<package name="prc-buySellAvail-edit" namespace="/2" extends="prc-root">
		<action name="saveCurrencySettings"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="saveCurrencySettings">
			<interceptor-ref name="prcRootStack">
				<param name="scope.session">masterProdList</param>
			</interceptor-ref>
			<result name="success">/WEB-INF/jsp/availability/CurrencySetup.jsp</result>
		</action>
		<action name="saveMetalSettings"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="saveMetalSettings">
			<interceptor-ref name="prcRootStack">
				<param name="scope.session">masterProdList</param>
			</interceptor-ref>
			<result name="success">/WEB-INF/jsp/availability/MetalSetup.jsp</result>
		</action>
		<action name="approveProductSettings"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="approveProductSettings">
			<result name="success">/WEB-INF/jsp/availability/PendingAuthConfirmation.jsp</result>
		</action>
		<action name="rejectProductSettings"
			class="com.db.cfc.pricing.action.BuySellAvailabilityAction" method="rejectProductSettings">
			<result name="success">/WEB-INF/jsp/availability/PendingAuthConfirmation.jsp</result>
		</action>
	</package>
	
	
</struts>

not only, the attributes of the action class, would be auto wired with spring beans.
besides, the attributes of the action class (never defined within spring), can be passed back to the struts.xml, utilizing this objects in session, or jsp.

i am to study the theory behind this.

======================================
Feb 17, 2011
The work behind this is, spring auto wiring + ScopeInterceptor(Strust2) + ServletConfigInterceptor(Struts2).

about spring autowiring

1. struts, and spring are currently auto wired through the struts2-spring-plugin.jar, which using com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptor, and StrutsSpringObjectFactory. Besides, the default autowiring method is byname.
2. as for spring, its using dependency injection most commonly, like

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jee="http://www.springframework.org/schema/jee"
	xmlns:util="http://www.springframework.org/schema/util"
	xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
    http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd
	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">

	<aop:aspectj-autoproxy />
	<context:annotation-config />
		
	<bean id="pricingAdminService" class="com.db.cfc.pricing.service.impl.BasePricingAdminService">
		<property name="basePricingAdminDAO" ref="basePricingAdminDAO" />
		<property name="pricingAuditDAO" ref="pricingAuditDAO" />
	</bean>
	<bean id="prcFourEyesService" class="com.db.cfc.pricing.service.impl.PricingFourEyesService"
		scope="prototype">
		<property name="prcFourEyesDao" ref="prcFourEyesDao" />
	</bean>
	<bean id="prcFourEyeProcessor"
		class="com.db.cfc.pricing.processor.impl.PricingFourEyesProcessor">
		<property name="basePricingAdminDAO" ref="basePricingAdminDAO" />
		<property name="pricingAuditDAO" ref="pricingAuditDAO" />
	</bean>
	<bean id="basePricingAdminDAO" class="com.db.cfc.pricing.dao.impl.BasePricingAdminDAO">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	<bean id="prcFourEyesDao" class="com.db.cfc.pricing.dao.impl.PricingFourEyesDAO"
		scope="prototype">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	<bean id="pricingAuditDAO" class="com.db.cfc.pricing.dao.impl.PricingAuditDAO"
		scope="prototype">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
		
	<!-- CFC Admin Classes -->
	<bean id="prcBranchProductDAO" class="com.db.cfc.pricing.esa.dao.impl.BranchProductsDAO"
		scope="prototype">
		<property name="sqlMapClient" ref="sqlMapClient-cfc" />
	</bean>
	<bean id="prcSystemAdminService"
		class="com.db.cfc.pricing.esa.service.impl.SystemAdminService">
		<property name="branchProductsDAO" ref="prcBranchProductDAO" />		
	</bean>
	<!-- CFC Admin Classes -->
	
	<!-- CMS & CSH  -->
	<bean id="cmsContentService" class="com.db.cfc.pricing.cms.service.impl.CMSContentService">
		<property name="cmsContentDao" ref="cmsContentDao" />
	</bean>
	<bean id="cmsContentDao" class="com.db.cfc.pricing.cms.dao.impl.CMSContentDAO">
		<property name="sqlMapClient" ref="sqlMapClient-cfc" />
	</bean>	
	<bean id="cmsHelpDAO" class="com.db.cfc.pricing.cms.dao.impl.CMSHelpDAO">
		<property name="sqlMapClient" ref="sqlMapClient-cfc" />
	</bean>
	<!-- CMS & CSH  -->
	
	<!-- ESA Product Classes -->
	<bean id="prcEsaProductDAO" class="com.db.cfc.pricing.esa.dao.impl.ESAProductDAO"
		scope="prototype">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	<bean id="prcEsaProductService" class="com.db.cfc.pricing.esa.service.impl.ESAProductService">
		<property name="productDao" ref="prcEsaProductDAO" />		
	</bean>
	<!-- ESA Product Classes -->
	
	<!-- ESA Error Classes -->
	<bean id="prcEsaErrorMessageDAO" class="com.db.cfc.pricing.esa.dao.impl.ESAErrorMessageDAO"
		scope="prototype">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>	
	<bean id="prcEsaProductHandler" class="com.db.cfc.pricing.esa.handler.ESAProductHandler">
		<property name="pricingService" ref="pricingAdminService" />
		<property name="productService" ref="prcEsaProductService" />
		<property name="adminService" ref="prcSystemAdminService" />
	</bean>
	<!-- ESA Error Classes -->
	
	<bean id="pricingHolidayDAO" class="com.db.cfc.pricing.dao.impl.PricingHolidayDAO">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	<bean id="pricingHolidayService" class="com.db.cfc.pricing.service.impl.PricingHolidayService">
		<property name="pricingHolidayDAO" ref="pricingHolidayDAO" />
		<property name="pricingAuditDAO" ref="pricingAuditDAO" />		
	</bean>
	
	<bean id="pricingLimitsDAO" class="com.db.cfc.pricing.dao.impl.PricingLimitsDAO">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	<bean id="pricingLimitsService" class="com.db.cfc.pricing.service.impl.PricingLimitsService">
		<property name="basePricingAdminDAO" ref="pricingLimitsDAO" />		
	</bean>
	
	<bean id="pricingMarginsDAO" class="com.db.cfc.pricing.dao.impl.PricingMarginsDAO">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	<bean id="pricingMarginsService" class="com.db.cfc.pricing.service.impl.PricingMarginsService">
		<property name="basePricingAdminDAO" ref="pricingMarginsDAO" />		
	</bean>
	
	<bean id="pricingProductsDAO" class="com.db.cfc.pricing.dao.impl.PricingProductsDAO">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	
	
	<bean id="pricingProductsService" class="com.db.cfc.pricing.service.impl.PricingProductsService">		
		<property name="prcFourEyesService" ref="prcFourEyesService" />	
		<!--<property name="prcFourEyeProcessor" ref="prcFourEyeProcessor" />	-->
		<property name="pricingProductsDAO" ref="pricingProductsDAO" />				
	</bean>
	
	
	<bean id="pricingSwitchDAO" class="com.db.cfc.pricing.dao.impl.PricingSwitchDAO">
		<property name="sqlMapClient" ref="sqlMapClient" />
	</bean>
	<bean id="pricingSwitchService" class="com.db.cfc.pricing.service.impl.PricingSwitchService">
		<property name="pricingSwitchDAO" ref="pricingSwitchDAO" />		
	</bean>
</beans>

the property name can be anything (generally), as long as the injected bean type matches.
3.new way of injecting properties, or fields, constructors, is through @autowired annotation. in addition to

 
	@Autowired
	private IPricingFourEyesProcessor prcFourEyeProcessor;

, and context.xml should put

<context:annotation-config />

also. refer to http://static.springsource.org/spring/docs/2.5.x/reference/beans.html#beans-autowired-annotation
and http://www.developer.com/article.php/3756831

spring security

a new topics, on my way to master.

1. web.xml, define the secure filters. one special points, about “springSecurityFilterChain”, which is a special spring internal infrastructure bean created by the namespace to handle web security.
If you are familiar with pre-namespace versions of the framework, you can probably already guess roughly what’s going on here. The <http> element is responsible for creating a FilterChainProxy and the filter beans which it uses. Common problems like incorrect filter ordering are no longer an issue as the filter positions are predefined.>
as “http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html&#8221;.
2.

	<!-- This bean id should not be changed -->
	<bean id="authenticationProcessingFilter" scope="prototype"
		class="com.db.cfc.frontend.common.security.filter.AuthProcessinglFilter">
		<security:custom-filter position="PRE_AUTH_FILTER" />
		<property name="authenticationManager" ref="authenticationManager" />
	</bean>

	<bean id="exceptionTranslationFilter"
		class="org.springframework.security.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
		<property name="accessDeniedHandler">
			<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
				<property name="errorPage" value="/WEB-INF/jsp/error/AccessDenied.jsp" />
			</bean>
		</property>
	</bean>

	<bean id="authenticationEntryPoint"
		class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />

	<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
		<security:custom-authentication-provider />
		<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
	</bean>

	<bean id="preAuthenticatedUserDetailsService" class="com.db.cfc.frontend.common.security.service.impl.UserDetailsService">
		<property name="profileService" ref="profileService" />
		<property name="securityService" ref="securityService" />
	</bean>

	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref bean="preAuthenticatedAuthenticationProvider" />
			</list>
		</property>
	</bean>

inside, the application_context_security.xml, using the xmlns:security=”http://www.springframework.org/schema/security&#8221; namespace, to define the < http > configuration, would automatically create the springSecurityFilterChain, which is something like an alias to the filterChainProxy.

and the filter –> authenticationManager –> provider –> userDetailService configuration inside the application_context_security.xml, would configure corresponding beans.

in addition, there is something called, “entry-point”, which i need to continue investigate.

<!– ACL context configuration start –>
<security:http entry-point-ref=”authenticationEntryPoint”
auto-config=”false” session-fixation-protection=”none”
lowercase-comparisons=”false” access-denied-page=”/WEB-INF/jsp/error/AccessDenied.jsp”>

<!– Common to all roles, but authenticated –>
<security:intercept-url pattern=”/1/*.action”
access=”ROLE_BR_B_C_E,ROLE_BR_B_C_V,ROLE_BR_B_M_E,
ROLE_BR_B_M_V,ROLE_BR_S_C_E,
ROLE_BR_S_C_V,ROLE_BR_S_M_E,ROLE_BR_S_M_V,ROLE_DD_B_C_E,
ROLE_DD_B_C_V,ROLE_DD_B_M_E,
ROLE_DD_B_M_V,ROLE_DD_S_C_E,ROLE_DD_S_C_V,ROLE_DD_S_M_E,
ROLE_DD_S_M_V,
ROLE_SA_E,ROLE_SA_V,ROLE_CFC-SALES_V,ROLE_CFC-SALES_E” />
<security:anonymous />

</security:http>

<bean id=”exceptionTranslationFilter”
class=”org.springframework.security.ui.ExceptionTranslationFilter”>
<property name=”authenticationEntryPoint” ref=”authenticationEntryPoint” />
<property name=”accessDeniedHandler”>
<bean class=”org.springframework.security.ui.AccessDeniedHandlerImpl”>
<property name=”errorPage” value=”/WEB-INF/jsp/error/AccessDenied.jsp” />
</bean>
</property>
</bean>

<bean id=”authenticationEntryPoint”
class=”org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint” /

in addition, http://heraclitusonsoftware.wordpress.com/software-development/spring/simple-web-application-with-spring-security-part-13/#comment-1882
which explains some part of my foundings, saved my effort for typing. ^_^

addon, i found out its FilterSecurityInterceptor.java, which maintains the security configurations inside the applcation_context_security.xml, as
<security:http entry-point-ref=”authenticationEntryPoint”
auto-config=”false” session-fixation-protection=”none”
lowercase-comparisons=”false” access-denied-page=”/WEB-INF/jsp/error/AccessDenied.jsp”>

<!– Common to all roles, but authenticated –>
<security:intercept-url pattern=”/1/*.action”
access=”ROLE_BR_B_C_E,ROLE_BR_B_C_V,ROLE_BR_B_M_E,ROLE_BR_B_M_V,ROLE_BR_S_C_E,
ROLE_BR_S_C_V,ROLE_BR_S_M_E,ROLE_BR_S_M_V,ROLE_DD_B_C_E,ROLE_DD_B_C_V,ROLE_DD_B_M_E,
ROLE_DD_B_M_V,ROLE_DD_S_C_E,ROLE_DD_S_C_V,ROLE_DD_S_M_E,ROLE_DD_S_M_V,
ROLE_SA_E,ROLE_SA_V,ROLE_CFC-SALES_V,ROLE_CFC-SALES_E” />
<security:anonymous />

</security:http>

and this same class, FilterSecurityInterceptor,during its doFilter() process, it would call its super class AbstractSecurityInterceptor ‘s method AbstractSecurityInterceptor.beforeInvocation(), where the xml configuration checks against the userDetails data.

and


  Abstract class that implements security interception for secure objects.
  

The AbstractSecurityInterceptor will ensure the proper startup configuration of the security interceptor. It will also implement the proper handling of secure object invocations, namely:

  1. Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.
  2. Determine if the request relates to a secured or public invocation by looking up the secure object request against the {@link ObjectDefinitionSource}.
  3. For an invocation that is secured (there is a ConfigAttributeDefinition for the secure object invocation):
    1. If either the {@link org.springframework.security.Authentication#isAuthenticated()} returns false, or the {@link #alwaysReauthenticate} is true, authenticate the request against the configured {@link AuthenticationManager}. When authenticated, replace the Authentication object on the SecurityContextHolder with the returned value.
    2. Authorize the request against the configured {@link AccessDecisionManager}.
    3. Perform any run-as replacement via the configured {@link RunAsManager}.
    4. Pass control back to the concrete subclass, which will actually proceed with executing the object. A {@link InterceptorStatusToken} is returned so that after the subclass has finished proceeding with execution of the object, its finally clause can ensure the AbstractSecurityInterceptor is re-called and tidies up correctly.
    5. The concrete subclass will re-call the AbstractSecurityInterceptor via the {@link #afterInvocation(InterceptorStatusToken, Object)} method.
    6. If the RunAsManager replaced the Authentication object, return the SecurityContextHolder to the object that existed after the call to AuthenticationManager.
    7. If an AfterInvocationManager is defined, invoke the invocation manager and allow it to replace the object due to be returned to the caller.
  4. For an invocation that is public (there is no ConfigAttributeDefinition for the secure object invocation):
    1. As described above, the concrete subclass will be returned an InterceptorStatusToken which is subsequently re-presented to the AbstractSecurityInterceptor after the secure object has been executed. The AbstractSecurityInterceptor will take no further action when its {@link #afterInvocation(InterceptorStatusToken, Object)} is called.
  5. Control again returns to the concrete subclass, along with the Object that should be returned to the caller. The subclass will then return that result or exception to the original caller.
@author Ben Alex @version $Id: AbstractSecurityInterceptor.java 3046 2008-05-09 18:09:56Z luke_t $

i love spring security, its cool.!
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/technical-overview.html#tech-intro-authentication

there are in general two steps, authentication and authorisation.
1. authentication is generally done by authenticationManager, eg, org.springframework.security.providers.ProviderManager, together with providers, userDetailService.
2. authorisation is generally done by AbstractSecurityInterceptor, which would retrieve the configureAttributes, like ROLE_A, ROLE_B in <intercept-url pattern=’/secure/**’ access=’ROLE_A,ROLE_B’/>, for example; and using a accessDecisionManager to decide, the previously retrieved authentication object against the configAttributes.

and these two postes, are equally cool,
http://asahu05.wordpress.com/2010/07/20/spring-acegi-security-in-flex-application

and http://enlightensoft.wordpress.com/2010/04/09/spring-security-3-0-part-1/