

Security with Spring - baeldungcaliah
http://www.baeldung.com/security-spring

======
sfjailbird
Spring represents all that is wrong with Java. Its main selling point is that
it is not J2EE (shallow praise) yet it retains a lot of the awfulness of J2EE,
such as XML just for the sake of it (so now you need heavy tool support just
to make sure that classes, methods and fields are referred correctly in the
XML files). On top of that it introduces layers of craziness that J2EE could
only begin to dream of, such as "aspect oriented" configuration and dynamic
proxies that enrich and inject and mutate your objects at runtime such that
debugging and tracing becomes completely impossible. Even core Spring concepts
like "Inversion of Control" are questionable value propositions that even
Martin Fowler has distanced himself from.

Java has an ecosystem of enterprise consultants that sell castles in the sky
and need to invent complex concepts and technologies to sell themselves and
their services. Gullible enterprise developers eat it up and mimmick them.
Ignorant CTOs buy their stuff. I'm pissed off about it because Java is
basically cool technology but the culture is infected with these bloodsuckers
who give it a bad name and do nothing for advancing the state of the language
and ecosystem.

~~~
mschulze
How long has it been that you used Spring? You don't need that much XML for a
Spring 3.0 application. Almost everything can be done with annotations.

Why do you compare Spring with J2EE when in fact JEE took a lot of the good
stuff from Spring?

The main point of Spring is to help develop consistent applications with
enterprise requirements (integration, security, batch jobs, mvc, ...) and it
does that incredibly well. Especially integration in a nightmare of systems at
a large corporation.

~~~
sfjailbird
I wouldn't say incredibly well, more like a passing mark. In fact I would
compare Spring to Maven: It gets the job done, it's probably even the best of
the alternatives, it still leaves a bad taste in the mouth.

I find that for many of the configuration use cases that Spring is supposed to
solve I am better off doing things programmatically (heresy in the Java
world). Yes, this can be done and still have testable, decoupled
configuration. (As for changing configuration on the fly, nobody does that. It
is a leftover from the "Deployer" role defined by Sun's J2EE specification.)

~~~
chris_wot
Could you give some concrete use cases? Genuinely interested.

------
bsaul
A bit off topic : I've used Spring some times ago, and it really made me
wonder how the full stack would perform on a benchmark against non-JVM
frameworks, even though the JVM is faster than anything else.

This framework really redefined my notion of bloated, although to be fair, i
really don't know if the runtime and API part of the framework gave me that
feeling, or if it's not mainly due to the extremely painful development
environment (aka spring sts : one JVM for the IDE, one JVM for the bean
execution, and one virtualization layer on top of the web server thanks to
VMWare vFabric...).

In the end, it took me more than 5 minutes to boot STS and get the server run
my code, on my fairly recent 4G of RAM MBP.

~~~
mtrimpe
Spring is just an XML-based DSL that wires objects together and applies AOP
aspects to them.

Your bad experience was with a Spring- _branded_ Eclipse; the open-source IDE
that's so slow and bloated Google preferred switching to a proprietary
competitor (IntelliJ) for their latest version of the Android IDE.

~~~
bsaul
Yes, but I believe sfjailbird is also right (see comment below) : there's also
a vicious "enterprise" culture surrounding that technology that really
encourages people to keep going in that direction.

~~~
fmstephe
I think your characterisation of the enterprise culture as vicious isn't too
far off the mark. :)

------
moondowner
@baeldung's posts are really good, especially these regarding Spring Security,
and the ones regarding Spring Data stuff.

Excellent resource for anyone using Spring.

------
commentator
If you are new to Spring, then you should start with the current edition of
"Spring in Action". It's a good read.

