When defining the requirements for the SpringBlog application, our main goal was to highlight certain Spring features in the context of a full application. For this reason, we included a few features, such as auditing and obscenity filtering, that you would not expect to see in a traditional blog application but that are useful features nonetheless and provide a way to highlight certain features of the Spring framework. On the flip side of this, certain features that you would expect to see, such as authentication and authorization, are not covered fully in the requirements because their implementation has little to do with Spring.
This section provides a full rundown of the features included in the SpringBlog application.
Most blog applications provide some kind of security that prevents unauthorized users from creating, editing, and removing blog entries. Because Spring does not provide anything in the way of security support, we have not defined security as a requirement of the SpringBlog system.
As you can see in Figure 3-1, the SpringBlog application does provide some support for user identity.
Figure 3-1: User identity in SpringBlog
In SpringBlog, you are assigned the Anonymous identity automatically. Using the Login function, you can validate your details against the user list in the database and assign yourself a different identity. Internally, SpringBlog uses this identity as part of the audit process, but it has no functionality for restricting user access based on this identity.
Although we have not discussed application security in any detail in this book, it is still a very important topic. Traditionally, a J2EE application utilizes the security features provided by the container to secure an application at both the servlet and EJB levels. For web applications built using Spring, servlet container security is still a viable option, with which many of you are more than familiar. Although Spring itself does not offer a security framework, many open source projects are available that do. A project of particular note is Acegi Security (http://acegisecurity.sourceforge.net/), which is specifically designed to be used with Spring applications.
An obvious requirement for any blog system is that it can display blog entries to users. As Figure 3-2 shows, the SpringBlog application displays the latest postings to the blog on the home page.
Figure 3-2: Viewing recent blog entries
You can configure the number of entries to be displayed using standard Spring configuration mechanisms. Clicking the View link for a particular blog entry displays just that entry, along with the list of comments posted for that entry and the files that have been attached to it, as shown in Figure 3-3.
Figure 3-3: Viewing a blog entry
Without the ability to post blog entries, there would be nothing to display. You can post a new blog entry using the entry form shown in Figure 3-4, which you can access using the Add link on the home page.
Figure 3-4: Posting a blog entry
Once you have created a blog entry, you can edit it by clicking the Edit link in the entry's listing. Behind the scenes, SpringBlog uses the same HTML form both for creating and editing a blog entry, but it uses different Spring Controllers to handle each action.
In addition to the Create and Edit functions, SpringBlog also allows you to delete a blog entry by clicking the Delete link in the listing for the entry you want to delete. As Figure 3-5 shows, SpringBlog prompts you for confirmation before it allows a deletion to proceed.
Figure 3-5: Confirming entry deletion
As with most blog applications, SpringBlog allows users to express their opinions about particular entries by posting comments. Users can post comments using the Add link from an entry's comments page, as shown in Figure 3-6.
Figure 3-6: Posting a comment
As is the case with the entry posting functionality, this functionality also allows you to edit and delete comments.
One of the features of Spring we really wanted to highlight in SpringBlog was AOP, but we did not want to go down the traditional route of using logging as an example, and AOP-based transaction management is already built into Spring. Although most blogs do not use any kind of obscenity filter, we decided that ours would. During design, it seemed that using AOP was the best way to apply this feature across the application.
With this functionality in place, when you try to post an entry such as that shown in Figure 3-7, you actually get a posting like the one in Figure 3-8.
Figure 3-7: Attempting to post an obscenity
Figure 3-8: The obscenity filter at work
Unlike many blog applications used on the World Wide Web, SpringBlog allows files to be uploaded with blog entries and comments. In reality, this feature poses quite a large security risk, but it does allow us to demonstrate Spring's excellent file upload handling. Figure 3-9 shows a file being uploaded alongside a new entry.
Figure 3-9: Uploading a file to SpringBlog
One feature that we included purely to support the demonstration of a particular Spring feature is auditing. By introducing the need for all blog operations to be logged for auditing purposes, we made each blog operation require multiple database operations; this requires the use of a database transaction which, obviously, we manage using Spring's transaction management features.
You can view the currently stored audit data by clicking the Audit link in the left-hand navigation bar, as shown in Figure 3-10.
Figure 3-10: Viewing audit data
From the View Audit Records screen, you can also remove audit records over a certain age using the purge functionality.