Web Layer Features

🚪 The Web Layer: Your App’s Front Door

Imagine your Spring Boot application is a fancy hotel. Guests (HTTP requests) arrive at the front entrance, but before they reach their room (your controller), they pass through security, get their luggage handled, and receive directions. That’s exactly what the Web Layer does!

📦 File Upload Handling: The Luggage Service

Think of file uploads like guests bringing luggage to a hotel. The bellhop (Spring’s MultipartFile) takes it, checks it, and stores it safely.

How It Works

When someone uploads a file to your app, Spring catches it like a baseball glove catches a ball:

@PostMapping("/upload")
public String handleUpload(
    @RequestParam("file")
    MultipartFile file) {

    // Get file name
    String name = file.getOriginalFilename();

    // Get file size
    long size = file.getSize();

    // Save the file
    file.transferTo(new File("/uploads/" + name));

    return "Uploaded: " + name;
}

Setting Limits

You don’t want someone bringing a truck-sized suitcase! Set limits in application.properties:

# Max file size: 10MB
spring.servlet.multipart.max-file-size=10MB

# Max request size: 50MB
spring.servlet.multipart.max-request-size=50MB

Quick Flow

graph TD
    A["📤 User Uploads File"] --> B["🧳 MultipartFile Catches It"]
    B --> C{📏 Size OK?}
    C -->|Yes| D["💾 Save to Disk/Cloud"]
    C -->|No| E["❌ Reject - Too Big!"]
    D --> F["✅ Success Response"]

Key Points:

• MultipartFile = Spring’s way to handle uploaded files
• Always validate file size and type
• Never trust the filename - sanitize it!

🖼️ Static Resources: The Hotel’s Decorations

Static resources are like the paintings, carpets, and furniture in our hotel - they don’t change and are always there. These include CSS files, JavaScript, images, and fonts.

Where Spring Looks

By default, Spring Boot serves static files from these locations:

Example Structure

src/main/resources/
└── static/
    ├── css/
    │   └── style.css
    ├── js/
    │   └── app.js
    └── images/
        └── logo.png

Access them directly:

• http://localhost:8080/css/style.css
• http://localhost:8080/images/logo.png

Custom Location

Want files from a different folder?

@Configuration
public class WebConfig
    implements WebMvcConfigurer {

    @Override
    public void addResourceHandlers(
        ResourceHandlerRegistry registry) {

        registry.addResourceHandler("/files/**")
            .addResourceLocations("file:/data/files/");
    }
}

Now /files/photo.jpg serves from /data/files/photo.jpg!

🌐 CORS Configuration: The Guest Pass System

CORS (Cross-Origin Resource Sharing) is like a guest pass system. When your frontend lives at frontend.com but your API lives at api.com, the browser says “Wait! Are you allowed to talk to each other?”

The Problem

graph LR
    A["🖥️ frontend.com"] -->|Request| B["🔒 Browser"]
    B -->|"Is api.com OK?"| C["🌐 api.com"]
    C -->|"Yes, allow frontend.com"| B
    B -->|✅ Pass Request| C

Solution 1: Per-Controller

@RestController
@CrossOrigin(origins = "http://frontend.com")
public class MyController {

    @GetMapping("/data")
    public String getData() {
        return "Hello from API!";
    }
}

Solution 2: Global Configuration

@Configuration
public class CorsConfig
    implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(
        CorsRegistry registry) {

        registry.addMapping("/api/**")
            .allowedOrigins("http://frontend.com")
            .allowedMethods("GET", "POST", "PUT")
            .allowedHeaders("*")
            .allowCredentials(true)
            .maxAge(3600);
    }
}

What Each Setting Means

🚦 Filter vs Interceptor: Security Guards vs Concierge

This is where many developers get confused! Let’s clear it up with our hotel analogy:

Servlet Filter = Security Guard 🛡️

The security guard stands at the building entrance. They check EVERYONE - guests, delivery people, even staff. They work at the Servlet level, before Spring even sees the request.

@Component
public class LoggingFilter
    implements Filter {

    @Override
    public void doFilter(
        ServletRequest req,
        ServletResponse res,
        FilterChain chain) throws Exception {

        System.out.println("👮 Guard: Someone arrived!");

        // Let them through
        chain.doFilter(req, res);

        System.out.println("👮 Guard: Someone left!");
    }
}

Interceptor = Concierge 🎩

The concierge stands in the lobby, after security. They only deal with hotel guests (Spring MVC requests). They can see where guests are going and help them along the way.

@Component
public class LoggingInterceptor
    implements HandlerInterceptor {

    @Override
    public boolean preHandle(
        HttpServletRequest req,
        HttpServletResponse res,
        Object handler) {

        System.out.println("🎩 Concierge: Guest heading to "
            + req.getRequestURI());
        return true; // Let them proceed
    }

    @Override
    public void postHandle(...) {
        System.out.println("🎩 Concierge: Guest finished!");
    }
}

The Key Differences

graph TD
    A["📨 HTTP Request"] --> B["🛡️ FILTER"]
    B --> C["🌱 Spring DispatcherServlet"]
    C --> D["🎩 INTERCEPTOR"]
    D --> E["🎯 Controller"]
    E --> D
    D --> C
    C --> B
    B --> F["📤 HTTP Response"]

🔧 Servlet Filters: Deep Dive

Filters are the workhorses of request processing. They wrap around your entire application like layers of an onion.

Common Use Cases

1. Logging - Track all requests
2. Encoding - Set character encoding
3. Security - Check tokens/headers
4. Compression - Gzip responses

Creating a Filter

@Component
@Order(1) // Lower = runs first
public class AuthFilter implements Filter {

    @Override
    public void doFilter(
        ServletRequest request,
        ServletResponse response,
        FilterChain chain) throws Exception {

        HttpServletRequest req =
            (HttpServletRequest) request;

        String token = req.getHeader("Auth-Token");

        if (token == null) {
            HttpServletResponse res =
                (HttpServletResponse) response;
            res.setStatus(401);
            res.getWriter().write("No token!");
            return; // STOP here!
        }

        // Token exists, continue
        chain.doFilter(request, response);
    }
}

Registering with URL Patterns

@Configuration
public class FilterConfig {

    @Bean
    public FilterRegistrationBean<AuthFilter>
        authFilterRegistration() {

        FilterRegistrationBean<AuthFilter> bean =
            new FilterRegistrationBean<>();

        bean.setFilter(new AuthFilter());
        bean.addUrlPatterns("/api/*");
        bean.setOrder(1);

        return bean;
    }
}

Filter Chain Flow

graph TD
    A["📨 Request"] --> B["Filter 1: Logging"]
    B --> C["Filter 2: Encoding"]
    C --> D["Filter 3: Auth"]
    D --> E["🎯 Your Controller"]
    E --> D
    D --> C
    C --> B
    B --> F["📤 Response"]

Each filter can:

• Modify the request before passing it on
• Stop the chain (like auth failure)
• Modify the response on the way back

🎯 Putting It All Together

Here’s how all these pieces work in a real Spring Boot app:

graph TD
    A["🌐 Browser Request"] --> B["🛡️ Servlet Filters"]
    B --> C{📁 Static Resource?}
    C -->|Yes| D["🖼️ Serve File"]
    C -->|No| E["🌱 DispatcherServlet"]
    E --> F{🌐 CORS OK?}
    F -->|No| G["❌ CORS Error"]
    F -->|Yes| H["🎩 Interceptors"]
    H --> I["🎯 Controller"]
    I --> J{📦 File Upload?}
    J -->|Yes| K["📤 MultipartFile"]
    J -->|No| L["📝 Regular Handler"]

🚀 Quick Summary

💡 Remember This!

Filters are like security guards - they see everything and work at the door.

Interceptors are like concierges - they work inside Spring and know about your controllers.

CORS is like a guest pass - it says who’s allowed to talk to your API.

Static resources are like hotel decorations - always there, never changing.

File uploads are like luggage handling - catch, validate, store!

You’ve now mastered the Web Layer! 🎉 Your Spring Boot hotel is ready to welcome guests (requests) with proper security, beautiful decorations, and excellent service!