Spring Security is an open source security framework that provides permission-based access control, authentication, security event publishing, and other features. Using Spring Security in a Spring Boot application makes it very easy to implement user authentication and authorization.
The main way Spring Security implements authentication is by using an authentication filter chain that contains multiple filters for authenticating and authorising users. In Spring Security, authentication and authorisation are processed through the filters in the filter chain, ultimately returning a successfully authenticated user object.
The difference between @Resource and @Autowired in Spring
1. Analysis from the usage level First, we create an interface UserService and two implementation classes UserServiceImpl1 and UserServiceImpl2.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 public interface UserService { void save(); } @Service public class UserServiceImpl1 implements UserService { @Override public void save() { System.out.println("UserServiceImpl1 save"); } } @Service public class UserServiceImpl2 implements UserService { @Override public void save() { System.
Researching Spring Framework past vulnerabilities
The main goal of this article is to analyze, summarize, and summarize the historical Spring framework vulnerabilities, so as to try to find out the potential patterns, in order to learn from the past. Of course, as a Java novice, before directly analyzing the vulnerabilities, we will first learn some core concepts in Spring from the developer’s perspective, so as to lay the foundation for the subsequent understanding.
Preface Spring was originally created in 2003 as a competitor to J2EE due to the complexity of the early J2EE specifications and the lack of community input.
The resources configuration in spring-boot-starter-parent
When you create a Spring Boot project, there is a parent by default, which helps us determine the project’s JDK version, coding format, dependency version, plugin version, and various other common things. Some of you may have seen the source code of the parent, which has a configuration like this.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 <resources> <resource> <directory>${basedir}/src/main/resources</directory> <filtering>true</filtering> <includes> <include>**/application*.
Spring Boot Applications and Unit Testing
Spring Boot provides a rich set of testing features, consisting of the following two modules:
spring-boot-test: Provides core functionality for testing. spring-boot-test-autoconfigure: Provides automatic configuration of tests. Spring Boot provides a spring-boot-starter-test one-stop starter, as shown in the following dependency configuration.
1 2 3 4 5 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> The Test starter dependency contains not only the two Spring Boot modules above, but also the Spring Test test module, as well as other third-party testing libraries, as shown below.
Authentication and authorization with Spring Security
Using Spring Seucurity to implement login authentication and authorization management is a large part of the project, and a relatively difficult part. This project has improved on the original project by replacing the deprecated FilterSecurityInterceptor authorization API with the new AuthorizationFilter authorization API recommended by the new version, and by taking into account the concurrent security of authorization during coding. In addition, the project has integrated Spring Session to provide cluster session support, improved the authorisation of anonymously accessible interfaces, added the ability to disable roles, and made some code optimisations.
File Downloading in Spring Boot Applications
This article provides guidance on how to download a single file, download a Gzip-compressed file, and download multiple files through a zip archive in a Spring Boot application.
Download a single file The key points are as follows.
Get the size of the file. Get the media type (Content-Type) of the file. Construct the Content-Disposition header with the ContentDisposition utility class to avoid the problem of downloading file name gibberish. Copy data to the client.
Inventory of Spring Security framework in the eight classic design patterns
1. Template method pattern The template method pattern is an abstract class that overtly defines a template for executing its methods. Its subclasses can override the method implementation as needed, but the invocation will be made in the same way as defined in the abstract class, which is a behavioral pattern.
The advantages of the Template method are as follows.
The public part of the code is extracted in the parent class, which is easy to reuse and extend the code.
Customizing Jackson in Spring Boot2 Applications
Overview This article was originally written to understand how Spring Boot2 specifically serializes and deserializes the JSR 310 datetime system, Spring MVC application scenarios are as follows.
using @RequestBody to read the JSON request body from the client and encapsulate it into a Java object. use @ResponseBody to serialize the object into JSON data and respond to the client. For some basic types of data like Integer, String, etc., Spring MVC can solve it with some built-in converters without user concern, but for datetime types (e.
Comparison and application of Spring AOP and AspectJ
1. Introduction AOP, or aspect-oriented programming is a very common technique, especially in Java Web development. And the most popular AOP frameworks are Spring AOP and AspectJ respectively.
2. Spring AOP vs AspectJ Spring AOP is based on the Spring IoC implementation, which addresses most common requirements, but it is not a complete AOP solution. It has even less to offer for objects that are not managed by the Spring container.
Migrating Spring Cloud Eureka Registry to K8s
Background Recently, I was responsible for migrating our Spring Cloud microservices running on AliCloud ECS to k8s. To ensure smoothness, we still need to keep the Eureka system in k8s, and will not consider removing Eureka until all services are running in k8s.
The implementation process can be roughly divided into two phases: pilot and full-scale rollout.
In the pilot phase, some independent peripheral services are migrated to k8s to observe the operation.
Spring WebFlux supports Spring Security for JWT authentication
Mobile projects, authentication requirements are relatively simple, Spring Cloud Gateway is only responsible for JWT verification and role authentication, login and so on are all custom processing, microservices pass JWS to achieve the purpose of passing credentials, downstream services do not need to authenticate and do not rely on Spring Security, the code that requires the current user directly resolve JWS to get the current user
There is also the fact that WebSecurityConfigurerAdapter has been marked as deprecated in Spring Security 5.
javax.inject.Named is not available after upgrading to Spring Boot 3
To keep up with Spring 6, Spring Boot released 3.0.0 on November 24, 2022. The current version is 3.0.1 (2022-12-23). Spring 6 requires JDK 17+, and naturally Spring Boot 3 requires JDK 17+ to work. For those who have been clinging to JDK 8, upgrading to Spring Boot 3 is a big challenge.
What are the significant features that Spring Boot brings to the table?
Relies on Spring 6, requires Java 17 minimum, Java 19 compatible support for generating GraalVM native images, replacing the experimental Spring Native project requires Java EE 9 and supports Jakarta EE 10 as a minimum dependency migration from Java EE to Jakarta EE API Upgrade to Tomcat 10 For guidance on upgrading from Spring Boot 2.
Talking about the push and pull model of service discovery
Preface In the past year, my focus has been on API gateway (AliCloud CSB), which is a new area for me, but inseparable from my previous exposure to microservices governance. API gateways for microservices scenarios require some basic capabilities, one of which is to connect to registries that serve as entry points for microservices. For example, Zuul and SpringCloud Gateway have implemented such a feature. In fact, many open source gateways have major limitations in this feature, so I will not discuss these limitations in this paper, but share my thoughts on it for the common scenario of service discovery.
GraalVM and Spring Native Tasting, Launching SpringBoot Projects in 66ms
Introduction GraalVM is a high-performance JDK that supports Java/Python/JavaScript and other languages. It allows Java to be turned into a binary file for execution, making programs run faster anywhere. This may be a war between Java and Go?
Download and install GraalVM Install GraalVM First of all, go to the official website to download, I downloaded it directly from GitHub Release Page, please download the corresponding system package, I downloaded the following.
Implementing declarative HTTP calls using the @HttpExchange annotation
In the Spring Cloud family, inter-process communication can be done using RestTemplate or OpenFeign. (Of course there are other ways such as message-driven microservices based on messaging middleware or gRPC-based calls).
RestTemplate can be treated as a common HTTP calling tool, and is particularly convenient for calling RESTful-style interfaces, as opposed to other HTTP clients.
However, more convenient than RestTemplate is OpenFeign, through the interface declaration can achieve remote calls, the specific use of these in the previous article, here will not repeat.
Using native image in spring boot3
Introduction As we introduced in the previous spring boot3 article, one of the important features of spring boot3 is the support for compiling spring boot3 applications into GraalVM Native Images.
Today we use a specific example to show you how to properly compile a spring boot3 application into a native image.
Install GraalVM If you want to compile spring boot3 app as a native application, you need the support of GraalVM.
Java JDK Proxy and CGLib Dynamic Proxy
Introduction The proxy pattern has many application scenarios in Java, and there are static code and dynamic proxies. Static proxies are implemented by weaving in code at writing, compiling or loading time, while dynamic proxies are implemented at runtime. In simple terms, static proxies exist before runtime, while dynamic proxies exist at runtime. And there are two common implementations of dynamic proxies.
JDK Proxy: JDK Proxy comes with the JDK and does not require the introduction of external libraries and is proxied by implementing interfaces.
Uploading folders in Spring Boot applications
Learn how to upload folders in a spring boot application with this article.
HTMLInputElement.webkitdirectory In the browser, we usually select the file to be uploaded by the <input type="file"/> tag. By default, it can only select one file or multiple files, not the whole folder directly.
If the <input/> tag has an attribute called webkitdirectory, the user can select the entire folder and the browser will upload all the files under the folder to the server at once.
New and enhanced features in Spring Framework 6
On November 16, 2022, Juergen Hoeller made the announcement that Spring Framework 6 will be officially released. Spring 6 is a major release, more than four years after the release of Spring 5. Let’s take a quick look at the exciting features in the Spring 6 release in this article.
JDK 17+ and Jakarta EE 9+ baseline Entire framework code base now based on Java 17 source level. Servlet, JPA, etc.