How Spring Security's built-in filters are maintained

How is the order of built-in filters maintained in Spring Security? I think many developers are interested in this question. In this article, I will discuss this issue with you. HttpSecurity contains a member variable FilterOrderRegistration and this class is a built-in filter registry. As for the role of these filters, not the focus of this article, interested to see the FilterOrderRegistration source code. Order of built-in filters The FilterOrderRegistration

Environment in Spring detailed explanation

Environment represents the environment information for the entire spring application runtime, which contains two key elements. profiles properties profiles The concept of profiles, which I believe we all understand, is most commonly used in different environments to determine different configuration contexts for solutions in the current spring container. For example, for the development environment, test environment, production environment, build different configuration items, this time we can determine the current spring application context in effect through the property profiles.

Version control for restful api

1. Preface Software iteration is a problem that developers must face, and one issue that is easily overlooked these days is API version control. Not all users are keen on the latest version of software, and business is fluid. So when a new version is released to ensure backward compatibility, API version control is needed. Today we will discuss the common Restful API version control. 2. API Version Control Restful

Mock testing of Spring MVC interfaces

1. Preface Most of the developers contacted in Java development do not pay much attention to testing the interface, resulting in various problems in the docking. Some also use tools such as Postman for testing, although there is no problem in the use of the interface, if the interface increases the permissions testing is more disgusting. So it is recommended to test the interface in unit testing to ensure the

How to add Json Web Token in Swagger2 or Swagger3

1. Preface Swagger 3.0 has been released for some time now, and has been used by more and more projects as a very useful documentation tool. And JWT is also the most commonly used security technology for front-end and back-end separation. So how do you add JWT Token to Swagger 3.0? 2. Adding JWTs in Swagger2 Let’s first review how JWT was added in Swagger2. In Swagger2 we declare the

Spring Cloud 2021.0.1 Released

Spring Cloud 2021.0.1 is released, the first bugfix release of Spring Cloud 2021. Support for 2021.0.0 Smooth Upgrade is now available from the central repository at the following coordinates. maven: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 dependencyManagement> <dependencies> <dependency> <groupId></groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>2021.0.1</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <dependencies> <dependency> <groupId></groupId> <artifactId>spring-cloud-starter-config</artifactId> </dependency> <dependency> <groupId></groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> .

Powerful Configuration Binding Classes in Spring Boot 2.0 - Bindable

1. Preface When developing Spring Boot applications, you can inject Bean into the Spring IoC container based on conditions. For example, if a configuration property exists in the configuration file, then the Bean is injected. The red part of the diagram means that the class tagged with @Configuration can only be injected into Spring IoC if is present in the environment configuration of Spring. The @ConditionalOnProperty in this case

Distributed Objects in Spring Security - SharedObject

1. Preface We previously analyzed the details of the initialization of AuthenticationManager, and there was a piece of code in it that caught the attention of many people. 1 2 ApplicationContext context = http.getSharedObject(ApplicationContext.class); CaptchaAuthenticationProvider captchaAuthenticationProvider = context.getBean("captchaAuthenticationProvider", CaptchaAuthenticationProvider.class); How does the above get the Spring application context object ApplicationContext directly from the HttpSecurity object? And what is the concept of SharedObject? Let’s figure this out today. 2. SharedObject In Spring Security SharedObject is neither an object nor an interface, but a generic term for a class of “sharable” objects.

SpringBoot + FFmpeg to implement a simple M3U8 slicing transcoding system

The client uploads the video to the server, the server slices the video, AES encrypts it, and returns the m3u8 index file, cover and other information. It can be played online. The server can do some simple processing of the video, such as cropping, cover interception time. Video folder layout 1 2 3 4 5 6 mymovie # The folder name is the video title |-index.m3u8 #the main m3u8 file,

Get the process id of the SpringBoot application after it starts

After springboot starts, its process id needs to be recorded and written to a disk file. The bash script can easily stop the program by PID. ApplicationPidFileWriter A listener provided by springboot is very simple. Just add the listener instance to the SpringApplication before starting the springboot application. 1 2 3 SpringApplication springApplication = new SpringApplication(MyApplication.class); springApplication.addListeners(new ApplicationPidFileWriter()); // Pid Listener; Configure the write file for the process ID.

Monitoring Applications with Prometheus + Grafana + Spring Boot Actuator

Monitoring is often critical in enterprise-level applications. Monitoring can help us prevent failures, predict trends, alert when thresholds are reached, and provide more information to troubleshoot production problems. If we don’t know how our program is running, it will take more time to troubleshoot when there is an accident in the online system. If we can monitor in advance, we can prepare early so that we don’t get confused after

A Study of Graceful Shutdown for Spring Boot Applications

Recently, I took a look at the restart scripts of the project and found that Ops has been using kill-9<pid> to restart springboot embedded tomcat, in fact, we almost unanimously agree that kill-9<pid> is a more violent way, but few people can analyze what problems it will bring. This article mainly records my own thinking process. What is the difference between kill -9 and kill -15? In the old days,

A brief analysis of the circular reference problem of returning objects in SpringMVC

Problem Discovery Today this topic is still relatively easy, and many of you may have encountered this problem. The @RestController, @ResponseBody and other annotations are the ones we deal with most when writing web applications, and we often have the need to return an object to the client, which SpringMVC helps us serialize into JSON objects. And today I want to share the topic is not something profound, it is

Be Aware of Security Issues Raised by Spring Boot Actuator

Recently, we have been particularly disturbed by various security vulnerabilities, and we receive dozens of emails a week from security teams scanning for vulnerabilities. One of these vulnerabilities is easy to overlook, but has a very wide impact and is extremely harmful. You shouldn’t be surprised when I say its name, it’s the Spring Boot Actuator. Before writing this article, I did a little survey with my friends asking them about their knowledge of the Spring Boot Actuator and the results were amazingly consistent.

How to unit test Controllers in Spring MVC

Unit testing of Controllers is a capability natively supported by the Spring Framework, which simulates an HTTP client initiating a request to a service address and allows testing of the interface without the use of external tools such as Postman. Specifically, the implementation is provided by the spring-test module of the Spring Framework, see MockMvc. The following section details how to use the MockMvc test framework to implement unit tests

Using the CommandLineRunner hook interface

This article briefly talks about the hook interfaces CommandLineRunner and ApplicationRunner, which are sometimes referred to as Runner in the following. Runner callback timing Refer to the source code of the org.springframework.boot.SpringApplication#run() method. You can know the timing of the callbacks for CommandLineRunner and ApplicationRunner. Before all CommandLineRunner and ApplicationRunner callbacks, the following steps have been ensured to be executed. Environment built-in variables are created and properties are populated. Banner

File upload and download using openfeign

Feign framework does not directly support file uploads (Multipart/form-data). Need to integrate the module feign-form to achieve . Using Feign independently Adding module dependencies. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 <!-- Feign框架核心 --> <dependency> <groupId>io.github.openfeign</groupId> <artifactId>feign-core</artifactId> <version>11.1</version> </dependency> <!-- 支持表单格式,文件上传

Spring Boot monitors SQL runs through Druid data sources

Today I want to talk to you about the monitoring function in Druid. Druid database connection pool believe that many people have used, I feel that Druid is a more successful open source project Ali, unlike Fastjson has so many problems. druid has been better in all aspects, full-featured, easy to use, the basic usage will not say, today we look at the monitoring function in Druid. 1. Preparation First

OAuth2 authorization server Keycloak announces it no longer adapts to Spring Boot and Spring Security

On February 14, 💔 the Keycloak team announced that they are deprecating most Keycloak adapters. This includes adapters for Spring Security and Spring Boot, which means that in the future the Keycloak team will no longer provide integration solutions for Spring Security and Spring Boot. The Keycloak project is a powerful OIDC (an extension of OAuth2) authorization server, and not even just an authorization server. It provides a number of adapters to provide an integration solution for other ecologies, but as mentioned in the official Keycloak statement.

The core logic of Spring Security OAuth2 to get Token

1. Preface In [previous post], we talked about how when a third party agrees to an authorization it will call redirectUri to send a return receipt to our server. Our server gets an intermediate authorization credential and authenticates again for the purpose of obtaining a Token. And this logic is responsible by OAuth2LoginAuthenticationProvider, after the analysis of [previous article] we found that the specific logic to obtain Token is done