This article looks at the configuration of OAuth 2.0 Authorization Server related filters. In turn, it provides a better understanding of the entire architecture of Spring Authorization Server. Modular configuration of Spring Security Currently OAuth2.0 Client, Resource Server, Authorization Server these are already modularized in the Spring Security system. So how do they achieve flexible modularity? After analyzing the configuration I found a few similarities below. These are the core
Getting Started with Spring Authorization Server, Spring's new authorization server
Last November 8 Spring officials have strongly recommended to use Spring Authorization Server to replace the outdated Spring Security OAuth2.0. With not much time left before Spring Security OAuth2.0 ends its lifecycle, it’s time to make a change. Now that Spring Authorization Server is in production readiness, it’s time to learn it.
The current Spring Security architecture Spring Security 5.x modularizes OAuth2.0 Client and OAuth2.0 Resource Server. Spring Security is a mandatory dependency.
Get Request object anywhere in Spring WebFlux
A different world In a normal Spring Web project, it is very easy to get the Request object and many libraries provide static methods to get it. The code to get it is as follows.
1 2 3 ServletRequestAttributes requestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes(); // get the request HttpServletRequest request = requestAttributes.getRequest(); The class RequestContextHolder provides static methods, which means you can call it from anywhere. And it uses ThreadLocal to hold the Request object, which means that different threads can get their own Request objects.
Spring Cloud Feign implements JWT token relay to deliver authentication information
In the process of Spring Cloud microservice invocation, you need to deal with token relaying, which is the only way to ensure the delivery of user authentication information in the invocation chain. Today we will share how to implement token relay in Feign. Token Relay To be clear, this means that the Token token is passed on between services to ensure that the resource server can properly authenticate the caller.
Summary of refactoring a standalone application to Spring Cloud microservices
Spent a few days to transform the project from Spring Boot monolithic project into Spring Cloud microservices. To be honest, the current volume of business is far from microservices, standalone can completely hold. But can not help the leadership above the daily urging, forget it, let’s do it.
The hardest part is not the technology The most time consuming part of switching from standalone to microservices is not in the technology upgrade.
Spring Cloud OpenFeign timeout and retry
Today we share with you the timeout and retry configuration of feign.
Timeout 1 2 3 4 5 6 feign: client: config: default: connectTimeout: 1000 readTimeout: 1000 The following points need to be noted.
The connection timeout (connectTimeout) and the read timeout (readTimeout) will take effect when configured at the same time. The timeout unit is milliseconds. The timeout can be defined individually according to the service name. For example, if the provider-get service provides a query interface, the timeout can be set shorter as follows.
Solve the problem that RequestContextHolder.getRequestAttributes() returns null due to hystrix isolation policy
What is the Hystrix Isolation Policy? Official documentation: https://github.com/Netflix/Hystrix/wiki/Configuration#executionisolationstrategy
Executing an isolation policy This property instructs HystrixCommand.run() which isolation policy to execute, being one of the following two options.
THREAD - it is executed on a separate thread, and concurrent requests are limited by the number of threads in the thread pool SEMAPHORE - it is executed on the calling thread, and concurrent requests are limited by the amount of semaphore Problem When the isolation policy is THREAD, there is no way to get the value in ThreadLocal.
Take RemoteTokenServices as an example - analyze the entire process of obtaining OAuth2 access tokens from the authorization server and loading authentication objects into the SecurityContext from the source code
When we configure OAuth2, we will configure the resource server and authentication server. When our authorization service and authentication service are not in the same service, we can consider using RemoteTokenServices. If they are in the same service, you don’t need to configure tokenServices, because when ResourceServerConfigurerAdapter is configured, if tokenServices is not configured, a default DefaultTokenServices will be automatically configured. . The two tokenService classes both implement the ResourceServerTokenServices
External Configuration in Microservices: Spring Cloud Config
Let’s take a look at the overall microservice architecture that we have built as part of this spring cloud series.
If you have not followed this Spring Cloud series from the beginning, check this index page and bookmark it if needed — Spring Cloud Tutorials.
Why Spring Cloud Config? When we build a service, there are many values that we don’t want to hardcode and rather read from property files, for instance, endpoints, encrypted values, etc.
Kubernetes + Spring Cloud Integration Link Tracking SkyWalking
1. Overview 1. What is SkyWalking? Application performance monitoring tool for distributed systems, designed for microservices, cloud-native architectures and container-based (Docker, K8s, Mesos) architectures. Provides distributed tracing, service grid telemetry analysis, metric aggregation and visualization all-in-one solution. Official website address: http://skywalking.apache.org/ 2. SkyWalking features Multiple monitoring tools, language probes and Service Mesh Multilingual automated probes, Java, .NET Core and Node.JS Lightweight and efficient, no need for big data Modularity, with
Client Side Development with Spring Boot Applications
This article explores the different options that Spring Boot developers have for using Javascript and CSS on the client (browser) side of their application. Part of the plan is to explore some Javascript libraries that play well in the traditional server-side-rendered world of Spring web applications. Those libraries tend to have a light touch for the application developer, in the sense that they allow you to completely avoid Javascript, but still have nice a progressive “modern” UI.
Analysis of a memory overflow caused by Spring Cloud Netflix Core
Problem found The online service was restarted, and it was good to get the dump file of the online service and download it locally for analysis. Opened the snapshot file using MAT, omitted the process of using MAT here, and found that there was a large amount of com.netflix.servo.monitor.BasicTimer that was not released and was occupied by org.springframework.cloud.netflix.metrics.servo. ServoMonitorCache is occupied.
Analysis Find the ServoMonitorCache class in the project, found under the spring-cloud-netflix-core package, then open the jar package, check its spring.
Get Request object anywhere in Spring WebFlux
1 A different world In a regular Spring Web project, it is very easy to get the Request object, and quite a few libraries provide static methods to do so. The code to get it is as follows.
1 2 3 ServletRequestAttributes requestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes(); // get the request HttpServletRequest request = requestAttributes.getRequest(); In class RequestContextHolder provides static methods, which means you can call them anywhere. And it uses ThreadLocal to hold the Request object, which means that different threads are able to get their own Request objects.
Log4j maintainer: old features that lead to vulnerabilities not removed for backward compatibility
The recently disclosed remote code execution vulnerability in Apache Log4j2, a Java-based logging component, has caused significant impact worldwide. This component is used extensively in business system development to record logging information about program input and output, and is extremely widely used. In most cases, developers write error messages caused by user input to the log.
The sudden disclosure of this vulnerability has not only caused developers using Log4j2 to “fix” the problem overnight, but also caught the framework maintainers off guard.
Integrating Spring Cloud Stream Binder with GCP Pubsub for message sending and receiving
1 Preface This article will briefly introduce the integration of Spring Cloud Stream with Google Cloud Pub/Sub.
2 Starting Pub/Sub via Emulator Since it is relatively troublesome to use the actual GCP Pub/Sub, this article runs through the emulator.
For the installation of Google Cloud SDK, please refer to: Installing Google Cloud SDK for Mac
Install the necessary components.
1 2 gcloud components install beta gcloud components install pubsub-emulator To start the simulator.
Integrating Spring Cloud Stream Binder with RabbitMQ for message sending and receiving
1 Preface Spring Cloud Stream is designed for event-driven microservices systems that use messaging middleware to send and receive messages. Using Spring Cloud Stream allows you to focus on business development without spending too much effort on the interaction between the application and the MQ. Also, you don’t have to make many code changes after switching to MQ.
In this article, we will integrate Spring Cloud Stream and RabbitMQ to send and receive messages.
Getting Started with Spring Cloud Data Flow and Confluent Cloud
Data is the currency of competitive advantage in today’s digital age. All organizations struggle with their data due to the sheer variety of data types and ways that it can be shaped, packaged, and evaluated.
Within organizations, teams use different tools, fragmented rule sets, and multiple sources to find value within the data. These operational differences lead to divergent definitions of data and a siloed understanding of the ecosystem.
These challenges have led to the rise of several new technologies, including Apache Kafka® and Spring Cloud Data Flow.
Log4J2 Vulnerability and Spring Boot
As you may have seen in the news, a new zero-day exploit has been reported against the popular Log4J2 library which can allow an attacker to remotely execute code. The vulnerability has been reported with CVE-2021-44228 against the log4j-core jar and has been fixed in Log4J v2.15.0.
Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2. The log4j-to-slf4j and log4j-api jars that we include in spring-boot-starter-logging cannot be exploited on their own.
Spring Cloud Stream with Schema Registry and Kafka
In this article, you will learn how to use Confluent Schema Registry with Spring Cloud Stream and Kafka in a microservices architecture. We will use Apache Avro to serialize and deserialize events exchanged between our applications. Spring Cloud Stream provides a handy mechanism for integration with Kafka and schema registry.
Ok, but before we start, let’s say some words about schema registry. What is this? And why we may use it in our event-driven architecture?
Writing into DynamoDB in a Spring Boot App using AWS Lambda
In this tutorial, we are going to see how to insert records into a DynamoDB table using an AWS Lambda function written using Spring Boot Java. We are also going to add an AWS API Gateway trigger to the Lambda function and see how it works. To follow this tutorial, make sure that you have an active AWS account. If you don’t go ahead and create one.
Database setup Before we begin with the Spring Boot application development, we need to create a DynamoDB table.