Apply Default Global SecurityScheme in springdoc-openapi

1. Overview In this tutorial, we’ll learn how to configure a default global security scheme and apply it as the default security requirement of the API using the springdoc-openapi library in a Spring MVC web application. Further, we’ll discuss how we can override these default security requirements. The OpenAPI specification lets us define a set of security schemes for the API. We can configure the security requirements of the API globally or apply/remove them per endpoint.

Spring Security - The request was rejected

Background of the problem When a user accesses a specific connection (e.g. http://localhost/index) without permissions, they are redirected to the login page http://localhost/login. In order to redirect to the target access page http://localhost/index after a successful login, Spring Security stores a message in the cookie, marked as a jsessionid. When redirected the Servlet container, i.e. tomcat or something like that will add the jsessionid to the back of the redirected url.

Jackson Tutorial

JSON is not new to developers, as most of today’s web services, mobile applications, and even the Internet of Things use JSON as a data exchange format. Learning the tools for manipulating the JSON format is essential for developers. This article will describe how to use Jackson, an open source tool library, to perform common operations on JSON. JSON Introduction What is JSON?JSON stands for “JavaScript Object Notation”, JSON is a text-based format that can be understood as a structured data that can contain key-value mapping, nested objects and arrays of information.

Spring Batch Basics

spring batch Introduction spring batch is a data processing framework provided by spring. Many applications in the enterprise domain require batch processing in order to perform business operations in mission-critical environments. These business operations include the following. Automated, complex processing of large amounts of information that can be processed most efficiently without user interaction. These operations often include time-based events (e.g., month-end calculations, notifications, or communications). Repetitive processing of periodic applications of complex business rules (e.

SpringMVC initialization process

DispatcherServlet is the brain of SpringMVC, it is responsible for the whole SpringMVC dispatching work, it is the most core class in SpringMVC, the whole top-level architecture design of SpringMVC is reflected here. So if you understand the source code of DispatcherServlet, you will have a good idea of how SpringMVC works. However, DispatcherServlet inherits from FrameworkServlet, FrameworkServlet inherits from HttpServletBean, as follows. So our analysis starts with the HttpServletBean.

SpringCloud uses Nacos to save and read variables

When developing microservices with SpringCloud, you often encounter relatively small backend parameter configurations that are not large enough to be stored in a separate table and that are read by other services. For example, IP whitelisting. In this case, it is easier to use Nacos to save and read them. Configuration Adding dependencies 1 2 3 4 5 <dependency> <groupId></groupId> <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId> <version>${latest.version}</version> </dependency> Nacos version 2.1.xRELEASE corresponds to Spring Boot version 2.

Spring Data Jpa Multiplebagfetchexception

Introduction In this article, I’m going to show you how to handle the MultipleBagFetchException thrown by Hibernate upon simultaneously fetching multiple collections with Spring Data JPA. MultipleBagFetchException As I explained previously in this article, the MultipleBagFetchException is thrown by Hibernate when you try to fetch multiple List collections at once. By trying to fetch multiple one-to-many or many-to-many associations at once, a Cartesian Product is generated, and, even if Hibernate didn’t throw the MultipleBagFetchException, we would still want to avoid getting a Cartesian Product in our query result set.

Processing the Response Body in Spring Cloud Gateway

1. Introduction In this tutorial, we’ll look at how we use Spring Cloud Gateway to inspect and/or modify the response body before sending it back to a client. 2. Spring Cloud Gateway Quick Recap Spring Cloud Gateway, or SCG for short, is a sub-project from the Spring Cloud family that provides an API gateway built on top of a reactive web stack. We’ve already covered its basic usage in earlier tutorials, so we won’t get into those aspects here.

Bulk Update With Spring Data MongoDB Reactive

In order to update documents in a MongoDB collection, we often use update requests, if the volume of data is too large, it could lead to performance issues and overconsumption of hardware resources. We will implement a solution to enrich and update efficiently a large amount of data using Spring Data MongoDB Reactive. Before continuing the reading, if you are not familiar with Spring reactive stack and MongoDB, I suggest you to check the resources section.

Spring Transaction Best Practices

Introduction In this article, I’m going to show you various Spring Transaction Best Practices that can help you achieve the data integrity guarantees required by the underlying business requirements. Data integrity is of paramount importance because, in the absence of proper transaction handling, your application could be vulnerable to race conditions that could have terrible consequences for the underlying business. Emulating the Flexcoin race condition In this article, I explained how Flexcoin went bankrupt because of a race condition that was exploited by some hackers who managed to steal all BTC funds Flexcoin had available.

Tencent officially opens source Spring Cloud Tencent, creating a one-stop microservices solution

Recently, Spring Cloud Tencent was officially open sourced on June 14, as Tencent’s open source one-stop microservice framework, Spring Cloud Tencent implements Spring Cloud standard microservice SPI, developers can quickly develop Spring Cloud microservice architecture applications based on Spring Cloud Tencent. As Tencent’s open source one-stop microservice framework, Spring Cloud Tencent implements the Spring Cloud standard microservice SPI, which allows developers to quickly develop Spring Cloud microservice architecture applications based on Spring Cloud Tencent.

SpringSecurity - Getting information about a logged-in user in a sub-thread

If you want to get the login user information in Spring Security, you can’t get it in a child thread, only in the current thread. One important reason for this is that the SecurityContextHolder stores user information in ThreadLocal by default. However, the SecurityContextHolder actually defines three storage policies. 1 2 3 4 5 6 7 public class SecurityContextHolder { public static final String MODE_THREADLOCAL = "MODE_THREADLOCAL"; public static final String MODE_INHERITABLETHREADLOCAL = "MODE_INHERITABLETHREADLOCAL"; public static final String MODE_GLOBAL = "MODE_GLOBAL"; .

Some Faq about OAuth2

About OAuth2, I believe many beginners have some questions. This article has collected these questions into a QA, which may help OAuth2 learners. FAQ What are the common scenarios for OAuth2? OAuth2 is mainly used for API authorization, which is a solution for authorization between cross API services. It is suitable for single sign-on (SSO), authorization authentication between microservices, API open platform and other scenarios. What is the OAuth2 client?

SpringBoot With Spring Data Jpa

This article teaches you how to quickly integrate and use Spring Data Jpa in your SpringBoot applications. This tutorial uses MYSQL as an example. If you use other databases, e.g. PostgreSQL, then you need to modify the jdbc driver, database, dialect and other related configurations. Practice Required Maven dependencies The required dependencies are as follows. HikariCP mysql-connector-java spring-boot-starter-data-jpa 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 <dependency> <groupId>org.

How to get the auto-incremented ID when using JdbcTemplate

This article will teach you how to get auto-incrementing IDs when using JdbcTemplate or NamedParameterJdbcTemplate. Table (MYSQL) Suppose the following data table is available. 1 2 3 4 5 6 7 8 9 10 CREATE TABLE `user` ( `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID', `balance` decimal(10,2) DEFAULT NULL, `create_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `enabled` tinyint unsigned NOT NULL, `name` varchar(50) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `update_at` timestamp NULL DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci COMMENT='user'; As you can see, the id field is an auto-incrementing column.

Spring Announces Spring Security OAuth Reaches End of Life

The Spring Security team has officially announced that Spring Security OAuth has reached the end of its life with the termination of maintenance. The home page of the official website has now been highlighted to alert the complete cessation of maintenance. The old Spring Security OAuth project is terminated to 2.5.2.RELEASE version, and there will be no further iterations of the project, including Bug fixes. We have previously warned that the project will soon be discontinued for maintenance, and those who were paying attention have already migrated.

Spring Cloud Stream RabbitMQ Message Retry

When using Spring Cloud Stream Rabbit, if a consumer throws an exception during consumption. You can re-consume the message in several ways. Option 1 (default) When the consumer side throws an exception while processing a message, then the default will be Retry for 3 times in the current thread. this option is the default and can be modified by modifying the configuration file and specifying the parameters under channel, e.g.

It's time to get ready for Spring Boot 3.0

On February 28, 2018 Spring Boot enters the 2.0 era, more than 4 years ago. in November 2022 Spring Boot 3.0 will be officially released, it will be based on Spring Framework 6.0 and will require Java 17 or higher, and it will be the first Spring for Jakarta EE 9 Boot version for Jakarta EE 9. There are still six months left for developers to transition to Spring Boot

The core knowledge of OIDC certification authorization

OIDC is an authentication layer based on OAuth2, so that the client knows the authorized End User, and provides a user’s authentication information Id Token while the client gets access_token. Widely used in microservices, open platforms, SSO, three-party login authorization and other scenarios. OIDC key terms EU Abbreviation for End User, which refers to an end user. RP Abbreviation for Relying Party, which refers to the trusted client in OAuth2, the consumer of authentication and authorization information.

SpringCloud project transformed into Spring Cloud Kubernetes project

K8S(kubernetes) Kubernetes is an open source for managing containerized applications on multiple hosts in a cloud platform. The goal of Kubernetes is to make deploying containerized applications simple and efficient (powerful), Kubernetes provides a mechanism for application deployment, planning, updating, and maintenance. A core feature of Kubernetes is the ability to autonomously manage containers to ensure that the containers in the cloud platform are running according to the user’s expectations