Usage and principle of BCryptPasswordEncoder

There is a tool class BCryptPasswordEncoder for password encryption in Spring Security, which is very simple and interesting to use. Let’s see how it works. Usage of BCryptPasswordEncoder First create a Spring Boot project and add the Spring Security dependency. Then create a test class with the following code. 1 2 3 4 5 6 7 8 9 10 11 12 13 final private String password = "123456"; @Test public void TestCrypt() { BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); String encode1 = bCryptPasswordEncoder.

Using JPDA to Remotely Debug SpringBoot Applications

Remote debugging techniques, which are relatively common in development. If the technical team is using DevOps-based development process, then you may need to understand remote debugging techniques. In our company, back-end development engineers, hardly ever start services locally for debugging. In some cases, unit tests and interface tests are not good enough to recover and track the weird bugs, and we have 2 internal environments (development and testing environments), which are developed locally, then the code is pushed to the “development environment” server and deployed automatically via CI/CD, and then debugged based on the development environment.

Spring Boot Hardening - Disclosed Version

The default configuration of Spring Boot tells quite a lot about errors and software versions used. This is a potential security leak and therefor should be avoided. One step is to get rid of server information from header and default error pages. Result With my suggested changes in place the default error result pages will look like this: 1 2 3 4 5 6 7 8 ➜ ~ curl -i http://127.

How to integrate Hibernates Multitenant feature with Spring Data JPA in a Spring Boot application

For quite some time now, Hibernate has offered a Multitenant feature. It integrates nicely with Spring, but there is not much information about how to actually set it up, so I thought an example or two or three could help. There is already an excellent blog article, but it is a little dated and it covers a lot of specifics to the business problems the author tried to solve. This approach hides a little of the actual integration, which will be the focus of this article.

Spring Cyclic Dependencies

Today, there are still many people arguing about cyclic dependencies, and many interviewers asking questions about cyclic dependencies, and even asking only about cyclic dependencies in Spring, which seems to be a must learn point in Spring, a feature that many people are talking about. In my opinion, this is a bit of a stain on the many good designs in the Spring framework, a compromise for bad design, you know, there are no circular dependencies in the whole Spring project, is this because the Spring project is too simple?

Spring Authorization Server Is Going 1.0

We are excited to announce that we’ve started preparing for Spring Authorization Server 1.0 with plans to release the GA version in November 2022. It has been just over two years since we initially announced this new project, and we have come a long way since its initial development. The project has a full feature set, and the APIs have stabilized and matured over this time. A lot of effort and care was put into this project to ensure that it can grow and adapt over the next few years.

Spring Boot application startup exception: java.lang.reflect.InaccessibleObjectException

The following error was encountered when the Spring Boot application was started: 1 2 3 4 5 6 7 8 java.lang.reflect.InaccessibleObjectException: Unable to make private native ... accessible。 Set com.sun.jndi.rmi.object.trustURLCodebase = false java.lang.reflect.InaccessibleObjectException: Unable to make private native java.lang.reflect.Field[] java.lang.Class.getDeclaredFields0(boolean) accessible: module java.base does not "opens java.lang" to unnamed module @326de728 at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible( at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible( at java.base/java.lang.reflect.Method.checkCanSetAccessible( at java.base/java.lang.reflect.Method.setAccessible( The reason for the error is that the JVM’s java.base module does not open the java.

How to override a bean that has already been initialized

First, through the configuration class, create a bean of type java.util.Date. 1 2 3 4 5 6 7 8 @Configuration public class DateConfig { @Bean("date") public Date date(){ return new Date(); } } Time is not constant, I want to get the current time object in the form of a bean, how should I override the bean already in the container? At first I thought of using, but the Spring boot project does not use the Spring Cloud package, this does not work, so I tried registerBean to dynamically register the same name bean.

Spring Reactive Read Flux Into Inputstream

1. Overview In this tutorial, we’ll deep dive into Java reactive programming to solve an interesting problem of how to read Flux<DataBuffer>into a single InputStream. 2. Request Setup As a first step to solving the problem of reading Flux<DataBuffer> into a single InputStream, we’ll use the Spring reactive WebClient for making a GET request. Further, we can use one of the public API endpoints hosted by for such testing scenarios:

Implement Role-based authorization in Spring Boot with Keycloak

Role-based access control is a must-have for any application dealing with users who can access resources depending on their organization’s role. In a previous article, we have learned how to secure our Spring Boot REST API with Keycloak by using the OpenID Connect authentication protocol. In this article, we are going to build on this sample application and add role-based authorization. The purpose is to authorize access of some endpoints only to users having a specific role.

Spring ShedLock Guide

Spring Shedlock is used to perform timed tasks in the case of distributed services, such as regularly deleting some data in the database, doing data migration and other operations. This technique is heavily used in the distributed services of the project. The main reasons for its use are the following. Timed tasks. To perform some operations behind the scenes during the normal operation of the service and to meet our business needs, a scheduled task is essential.

Apply Default Global SecurityScheme in springdoc-openapi

1. Overview In this tutorial, we’ll learn how to configure a default global security scheme and apply it as the default security requirement of the API using the springdoc-openapi library in a Spring MVC web application. Further, we’ll discuss how we can override these default security requirements. The OpenAPI specification lets us define a set of security schemes for the API. We can configure the security requirements of the API globally or apply/remove them per endpoint.

Spring Security - The request was rejected

Background of the problem When a user accesses a specific connection (e.g. http://localhost/index) without permissions, they are redirected to the login page http://localhost/login. In order to redirect to the target access page http://localhost/index after a successful login, Spring Security stores a message in the cookie, marked as a jsessionid. When redirected the Servlet container, i.e. tomcat or something like that will add the jsessionid to the back of the redirected url.

Jackson Tutorial

JSON is not new to developers, as most of today’s web services, mobile applications, and even the Internet of Things use JSON as a data exchange format. Learning the tools for manipulating the JSON format is essential for developers. This article will describe how to use Jackson, an open source tool library, to perform common operations on JSON. JSON Introduction What is JSON?JSON stands for “JavaScript Object Notation”, JSON is a text-based format that can be understood as a structured data that can contain key-value mapping, nested objects and arrays of information.

Spring Batch Basics

spring batch Introduction spring batch is a data processing framework provided by spring. Many applications in the enterprise domain require batch processing in order to perform business operations in mission-critical environments. These business operations include the following. Automated, complex processing of large amounts of information that can be processed most efficiently without user interaction. These operations often include time-based events (e.g., month-end calculations, notifications, or communications). Repetitive processing of periodic applications of complex business rules (e.

SpringMVC initialization process

DispatcherServlet is the brain of SpringMVC, it is responsible for the whole SpringMVC dispatching work, it is the most core class in SpringMVC, the whole top-level architecture design of SpringMVC is reflected here. So if you understand the source code of DispatcherServlet, you will have a good idea of how SpringMVC works. However, DispatcherServlet inherits from FrameworkServlet, FrameworkServlet inherits from HttpServletBean, as follows. So our analysis starts with the HttpServletBean.

SpringCloud uses Nacos to save and read variables

When developing microservices with SpringCloud, you often encounter relatively small backend parameter configurations that are not large enough to be stored in a separate table and that are read by other services. For example, IP whitelisting. In this case, it is easier to use Nacos to save and read them. Configuration Adding dependencies 1 2 3 4 5 <dependency> <groupId></groupId> <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId> <version>${latest.version}</version> </dependency> Nacos version 2.1.xRELEASE corresponds to Spring Boot version 2.

Spring Data Jpa Multiplebagfetchexception

Introduction In this article, I’m going to show you how to handle the MultipleBagFetchException thrown by Hibernate upon simultaneously fetching multiple collections with Spring Data JPA. MultipleBagFetchException As I explained previously in this article, the MultipleBagFetchException is thrown by Hibernate when you try to fetch multiple List collections at once. By trying to fetch multiple one-to-many or many-to-many associations at once, a Cartesian Product is generated, and, even if Hibernate didn’t throw the MultipleBagFetchException, we would still want to avoid getting a Cartesian Product in our query result set.

Processing the Response Body in Spring Cloud Gateway

1. Introduction In this tutorial, we’ll look at how we use Spring Cloud Gateway to inspect and/or modify the response body before sending it back to a client. 2. Spring Cloud Gateway Quick Recap Spring Cloud Gateway, or SCG for short, is a sub-project from the Spring Cloud family that provides an API gateway built on top of a reactive web stack. We’ve already covered its basic usage in earlier tutorials, so we won’t get into those aspects here.

Bulk Update With Spring Data MongoDB Reactive

In order to update documents in a MongoDB collection, we often use update requests, if the volume of data is too large, it could lead to performance issues and overconsumption of hardware resources. We will implement a solution to enrich and update efficiently a large amount of data using Spring Data MongoDB Reactive. Before continuing the reading, if you are not familiar with Spring reactive stack and MongoDB, I suggest you to check the resources section.