Voters and voting mechanism for permission management in SpringSecurity

When a user wants to access a protected resource in Spring Security, the user has some roles and the access to the resource requires some roles. The voting machine and voting mechanism are used when comparing the roles the user has with the roles the resource requires. When a user wants to access a resource, the voter votes for or against the resource based on the user’s role, and the voting is based on the results of the voter.

Spring Authorization Server 0.3.0 released, official documentation officially online

Spring Authorization Server 0.3.0 was officially released today, and there are some highlights in this update. Documentation Released The documentation for Spring Authorization Server has been officially released with this update and is now available on the Spring website. Documentation: https://spring.io/projects/spring-authorization-server The document currently contains the following important modules. Project Overview: an introduction and a list of features. Getting Help: Examples, FAQs and issues. Getting Started: System requirements, dependencies, and a guide to developing your first application.

Spring Boot 2.6 + Swagger startup exception: because "this.condition" is null

I tried to upgrade Spring Boot version to 2.6 and got an exception on startup. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 Caused by: java.lang.NullPointerException: Cannot invoke "org.springframework.web.servlet.mvc.condition.PatternsRequestCondition.getPatterns()" because "this.condition" is null at springfox.documentation.spring.web.WebMvcPatternsRequestConditionWrapper.getPatterns(WebMvcPatternsRequestConditionWrapper.java:56) ~[springfox-spring-webmvc-3.0.0.jar:3.0.0] at springfox.documentation.RequestHandler.sortedPaths(RequestHandler.java:113) ~[springfox-core-3.0.0.jar:3.0.0] at springfox.documentation.spi.service.contexts.Orderings.lambda$byPatternsCondition$3(Orderings.java:89) ~[springfox-spi-3.0.0.jar:3.0.0] at java.base/java.util.Comparator.lambda$comparing$77a9974f$1(Comparator.java:473) ~[na:na] at java.

Preparing for Spring Boot 3.0

Spring Boot 2.0 was the first release in the 2.x line and was published on Feburary 28th 2018. We’ve just released Spring Boot 2.7 which means that, so far, we’ve been maintaining the 2.x line for just over 4 years. In total we’ve published 95 distinct releases over that timeframe! The entire Spring team, and many in our community of contributors, are nosw preparing for the next generation of Spring. We are planning to release Spring Boot 3.

Several ways to execute code after SpringBoot starts

We often need to do some hook actions when the container starts, such as registering message consumers, listening to configurations, etc. Today we will summarize the 7 startup extensions that SpringBoot leaves to developers. Container refresh completion extension point 1.ApplicationListener<ContextRefreshedEvent> Anyone familiar with Spring must know that a successful container refresh means that all Bean initialization has been completed, and when the container is refreshed Spring will call the onApplicationEvent

Spring Boot 2.7.0 released, 2.5 no longer maintained

These days are “Spring Release Days”, with many Spring artifacts releasing new versions, Spring Framework 6.0.0 released its 4th milestone release, which includes all fixes for 5.3.20, as well as 39 fixes and improvements specific to the 6.0 branch. And yesterday Spring Boot 2.7.0 and several branches of Spring Security were released, especially Spring Boot 2.7.0 which is a very important release. Spring Boot 2.7.0 The most important thing yesterday was the release of Spring Boot 2.

Spring Boot With Spring Hateoas

HATEOAS is a principle to achieve the REST specification, by following the HATEOAS specification, we can solve the actual code to achieve a variety of individual problems. As the most popular framework for java Spring will of course not be absent from the integration of HATEOAS. This article will explain how to use HATEOAS in SpringBoot through a specific example. Our goal The HATEOAS rule returns data with links. Let’s take the familiar Book example to demonstrate this HATEOAS by first creating a Book entity.

Spring Security - Distinguishing login failure exceptions

When we fail to log in, we may write the wrong username or the wrong password, but for security reasons, the server usually does not explicitly indicate whether the username or the password is wrong, but only gives a vague username or password error. However, for many programmers, they may not be aware of the “unspoken rules” that may give the user a clear indication of whether the user name is wrong or the password is wrong.

SpringBoot With Gson

Spring Boot uses Jackson by default as the serialization/deserialization framework for Json. But for me, I prefer Google’s Gson, which is much more concise. This article will teach you how to use Gson instead of Jackson in your Spring Boot application. maven Spring Boot itself provides support for Gson, so you can import the Gson module directly without declaring a version number. If you are not using Jackson elsewhere, then you can exclude it from your project.

How to rewrite a query in Spring Data JPA?

Sometimes, no matter how many features you try to apply, it seems impossible to get Spring Data JPA to apply every thing you’d like to a query before it is sent to the EntityManager . With 3.0.0-SNAPSHOT (and targeted for the next milestone release train of Spring Data), you now have the ability to get your hands on the query, right before it’s sent to the EntityManager and “rewrite” it. That is, you can make any alterations at the last moment.

Spring application with Gzip compression

Gzip is a compression encoding format. The server often compresses the response body by this encoding and then responds to the client, thus reducing the data size, increasing the transmission speed and saving bandwidth. The client then decompresses it by Gzip to get the original data. It consumes extra CPU resources because of the compression computation required. Http Header & Encoding There are many other ways to encode similar to Gzip.

Sorting rules for Spring Security filters

How is the order of filters in HttpSecurity maintained? I think many developers are interested in this issue. In this article, I will discuss this issue with you. HttpSecurity contains a member variable FilterOrderRegistration, this class is a built-in filter registry. As for the role of these filters, not the focus of this article, interested to see the FilterOrderRegistration source code. Built-in filter order The FilterOrderRegistration maintains a variable filterToOrder

Mapstruct's new Spring plugin

Mapstruct it can replace BeanUtil to perform conversions between DTO, VO, PO. It uses the annotation processor mechanism of Java compilation period, to put it bluntly, it is a code generator, instead of you manually type conversion during the take value assignment operation. 1 2 3 4 5 @Mapper(componentModel = "spring") public interface AreaMapping { List<AreaInfoListVO> toVos(List<Area> areas); } In just a few lines, a collection of PO is transformed

spring cloud supports heterogeneous language microservices via sidecar

1. Background spring cloud is the de facto standard for microservices in the java application world, it provides very rich and complete microservice components and is very easy to integrate with java applications. However, as many features of spring cloud are integrated into applications through java jar packages in the form of SDK calls (e.g. eureka client, spring cloud config client, etc.), applications developed in other languages (e.g. go, python,

What are microservices?

Microservice is a software architecture that is gaining more and more attention. But what does it really mean? What kind of architecture can be called microservices? There are many articles on the Internet, but they are too complicated for beginners to understand. In my opinion, the concept is actually very simple and can be understood in layman’s terms. 1. Monolithic Software To understand microservices, you first need to understand the evolution of software architecture.

How to set SameSite property for Cookie in SpringBoot application?

Starting with Chrome 51, a new SameSite attribute has been added to the browser cookie to prevent CSRF attacks and user tracking. 1. What is a CSRF attack? Cookies are often used to store a user’s identity information, and a malicious website can manage to forge an HTTP request with the correct cookie, which is a CSRF attack. For example, a user logs into the bank’s website your-bank.com and a cookie is sent from the bank’s server.

How to send multipart/form-data requests via HttpClient

HttpClient is a new client tool class provided by JDK11 under the java.net.http package. This article will teach you how to send multipart/form-data requests through HttpClient. multipart/form-data The types in the MIME standard can be divided into two categories: standalone types and Multipart types. Standalone type is a type that represents only a single file or media, indicating the classification of files for the transferred data. Examples include text, application, audio, image, video, etc.

How to Handle Spring Security Exceptions

1. Overview In this article, we’ll have a look at how to handle Spring Security exceptions produced by our Spring Security Resource Server . To do so, we’ll also use a practical example where all the necessary configurations will be explained. First of all, let’s make a short introduction to Spring Security. 2. Spring Security Spring Security is a library that’s part of the Spring project. It tries to group all the functionalities of user access control on Spring projects .

Defending against XSS attacks with Jsoup

XSS An XSS attack is usually a clever way of injecting malicious command code into a web page by exploiting a vulnerability left in the web page’s development, causing the user to load and execute a malicious web program created by the attacker. These malicious web programs are usually JavaScript, but can actually include Java, VBScript, ActiveX, Flash, or even plain HTML, and when the attack is successful, the attacker may gain access to a variety of things including, but not limited to, higher privileges (such as performing certain actions), private web content, sessions, and cookies.

Spring for GraphQL 1.0 RC1 Released

On behalf of everyone involved, I’m pleased to announce the availability of the first and final release candidate of Spring for GraphQL 1.0. We’re finally going to release a 1.0 version on May 17, the reference version for Spring Boot 2.7.0. We’ve shipped a few noteworthy changes and one important new feature in this release. Note: The Spring for GraphqL Boot starter is up-to-date with the changes discussed in this post and Spring Boot 2.