CORS detailed explanation and how to configure in spring application

CORS explained in detail CORS is a W3C standard, the full name is Cross-origin resource sharing. It allows the browser to cross-origin server, issued XMLHttpRequest/fetch request, thus overcoming the AJAX can only be used in the same source of the limitations. 1. Introduction CORS requires both browser and server support. Currently, all browsers support this feature, and Internet Explorer cannot be lower than IE10. The entire CORS communication process is done automatically by the browser, without user involvement.

Spring Security annotated access rights control combing

Spring Security provides annotation-based access control. turns on method annotation access control Spring Security turns off method annotations by default, to turn it on just add the @EnableGlobalMethodSecurity annotation. 1 2 3 4 5 6 7 8 9 10 /** * 开启方法安全注解 * * @author felord.cn */ @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) public class MethodSecurityConfig { } @EnableGlobalMethodSecurity provides

Spring Cloud - Disable Discovery Clients with Profiles

1. Overview In this tutorial, we’ll look at how to disable Spring Cloud’s Discovery Clients using profiles. This can be useful in situations where we want to enable/disable service discovery without making any changes to the code. 2. Set up Eureka Server and Eureka Client Let’s start by creating a Eureka Server and a Discovery Client. First, we can set up our Eureka Server using Section 2 of the Spring Cloud Netflix Eureka tutorial.

Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)

Overview While investigating the Spring Framework RCE vulnerability CVE-2022-22965 and the suggested workaround, we realized that the disallowedFields configuration setting on WebDataBinder is not intuitive and is not clearly documented. We have fixed that but also decided to be on the safe side and announce a follow-up CVE, in order to ensure application developers are alerted and have a chance to review their configuration. CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability We have released Spring Framework 5.

Ideas for integrating OAuth2 with Spring Cloud Gateway

Microservices to do user authentication and authorization has always been a difficult point, with the OAuth2.0 password mode was invalidated, it is even more difficult.This article will share some ideas. Two ways of thinking There are usually two ways of thinking about authentication and authorization for microservices. All authentication authorization is handled by an independent user authentication authorization server, which is only responsible for issuing Token, and then the gateway is only responsible for forwarding requests to each microservice module, and each module of the microservice performs the verification process of Token by itself.

BootstrapMode for JPA Repositories

1. Introduction In this brief tutorial, we’ll focus on the different types of BootstrapMode for JPA repositories that Spring provides for altering the orchestration of their instantiation. At startup, Spring Data scans for repositories and registers their bean definitions as singleton-scoped beans. During their initialization, repositories obtain an EntityManager immediately. Specifically, they get the JPA metamodel and validate declared queries. JPA is bootstrapped synchronously by default. Consequently, the instantiation of repositories is blocked until the bootstrap process completes .

Build a Spring Boot REST API with Full-Text Search using Hibernate Search

Search is one of the pillars of the web, and full-text search is one of the mandatory features that every website needs. But implementing such a feature is complex, and lots of skilled engineers have already thought hard about this topic. So let’s not reinvent the wheel, and use the battle-tested Hibernate Search library. In this blog post, we are going to learn how to build a simple REST API endpoint in Spring boot with full-text search using Hibernate Search.

Build a Spring Boot REST API with Pagination and Sorting

Pagination is an important feature for REST API, and is used for many use cases where we want to fetch only a small part of an entire dataset. It might be for performance reasons, and fetch only the data needed at that time. It can also be used by the frontend to display items using a paginated view type of UI such as infinite scrolling. Spring Boot provides a pagination feature integrated into the spring data JPA library, making it easy to integrate such a mechanism in our own REST API.

Pagination(with Hateoas), Filtering & Sorting with Spring Boot and JPA

Introduction In this blog post we are going to look at how we can implement pagination with hateoas while supporting filtering and sorting in a spring boot application. We will first start off implementing filtering, and then iteratively page, sorting and finally pagination wtih Hateoas. Tech Stack Below are the list of languages, frameworks and libraries used in this tutorial Java 11 Maven h2 in memory database REST apis SpringBoot 2.

Unified configuration management using Spring Cloud Config

1 Preface Configurability is a feature that a mature software system should provide, and configuration management is important for large systems, especially for microservices systems with multiple applications. Happily, Spring provides us with good configuration management, such as the powerful configuration of Springboot. For Spring Cloud, there is the powerful Spring Cloud Config which is very useful for distributed system configuration management by providing a configuration management outside the application,

Getting Started with Data Flow Shell

1 Preface In the previous article about Spring Cloud Data Flow, the examples were operated through the UI. The Linux server environment generally uses the command line. The integration on Jenkins does not work with the UI either. The good thing is that the official Data Flow Shell tool is available and can be operated in command line mode, which is very convenient. The Spring Cloud Data Flow Server provides an operational REST API, so the essence of this Shell tool is still to interact by calling the REST API.

Getting Started with Spring Cloud Data Flow, Running in Local Mode

1 Preface What is Spring Cloud Data Flow, although it has been around for a while, I think many people don’t know about it, because few people use it in their projects. Not much information can be found online. Spring Cloud Data Flow is a microservices-based, specialized framework for streaming and batch data processing. 2 Basic concepts 2.1 Data Processing Modes There are two modes of data processing, Streaming and

Solve the problem that SpringBoot fails to start after updating to 2.6.0

Problem Description SpringBoot project has integrated springfox. After updating SpringBoot to 2.6.0 the application fails to start and throws an exception: Failed to start bean 'documentationPluginsBootstrapper'; nested exception is java.lang.NullPointerException. The exception stack is as follows. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 Error starting ApplicationContext.

4 solutions for selective injection when the interface has multiple implementations

1. Description of the problem In the actual system application development I often encounter such a class of requirements, and I believe that you will often encounter in your work. The same system is deployed in multiple provinces. A business in Beijing is one way of implementation, based on the needs of Beijing users. The same business is implemented in Shanghai in another way, much the same way as in

Deadlock problem caused by improper use of ThreadPoolTaskExecutor

Spring comes with a thread pool is very convenient to use, but in relatively complex concurrent programming scenarios, the use of the scenario still requires careful consideration of the configuration, or you may encounter the pitfalls mentioned in this article. Specific code reference sample project 1. Overview ThredPoolTaskExcutor has 2 core configurations, one is the thread pool size and one is the queue size. The processing flow of ThredPoolTaskExcutor: New

Spring Cache custom resolver

This article introduces the custom cache resolver in spring, by customizing the resolver, you can add additional processing in spring’s cache annotation. Specific code reference example project 1. Overview The cache-aside pattern is a commonly used cache usage pattern. The usage flow is as follows. When the data in the database is updated, the cache is invalidated so that the latest data in the database can be read subsequently, making the cached data consistent with the database data.

Problems encountered in migrating small microservices from Java to Kotlin and their solutions

In this article, I would like to consider the problems and their solutions, which we encountered during the migration of our small microservice from Java to Kotlin. Stack Java 11 Spring Web MVC (в рамках Spring Boot) Spring Data JPA Map Struct Lombok Maven Beginning Firstly, I would recommend anyone, who wants to put Kotlin in your project to start from tests. During this process, we configure almost all you need.

Spring Boot integration groovy script

Introducing scripting capabilities into our application can be a good way to improve flexibility. Our core development work can be focused on the development of core platform capabilities, and scenario-specific functionality can be implemented through scripting. For example, jenkins can write pipelines through groovy scripts, which can be very flexible to customize the build process. spring itself provides a mechanism for groovy integration, divided into two ways, one is to use groovy development program, similar to the development with java, need to be compiled.

Downgrading to Java 8 can also solve Spring Framework RCE

Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20 , 9.0.62 , and 8.5.78 all of which close the attack vector on Tomcat’s side. While the vulnerability is not in Tomcat itself, in real world situations, it is important to be able to choose among multiple upgrade paths that in turn provides flexibility and layered protection.

Nacos Configuration Center Cluster Principle and Source Code Analysis

Nacos, as a configuration center, necessarily needs to ensure high availability of service nodes, so how does Nacos implement clustering? The following diagram, represents the deployment diagram of Nacos cluster. How Nacos clusters work Nacos is an uncentralized node design in the cluster architecture as a configuration center. Since there are no master-slave nodes and no election mechanism, it is necessary to add virtual IPs (VIPs) in order to enable hot standby.