We often need to do some hook actions when the container starts, such as registering message consumers, listening to configurations, etc. Today we will summarize the 7 startup extensions that SpringBoot leaves to developers. Container refresh completion extension point 1.ApplicationListener<ContextRefreshedEvent> Anyone familiar with Spring must know that a successful container refresh means that all Bean initialization has been completed, and when the container is refreshed Spring will call the onApplicationEvent

These days are “Spring Release Days”, with many Spring artifacts releasing new versions, Spring Framework 6.0.0 released its 4th milestone release, which includes all fixes for 5.3.20, as well as 39 fixes and improvements specific to the 6.0 branch. And yesterday Spring Boot 2.7.0 and several branches of Spring Security were released, especially Spring Boot 2.7.0 which is a very important release. Spring Boot 2.7.0 The most important thing yesterday was the release of Spring Boot 2.

HATEOAS is a principle to achieve the REST specification, by following the HATEOAS specification, we can solve the actual code to achieve a variety of individual problems. As the most popular framework for java Spring will of course not be absent from the integration of HATEOAS. This article will explain how to use HATEOAS in SpringBoot through a specific example. Our goal The HATEOAS rule returns data with links. Let’s take the familiar Book example to demonstrate this HATEOAS by first creating a Book entity.

When we fail to log in, we may write the wrong username or the wrong password, but for security reasons, the server usually does not explicitly indicate whether the username or the password is wrong, but only gives a vague username or password error. However, for many programmers, they may not be aware of the “unspoken rules” that may give the user a clear indication of whether the user name is wrong or the password is wrong.

Spring Boot uses Jackson by default as the serialization/deserialization framework for Json. But for me, I prefer Google’s Gson, which is much more concise. This article will teach you how to use Gson instead of Jackson in your Spring Boot application. maven Spring Boot itself provides support for Gson, so you can import the Gson module directly without declaring a version number. If you are not using Jackson elsewhere, then you can exclude it from your project.

Sometimes, no matter how many features you try to apply, it seems impossible to get Spring Data JPA to apply every thing you’d like to a query before it is sent to the EntityManager . With 3.0.0-SNAPSHOT (and targeted for the next milestone release train of Spring Data), you now have the ability to get your hands on the query, right before it’s sent to the EntityManager and “rewrite” it. That is, you can make any alterations at the last moment.

Gzip is a compression encoding format. The server often compresses the response body by this encoding and then responds to the client, thus reducing the data size, increasing the transmission speed and saving bandwidth. The client then decompresses it by Gzip to get the original data. It consumes extra CPU resources because of the compression computation required. Http Header & Encoding There are many other ways to encode similar to Gzip.

How is the order of filters in HttpSecurity maintained? I think many developers are interested in this issue. In this article, I will discuss this issue with you. HttpSecurity contains a member variable FilterOrderRegistration, this class is a built-in filter registry. As for the role of these filters, not the focus of this article, interested to see the FilterOrderRegistration source code. Built-in filter order The FilterOrderRegistration maintains a variable filterToOrder

Mapstruct it can replace BeanUtil to perform conversions between DTO, VO, PO. It uses the annotation processor mechanism of Java compilation period, to put it bluntly, it is a code generator, instead of you manually type conversion during the take value assignment operation. 1 2 3 4 5 @Mapper(componentModel = "spring") public interface AreaMapping { List<AreaInfoListVO> toVos(List<Area> areas); } In just a few lines, a collection of PO is transformed

1. Background spring cloud is the de facto standard for microservices in the java application world, it provides very rich and complete microservice components and is very easy to integrate with java applications. However, as many features of spring cloud are integrated into applications through java jar packages in the form of SDK calls (e.g. eureka client, spring cloud config client, etc.), applications developed in other languages (e.g. go, python,

Microservice is a software architecture that is gaining more and more attention. But what does it really mean? What kind of architecture can be called microservices? There are many articles on the Internet, but they are too complicated for beginners to understand. In my opinion, the concept is actually very simple and can be understood in layman’s terms. 1. Monolithic Software To understand microservices, you first need to understand the evolution of software architecture.

Starting with Chrome 51, a new SameSite attribute has been added to the browser cookie to prevent CSRF attacks and user tracking. 1. What is a CSRF attack? Cookies are often used to store a user’s identity information, and a malicious website can manage to forge an HTTP request with the correct cookie, which is a CSRF attack. For example, a user logs into the bank’s website your-bank.com and a cookie is sent from the bank’s server.

HttpClient is a new client tool class provided by JDK11 under the java.net.http package. This article will teach you how to send multipart/form-data requests through HttpClient. multipart/form-data The types in the MIME standard can be divided into two categories: standalone types and Multipart types. Standalone type is a type that represents only a single file or media, indicating the classification of files for the transferred data. Examples include text, application, audio, image, video, etc.

1. Overview In this article, we’ll have a look at how to handle Spring Security exceptions produced by our Spring Security Resource Server . To do so, we’ll also use a practical example where all the necessary configurations will be explained. First of all, let’s make a short introduction to Spring Security. 2. Spring Security Spring Security is a library that’s part of the Spring project. It tries to group all the functionalities of user access control on Spring projects .

XSS An XSS attack is usually a clever way of injecting malicious command code into a web page by exploiting a vulnerability left in the web page’s development, causing the user to load and execute a malicious web program created by the attacker. These malicious web programs are usually JavaScript, but can actually include Java, VBScript, ActiveX, Flash, or even plain HTML, and when the attack is successful, the attacker may gain access to a variety of things including, but not limited to, higher privileges (such as performing certain actions), private web content, sessions, and cookies.

On behalf of everyone involved, I’m pleased to announce the availability of the first and final release candidate of Spring for GraphQL 1.0. We’re finally going to release a 1.0 version on May 17, the reference version for Spring Boot 2.7.0. We’ve shipped a few noteworthy changes and one important new feature in this release. Note: The Spring for GraphqL Boot starter is up-to-date with the changes discussed in this post and Spring Boot 2.

CORS explained in detail CORS is a W3C standard, the full name is Cross-origin resource sharing. It allows the browser to cross-origin server, issued XMLHttpRequest/fetch request, thus overcoming the AJAX can only be used in the same source of the limitations. 1. Introduction CORS requires both browser and server support. Currently, all browsers support this feature, and Internet Explorer cannot be lower than IE10. The entire CORS communication process is done automatically by the browser, without user involvement.

Spring Security provides annotation-based access control. turns on method annotation access control Spring Security turns off method annotations by default, to turn it on just add the @EnableGlobalMethodSecurity annotation. 1 2 3 4 5 6 7 8 9 10 /** * 开启方法安全注解 * * @author felord.cn */ @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) public class MethodSecurityConfig { } @EnableGlobalMethodSecurity provides

1. Overview In this tutorial, we’ll look at how to disable Spring Cloud’s Discovery Clients using profiles. This can be useful in situations where we want to enable/disable service discovery without making any changes to the code. 2. Set up Eureka Server and Eureka Client Let’s start by creating a Eureka Server and a Discovery Client. First, we can set up our Eureka Server using Section 2 of the Spring Cloud Netflix Eureka tutorial.

Overview While investigating the Spring Framework RCE vulnerability CVE-2022-22965 and the suggested workaround, we realized that the disallowedFields configuration setting on WebDataBinder is not intuitive and is not clearly documented. We have fixed that but also decided to be on the safe side and announce a follow-up CVE, in order to ensure application developers are alerted and have a chance to review their configuration. CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability We have released Spring Framework 5.