Share and remember the things that I have learned
Developing WebSocket server for your Spring Boot app is fairly simple and well described and documented. However when it comes to making sure that it 'actually works' is done manually in most cases. Below I will show how I do the automated integration tests for Websocket server using Spring's StompClient. I assume that you are … Continue reading Automated tests for Spring Boot WebSocket server
The simpliest, yet effective way to secure Spring REST API is to use Basic Auth. I'm going to show how to do it with Spring Security. Note Basic Auth is stateless (no need to manage sessions) and simple to implement. However it should be used with https only if outside of a trusted network. Also … Continue reading Spring: Securing REST API with BasicAuth
JMX (Java Management Extensions) allows to change the bean field values or invoke bean methods on the fly at runtime. It is in opposite to DI where you configure application when it starts, using profiles or classpath. With JMX you can tune, monitor or configure your application anytime when it is running. At the heart … Continue reading Spring JMX: Manage beans in runtime
Relatively short article explaining fairly complex idea of spring app architecture was published on codebeach: http://www.codebeach.com/2008/06/spring-mvc-application-architecture.html View, Controller, Service and Model layer explained in few sentences each. That helped me a lot when beginning Spring development
Security best practices requires all Authentication related events to be logged in defined format and sometimes event should be handled in special way. Spring security has its own Security Event log implementation and default repository (in memory repository) If you need to provide your own implementation you need to add custom configuration class. The class … Continue reading Spring Boot Security: Custom AuditEvent listener configuration
Think of users using your web application from mobile phones when their internet connection breaks down. Native mobile app would still work and cache all user actions, synchronizing them afterwards. HTML5 web apps can also work offline. Basically it is done by listing the resource files (html, js, images) that browser should cache immadietly and use the … Continue reading HTML 5 Offline Web Application with Spring Boot
If your Spring Boot app is running on embedded Tomcat, you need to use the TomcatConnectionCustomizer class to set up the HTTPS in Tomcat. Get the source code Source Code for this tutorial is available on my github under the SpringBootHttps tag: https://github.com/yacekmm/looksok/tree/SpringBootHttps 1. Prepare keystore and certificate First you need to have your certificate. If you … Continue reading Spring Boot: SSL/HTTPS for embedded Tomcat
User authenticated with username and password can access web pages. The second step is to authorize him - decide whether or not he is authorized to access certain resources or not. Spring supports role based authorization. In this tutorial I will show how to assign users a role and how to authorize them. Use case … Continue reading Spring Security Tutorial: Authorization and user roles
Looks OK! 