DEV Community: eidher The latest articles on DEV Community by eidher (@eidher). https://dev.to/eidher https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F363362%2F3fad91dc-9a48-4c3c-91a8-05e3b4561bd1.jpeg DEV Community: eidher https://dev.to/eidher en Kafka Connect: FileStreamSourceConnector in distributed mode eidher Fri, 23 Aug 2024 22:31:57 +0000 https://dev.to/eidher/kafka-connect-filestreamsourceconnector-in-distributed-mode-4l8 https://dev.to/eidher/kafka-connect-filestreamsourceconnector-in-distributed-mode-4l8 <p>1) Source connectors: Start our kafka cluster. This is the docker-compose.yml file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">kafka-cluster</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">landoop/fast-data-dev:cp3.3.0</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">ADV_HOST</span><span class="pi">:</span> <span class="s">127.0.0.1</span> <span class="na">RUNTESTS</span><span class="pi">:</span> <span class="m">0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">2181:2181</span> <span class="c1"># Zookeeper</span> <span class="pi">-</span> <span class="s">3030:3030</span> <span class="c1"># Landoop UI</span> <span class="pi">-</span> <span class="s">8081-8083:8081-8083</span> <span class="c1"># REST Proxy, Schema Registry, Kafka Connect</span> <span class="pi">-</span> <span class="s">9581-9585:9581-9585</span> <span class="c1"># JMX Ports</span> <span class="pi">-</span> <span class="s">9092:9092</span> <span class="c1"># Kafka Broker</span> </code></pre> </div> <p>Create and start the container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker-compose up kafka-cluster </code></pre> </div> <p>2) Create the topic we're going to write to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--rm</span> <span class="nt">-it</span> <span class="nt">--net</span><span class="o">=</span>host landoop/fast-data-dev:cp3.3.0 bash kafka-topics <span class="nt">--create</span> <span class="nt">--topic</span> demo-2-distributed <span class="nt">--partitions</span> 3 <span class="nt">--replication-factor</span> 1 <span class="nt">--zookeeper</span> 127.0.0.1:2181 </code></pre> </div> <p>3) In a browser go to 127.0.0.1:3030 -&gt; Connect UI<br> Create a new connector -&gt; File Source<br> Paste the next configuration and click the Create button:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">name</span><span class="p">=</span><span class="s">file-stream-demo-distributed</span> <span class="py">connector.class</span><span class="p">=</span><span class="s">org.apache.kafka.connect.file.FileStreamSourceConnector</span> <span class="py">tasks.max</span><span class="p">=</span><span class="s">1</span> <span class="py">file</span><span class="p">=</span><span class="s">demo-file.txt</span> <span class="py">topic</span><span class="p">=</span><span class="s">demo-distributed</span> <span class="py">key.converter</span><span class="p">=</span><span class="s">org.apache.kafka.connect.json.JsonConverter</span> <span class="py">key.converter.schemas.enable</span><span class="p">=</span><span class="s">true</span> <span class="py">value.converter</span><span class="p">=</span><span class="s">org.apache.kafka.connect.json.JsonConverter</span> <span class="py">value.converter.schemas.enable</span><span class="p">=</span><span class="s">true</span> </code></pre> </div> <p>4) Create the source file:<br> Execute docker ps to see the containerId.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker <span class="nb">exec</span> <span class="nt">-it</span> &lt;containerId&gt; bash <span class="nb">touch </span>demo-file.txt <span class="nb">echo</span> <span class="s2">"add any content"</span> <span class="o">&gt;&gt;</span> demo-file.txt </code></pre> </div> <p>3) In a browser go to 127.0.0.1:3030 -&gt; Kafka Topics UI<br> Click the topic defined previously (demo-distributed) and validate the content:</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fogiub8pmf8kunqbb70yt.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fogiub8pmf8kunqbb70yt.png" alt="Image description" width="800" height="380"></a></p> kafka kafkaconnect filestreamsourceconnector Distributed Tracing eidher Tue, 21 Feb 2023 17:35:12 +0000 https://dev.to/eidher/distributed-tracing-5hhe https://dev.to/eidher/distributed-tracing-5hhe <blockquote> <p>Spring Cloud Sleuth provides Spring Boot auto-configuration for distributed tracing.<br> <a href="https://spring.io/projects/spring-cloud-sleuth#overview" rel="noopener noreferrer">https://spring.io/projects/spring-cloud-sleuth#overview</a></p> <p>Zipkin is a distributed tracing system.<br> <a href="https://zipkin.io" rel="noopener noreferrer">https://zipkin.io</a></p> </blockquote> <h1> Dependencies </h1> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-cloud-starter-sleuth<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.cloud<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-cloud-sleuth-zipkin<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.cloud<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-rabbit<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.amqp<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <h1> Properties </h1> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">spring.sleuth.sampler.probability</span><span class="p">=</span><span class="s">1.0</span> </code></pre> </div> <p>Now, if you have zipkin and rabbitmq running, you can call your service and see the traces in zipkin. </p> <p>For more information see <a href="https://www.appsdeveloperblog.com/spring-cloud-sleuth-and-zipkin/" rel="noopener noreferrer">https://www.appsdeveloperblog.com/spring-cloud-sleuth-and-zipkin/</a></p> discuss Resilience4J Circuit Breakers eidher Mon, 20 Feb 2023 16:22:00 +0000 https://dev.to/eidher/resilience4j-circuit-breakers-5ckh https://dev.to/eidher/resilience4j-circuit-breakers-5ckh <p>If we have a chain of services calling other services and one of the services is down or slow, it would impact the entire chain. In that case, we would need to return a fallback response. We could implement a <a href="https://martinfowler.com/bliki/CircuitBreaker.html">circuit breaker pattern</a> to reduce the load, retry the requests, and implement a rate limiting.</p> <blockquote> <p>Resilience4j is a lightweight fault tolerance library designed for functional programming.<br> <a href="https://resilience4j.readme.io/docs">https://resilience4j.readme.io/docs</a></p> </blockquote> <h1> Dependencies </h1> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;artifactId&gt;</span>resilience4j-spring-boot2<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;groupId&gt;</span>io.github.resilience4j<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-aop<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-actuator<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <h1> Retry </h1> <p>When an API call fails, you can force a retry just by adding the @Retry annotation to the API endpoint. By default, it would retry three times, but you can set the max retry attempts by giving the retry a name and adding a max attempts property:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/sample-api"</span><span class="o">)</span> <span class="nd">@Retry</span><span class="o">(</span><span class="n">name</span> <span class="o">=</span> <span class="s">"sample-api"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">sampleApi</span><span class="o">()</span> <span class="o">{</span> <span class="o">...</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">resilience4j.retry.instances.sample-api.max-attempts</span><span class="p">=</span><span class="s">5</span> </code></pre> </div> <p>Additionally, you can define other properties as wait duration (between attempts), and enable exponential backoff to wait in exponential ranges of time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">resilience4j.retry.instances.sample-api.waitDuration</span><span class="p">=</span><span class="s">1s</span> <span class="py">resilience4j.retry.instances.sample-api.enableExponentialBackoff</span><span class="p">=</span><span class="s">true</span> </code></pre> </div> <h1> Fallback </h1> <p>You can define a fallback method in case after retries it fails again:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/sample-api"</span><span class="o">)</span> <span class="nd">@Retry</span><span class="o">(</span><span class="n">name</span> <span class="o">=</span> <span class="s">"sample-api"</span><span class="o">,</span> <span class="n">fallbackMethod</span> <span class="o">=</span> <span class="s">"hardcodedResponse"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">sampleApi</span><span class="o">()</span> <span class="o">{</span> <span class="o">...</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">hardcodedResponse</span><span class="o">(</span><span class="nc">Exception</span> <span class="n">ex</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="s">"fallback-response"</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <h1> Circuit breaker </h1> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/sample-api"</span><span class="o">)</span> <span class="nd">@CircuitBreaker</span><span class="o">(</span><span class="n">name</span> <span class="o">=</span> <span class="s">"default"</span><span class="o">,</span> <span class="n">fallbackMethod</span> <span class="o">=</span> <span class="s">"hardcodedResponse"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">sampleApi</span><span class="o">()</span> <span class="o">{</span> <span class="o">...</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">hardcodedResponse</span><span class="o">(</span><span class="nc">Exception</span> <span class="n">ex</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="s">"fallback-response"</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <p>With this configuration, if sampleApi method fails, the fallback method is executed, for the next calls it will break the circuit and it will directly return the fallback response.</p> <blockquote> <p>The CircuitBreaker is implemented via a finite state machine with three normal states: CLOSED, OPEN, and HALF_OPEN.<br> <a href="https://resilience4j.readme.io/docs/circuitbreaker">https://resilience4j.readme.io/docs/circuitbreaker</a></p> </blockquote> <p>Closed is when I am calling the microservice continuously. In the open state, the circuit breaker will not call the dependent microservice. It will return the fallback response. Finally, in the HALF_OPEN state, the circuit breaker will be sending a percentage of requests to the dependent microservice, and for the rest of the requests, it will return the fallback response. When starting the application the circuit breaker starts in the closed state. If a significant percentage of the calls are failing, the circuit breaker will switch to the open state. There is a wait duration that you can configure, then it will switch to HALF_OPEN state. You can configure how much percentage of requests it will try to send successfully to the dependant service to move to the closed state again. If it fails, it will move back to the open state again. </p> <p>Example of a configuration for failure rate threshold in percentage, the default value is 50%:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">resilience4j.circuitbreaker.instances.default.failureRateThreshold</span><span class="p">=</span><span class="s">90</span> </code></pre> </div> <p>For more information see: <a href="https://www.baeldung.com/spring-boot-resilience4j">https://www.baeldung.com/spring-boot-resilience4j</a></p> <h1> Rate Limiting </h1> <p>The @RateLimiter annotation allows us to define a period for a specific number of calls. If you exceed that quantity of calls, the service will return an exception.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/sample-api"</span><span class="o">)</span> <span class="nd">@RateLimiter</span><span class="o">(</span><span class="n">name</span><span class="o">=</span><span class="s">"default"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">sampleApi</span><span class="o">()</span> <span class="o">{</span> <span class="o">...</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">resilience4j.ratelimiter.instances.default.limitForPeriod</span><span class="p">=</span><span class="s">2</span> <span class="py">resilience4j.ratelimiter.instances.default.limitRefreshPeriod</span><span class="p">=</span><span class="s">10s</span> </code></pre> </div> <h1> BulkHead </h1> <p>The @Bulkhead annotation allows us to define a max concurrent calls value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/sample-api"</span><span class="o">)</span> <span class="nd">@Bulkhead</span><span class="o">(</span><span class="n">name</span> <span class="o">=</span> <span class="s">"sample-api"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">sampleApi</span><span class="o">()</span> <span class="o">{</span> <span class="o">...</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">resilience4j.bulkhead.instances.sample-api.maxConcurrentCalls</span><span class="p">=</span><span class="s">10</span> </code></pre> </div> resilience4j spring java Spring Cloud Gateway eidher Sun, 19 Feb 2023 16:32:29 +0000 https://dev.to/eidher/spring-cloud-gateway-42f0 https://dev.to/eidher/spring-cloud-gateway-42f0 <blockquote> <p>Spring Cloud Gateway aims to provide a simple, yet effective way to route to APIs and provide cross-cutting concerns to them such as security, monitoring/metrics, and resiliency.<br> <a href="https://spring.io/projects/spring-cloud-gateway" rel="noopener noreferrer">https://spring.io/projects/spring-cloud-gateway</a></p> </blockquote> <p>First, configure the project as a Eureka client as was explained <a href="https://dev.to/eidher/microservices-with-spring-5a6p">here</a>. Then, add this dependency:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.cloud<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-cloud-starter-gateway<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <p>If you add the next properties you can access other services registered in Eureka:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">spring.cloud.gateway.discovery.locator.enabled</span><span class="p">=</span><span class="s">true</span> <span class="py">spring.cloud.gateway.discovery.locator.lowerCaseServiceId</span><span class="p">=</span><span class="s">true</span> </code></pre> </div> <p>The second property is optional and allows us to use lowercase to access the service. For instance, if you have a eureka client service named ACCOUNTS-MICROSERVICE, and the API Gateway project is running on port 8765 you can use this url: <a href="http://localhost:8765/accounts-microservice/accounts-microservice/accountDetails/1" rel="noopener noreferrer">http://localhost:8765/accounts-microservice/accounts-microservice/accountDetails/1</a>. Now, you are accessing the accounts-microservice service through the API gateway.</p> <p>You can create a custom router for adding headers, parameters, and routing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">RouteLocator</span> <span class="nf">gatewayRouter</span><span class="o">(</span><span class="nc">RouteLocatorBuilder</span> <span class="n">builder</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="n">builder</span><span class="o">.</span><span class="na">routes</span><span class="o">()</span> <span class="o">.</span><span class="na">route</span><span class="o">(</span><span class="n">p</span> <span class="o">-&gt;</span> <span class="n">p</span><span class="o">.</span><span class="na">path</span><span class="o">(</span><span class="s">"/accounts-microservice/**"</span><span class="o">)</span> <span class="o">.</span><span class="na">filters</span><span class="o">(</span><span class="n">f</span> <span class="o">-&gt;</span> <span class="n">f</span> <span class="o">.</span><span class="na">addRequestHeader</span><span class="o">(</span><span class="s">"MyHeader"</span><span class="o">,</span> <span class="s">"MyURI"</span><span class="o">)</span> <span class="o">.</span><span class="na">addRequestParameter</span><span class="o">(</span><span class="s">"Param"</span><span class="o">,</span> <span class="s">"MyValue"</span><span class="o">))</span> <span class="o">.</span><span class="na">uri</span><span class="o">(</span><span class="s">"lb://accounts-microservice"</span><span class="o">))</span> <span class="o">.</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> </code></pre> </div> <p>Now, you can remove the two previous properties and use this simpler URL: <a href="http://localhost:8765/accounts-microservice/accountDetails/1" rel="noopener noreferrer">http://localhost:8765/accounts-microservice/accountDetails/1</a>. You can see the new header and parameter in the request. Besides, you can chain as many routes as you want in the same builder, add path rewrites, etc.</p> <p>Additionally, Spring Cloud Gateway provides a GlobalFilter to handle cross-cutting concerns such as logging, lets see an example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Component</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">LoggingFilter</span> <span class="kd">implements</span> <span class="nc">GlobalFilter</span> <span class="o">{</span> <span class="kd">private</span> <span class="kd">final</span> <span class="nc">Logger</span> <span class="n">logger</span> <span class="o">=</span> <span class="nc">LoggerFactory</span><span class="o">.</span><span class="na">getLogger</span><span class="o">(</span><span class="nc">LoggingFilter</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">Mono</span><span class="o">&lt;</span><span class="nc">Void</span><span class="o">&gt;</span> <span class="nf">filter</span><span class="o">(</span><span class="nc">ServerWebExchange</span> <span class="n">exchange</span><span class="o">,</span> <span class="nc">GatewayFilterChain</span> <span class="n">chain</span><span class="o">)</span> <span class="o">{</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"Path of the request received -&gt; {}"</span><span class="o">,</span> <span class="n">exchange</span><span class="o">.</span><span class="na">getRequest</span><span class="o">().</span><span class="na">getPath</span><span class="o">());</span> <span class="k">return</span> <span class="n">chain</span><span class="o">.</span><span class="na">filter</span><span class="o">(</span><span class="n">exchange</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>For more information see: <a href="https://www.baeldung.com/spring-cloud-gateway" rel="noopener noreferrer">https://www.baeldung.com/spring-cloud-gateway</a></p> vibecoding Spring Cloud OpenFeign eidher Thu, 16 Feb 2023 21:02:25 +0000 https://dev.to/eidher/spring-cloud-openfeign-29b8 https://dev.to/eidher/spring-cloud-openfeign-29b8 <blockquote> <p>Feign is a declarative web service client. It makes writing web service clients easier. To use Feign create an interface and annotate it.</p> </blockquote> <p>Source: <a href="https://cloud.spring.io/spring-cloud-netflix/multi/multi_spring-cloud-feign.html" rel="noopener noreferrer">https://cloud.spring.io/spring-cloud-netflix/multi/multi_spring-cloud-feign.html</a></p> <p>With Feign, URLs are not hardcoded and Feign integrates with Ribbon and Eureka automatically. To use it you must add this dependency:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-cloud-starter-openfeign<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.cloud<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <p>Then, you must add the @EnableFeignClients annotation to the main class and declare a Feign client using the @FeignClient annotation in the interface:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@FeignClient</span><span class="o">(</span><span class="n">name</span> <span class="o">=</span> <span class="s">"other-service-name"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">interface</span> <span class="nc">Proxy</span> <span class="o">{</span> <span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/other-service-uri/{variable}"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">Response</span> <span class="nf">getResponse</span><span class="o">(</span> <span class="nd">@PathVariable</span> <span class="nc">String</span> <span class="n">variable</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p>Now, you can use it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">Response</span> <span class="n">response</span> <span class="o">=</span> <span class="n">proxy</span><span class="o">.</span><span class="na">getResponse</span><span class="o">(</span><span class="n">variable</span><span class="o">);</span> </code></pre> </div> <p>For more information see: <a href="https://www.baeldung.com/spring-cloud-openfeign" rel="noopener noreferrer">https://www.baeldung.com/spring-cloud-openfeign</a></p> discuss security roadmap Spring Cloud Config eidher Wed, 15 Feb 2023 23:59:50 +0000 https://dev.to/eidher/spring-cloud-config-1c03 https://dev.to/eidher/spring-cloud-config-1c03 <blockquote> <p>Spring Cloud Config provides server-side and client-side support for externalized configuration in a distributed system. With the Config Server, you have a central place to manage external properties for applications across all environments.</p> </blockquote> <p>Source: <a href="https://docs.spring.io/spring-cloud-config/docs/current/reference/html/" rel="noopener noreferrer">https://docs.spring.io/spring-cloud-config/docs/current/reference/html/</a></p> <h1> Spring Cloud Config Server </h1> <blockquote> <p>Spring Cloud Config Server provides an HTTP resource-based API for external configuration (name-value pairs or equivalent YAML content). The server is embeddable in a Spring Boot application, by using the @EnableConfigServer annotation. Consequently, the following application is a config server:<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@SpringBootApplication</span> <span class="nd">@EnableConfigServer</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">ConfigServer</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="nc">SpringApplication</span><span class="o">.</span><span class="na">run</span><span class="o">(</span><span class="nc">ConfigServer</span><span class="o">.</span><span class="na">class</span><span class="o">,</span> <span class="n">args</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Source: <a href="https://docs.spring.io/spring-cloud-config/docs/current/reference/html/#_spring_cloud_config_server" rel="noopener noreferrer">https://docs.spring.io/spring-cloud-config/docs/current/reference/html/#_spring_cloud_config_server</a></p> <p>The config server application needs this dependency:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.cloud<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-cloud-config-server<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <p>The default implementation of the server storage backend uses git, but you can also use SVN, file system, CredHub, AWS (Secrets Manager, Parameter Store, or S3), JDBC, Redis, or Vault. For git, you must create a repository containing YAML and properties files in the master branch. Then, define it in the application.properties file of the Config Server application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">spring.application.name</span><span class="p">=</span><span class="s">spring-cloud-config-server</span> <span class="py">server.port</span><span class="p">=</span><span class="s">8888</span> <span class="py">spring.cloud.config.server.git.uri</span><span class="p">=</span><span class="s">file:///C:/Users/home/Desktop/yourProject/git-repo</span> </code></pre> </div> <p>If you added a config-client.properties file, for instance, in the git repository, you can run the config server application and access <a href="http://localhost:8888/config-client/default" rel="noopener noreferrer">http://localhost:8888/config-client/default</a> to view the properties (default is the profile).</p> <h1> Spring Cloud Config Client </h1> <p>Spring Boot applications can use the Spring Config Server. The config client applications need this dependency:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.cloud<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-cloud-starter-config<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <p>Then, add in the application.properties file of the Config client applications this property:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">spring.config.import</span><span class="p">=</span><span class="s">optional:configserver:http://localhost:8888</span> </code></pre> </div> <p>Additionaly, if you are using different profiles you must define the profile and it will use the corresponding properties file. Add this property: spring.cloud.config.profile=profile (where profile is dev, qa, etc)</p> <p>Finally, you can use the @ConfigurationProperties or @Value annotations to access the properties from the config server.</p> <p>For more information see: <a href="https://www.baeldung.com/spring-cloud-configuration" rel="noopener noreferrer">https://www.baeldung.com/spring-cloud-configuration</a></p> gratitude Handling Injection Attacks in Java eidher Sun, 14 Mar 2021 03:21:53 +0000 https://dev.to/eidher/handling-injection-attacks-in-java-2d1l https://dev.to/eidher/handling-injection-attacks-in-java-2d1l <p>An injection attack is the insertion of malicious data from the client to the application using SQL or XXE (XML External Entity).<br> It is important to prevent injection attacks because it allows attackers to spoof identity, tamper with existing data, disclosure all the data, destroy the data, become the administrator, etc.</p> <h1> SQL Injection </h1> <p>If the attacker introduces something like ' or 1=1 -- the application could display data from the database:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--sYvh7v4k--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/555ip8rnfurapt3xkzs4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--sYvh7v4k--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/555ip8rnfurapt3xkzs4.png" alt="Alt Text" width="880" height="492"></a></p> <h1> A patch to the SQL injection </h1> <p>The flaw is because the field (accountName) is concatenated to the SQL statement:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">String</span> <span class="n">query</span> <span class="o">=</span> <span class="s">"SELECT * FROM user_data WHERE last_name = '"</span> <span class="o">+</span> <span class="n">accountName</span> <span class="o">+</span> <span class="s">"'"</span><span class="o">;</span> <span class="nc">Statement</span> <span class="n">statement</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="na">createStatement</span><span class="o">(</span><span class="nc">ResultSet</span><span class="o">.</span><span class="na">TYPE_SCROLL_INSENSITIVE</span><span class="o">,</span> <span class="nc">ResultSet</span><span class="o">.</span><span class="na">CONCUR_READ_ONLY</span><span class="o">);</span> <span class="nc">ResultSet</span> <span class="n">results</span> <span class="o">=</span> <span class="n">statement</span><span class="o">.</span><span class="na">executeQuery</span><span class="o">(</span><span class="n">query</span><span class="o">);</span> </code></pre> </div> <p>To patch this flaw you must use Immutable Queries, Static Queries, Parameterized Queries, or Stored Procedures. For the previous example the best solution is a parameterized query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">final</span> <span class="nc">String</span> <span class="n">query</span> <span class="o">=</span> <span class="s">"SELECT * FROM user_data WHERE last_name = ?"</span><span class="o">;</span> <span class="k">try</span> <span class="o">{</span> <span class="nc">PreparedStatement</span> <span class="n">statement</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="na">prepareStatement</span><span class="o">(</span><span class="n">query</span><span class="o">,</span> <span class="nc">ResultSet</span><span class="o">.</span><span class="na">TYPE_SCROLL_INSENSITIVE</span><span class="o">,</span> <span class="nc">ResultSet</span><span class="o">.</span><span class="na">CONCUR_READ_ONLY</span><span class="o">);</span> <span class="n">statement</span><span class="o">.</span><span class="na">setString</span><span class="o">(</span><span class="mi">1</span><span class="o">,</span> <span class="n">accountName</span><span class="o">);</span> <span class="nc">ResultSet</span> <span class="n">results</span> <span class="o">=</span> <span class="n">statement</span><span class="o">.</span><span class="na">executeQuery</span><span class="o">(</span><span class="n">query</span><span class="o">);</span> <span class="o">...</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">SQLException</span> <span class="n">sqle</span><span class="o">)</span> <span class="o">{</span> <span class="o">...</span> <span class="o">}</span> </code></pre> </div> <p>Now, if you try to inject SQL you get an exception.</p> <h1> XXE Injection </h1> <p>If you have a service that receives an XML, somebody could change that XML (using Burp Suite) in order to access local resources, execute code remotely, disclose files, or execute a DoS attack (<a href="https://en.wikipedia.org/wiki/Billion_laughs_attack">using a Billion laughs attack</a>).</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--k6a0QviH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/2svu66ywgnl2jwaa0pm4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--k6a0QviH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/2svu66ywgnl2jwaa0pm4.png" alt="Alt Text" width="880" height="296"></a></p> <p>You may say "no worries, I use JSON in my REST services". However, the attacker could change the content type of the request body and send the same XML. For instance, next we have the request of a service caught by Burp Suite (ellipsis is used to omit irrelevant information):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... Content-Type: application/json ... {"text":"test"} </code></pre> </div> <p>It is as easy as to change the Content-Type to XML and the payload to perform the attack:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... Content-Type: application/xml ... &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE foo [ &lt;!ELEMENT foo ANY&gt; &lt;!ENTITY xxe SYSTEM "../../"&gt; ]&gt; &lt;comment&gt; &lt;text&gt;&amp;xxe;&lt;/text&gt; &lt;/comment&gt; </code></pre> </div> <p>This service is used to post a comment, but now we have posted a directory of the server:<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--QOKDh-7v--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/x2ab5r5ggmjhpxq7yxqu.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--QOKDh-7v--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/x2ab5r5ggmjhpxq7yxqu.png" alt="Alt Text" width="880" height="703"></a></p> <p>After some tries, you could print the content of an important file (like passwords or configurations).</p> <h1> A patch to the XXE injection </h1> <p>You can validate the input, the content type, or instruct your parser to ignore DTD (document type definition). See the setProperty invocation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">protected</span> <span class="nc">Comment</span> <span class="nf">parseXml</span><span class="o">(</span><span class="nc">String</span> <span class="n">xml</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">JAXBContext</span> <span class="n">jc</span> <span class="o">=</span> <span class="nc">JAXBContext</span><span class="o">.</span><span class="na">newInstance</span><span class="o">(</span><span class="nc">Comment</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="nc">XMLInputFactory</span> <span class="n">xif</span> <span class="o">=</span> <span class="nc">XMLInputFactory</span><span class="o">.</span><span class="na">newFactory</span><span class="o">();</span> <span class="n">xif</span><span class="o">.</span><span class="na">setProperty</span><span class="o">(</span><span class="nc">XMLInputFactory</span><span class="o">.</span><span class="na">SUPPORT_DTD</span><span class="o">,</span> <span class="kc">false</span><span class="o">);</span> <span class="nc">XMLStreamReader</span> <span class="n">xsr</span> <span class="o">=</span> <span class="n">xif</span><span class="o">.</span><span class="na">createXMLStreamReader</span><span class="o">(</span><span class="k">new</span> <span class="nc">StringReader</span><span class="o">(</span><span class="no">XML</span><span class="o">));</span> <span class="nc">Unmarshaller</span> <span class="n">unmarshaller</span> <span class="o">=</span> <span class="n">jc</span><span class="o">.</span><span class="na">createUnmarshaller</span><span class="o">();</span> <span class="k">return</span> <span class="o">(</span><span class="nc">Comment</span><span class="o">)</span> <span class="n">unmarshaller</span><span class="o">.</span><span class="na">unmarshal</span><span class="o">(</span><span class="n">xsr</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p>For Spring REST Services, you can specify the consumes = MediaType.APPLICATION_JSON_VALUE:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@RequestMapping</span><span class="o">(</span><span class="n">method</span> <span class="o">=</span> <span class="nc">RequestMethod</span><span class="o">.</span><span class="na">POST</span><span class="o">,</span> <span class="n">consumes</span> <span class="o">=</span> <span class="nc">MediaType</span><span class="o">.</span><span class="na">APPLICATION_JSON_VALUE</span><span class="o">,</span> <span class="n">produces</span> <span class="o">=</span> <span class="nc">MediaType</span><span class="o">.</span><span class="na">APPLICATION_JSON_VALUE</span><span class="o">)</span> <span class="nd">@ResponseBody</span> <span class="kd">public</span> <span class="nc">AttackResult</span> <span class="nf">createNewUser</span><span class="o">(</span><span class="nd">@RequestBody</span> <span class="nc">String</span> <span class="n">commentStr</span><span class="o">,</span> <span class="nd">@RequestHeader</span><span class="o">(</span><span class="s">"Content-Type"</span><span class="o">)</span> <span class="nc">String</span> <span class="n">contentType</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="o">...</span> <span class="o">}</span> </code></pre> </div> <p>Now, the attacker cannot send XML:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Axpbg6cm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3sz6h9gf8tokt219nmg5.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Axpbg6cm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3sz6h9gf8tokt219nmg5.png" alt="Alt Text" width="880" height="635"></a></p> <p>For more information see: <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html">https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html</a></p> java injection sqlinjection xxeinjection Handling Cross-Site Scripting (XSS) in Java eidher Fri, 26 Feb 2021 04:15:46 +0000 https://dev.to/eidher/handling-cross-site-scripting-xss-in-java-1pe6 https://dev.to/eidher/handling-cross-site-scripting-xss-in-java-1pe6 <p>Cross-site scripting (XSS) is a type of security vulnerability in web applications where an attacker injects malicious scripts through some kind of user input (like input boxes, URL parameters, HTML headers, etc)<br> It is important to prevent XSS attacks to safeguard the confidentiality, integrity, and availability of the information of the web application. The two main cross-site scripting flaws are reflected and stored:</p> <h1> Reflected XSS </h1> <p>Malicious content from a user request is displayed to the user or it is written into the page after from server response. For instance, in the next screenshot, the credit card number field is vulnerable. After the number, there is a script to be injected: </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="o">&lt;</span><span class="nx">script</span><span class="o">&gt;</span><span class="nf">alert</span><span class="p">(</span><span class="dl">'</span><span class="s1">my javascript here</span><span class="dl">'</span><span class="p">)</span><span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1n29rwqfb4op6w5xjl17.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1n29rwqfb4op6w5xjl17.png" alt="Alt Text"></a><br> When the purchase button is clicked, the alert windows is displayed:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffemmo5nak56u32u0haxs.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffemmo5nak56u32u0haxs.png" alt="Alt Text"></a></p> <h2> A patch to the flaw in Java </h2> <p>When you have a String RequestParam, avoid handling it without sanitization:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fto69ldl3qqvb29d529em.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fto69ldl3qqvb29d529em.png" alt="Alt Text"></a></p> <p>The <a href="https://owasp.org/www-project-java-encoder/" rel="noopener noreferrer">OWASP Java encoder</a> has a method called forHtml for that purpose:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzv9qq39pa786kmxuv58n.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzv9qq39pa786kmxuv58n.png" alt="Alt Text"></a></p> <p>Now, the field is printed as text, but it is not executed:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvcydqtsjs4mk8hwye99p.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvcydqtsjs4mk8hwye99p.png" alt="Alt Text"></a></p> <h1> Stored XSS </h1> <p>The payload is persisted. For example, in the next screenshot, you can see that a script is added as a comment. When the page is loaded the script is executed and printed as part of the code.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4qdjxnb1d1fpxzheag9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4qdjxnb1d1fpxzheag9.png" alt="Alt Text"></a></p> <h2> A patch to the flaw in Java </h2> <p>The solution is to sanitize the RequestBody before handling it:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8q05u6sm70g4ctajym41.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8q05u6sm70g4ctajym41.png" alt="Alt Text"></a></p> <p>Now, the comment is printed as text, but it is not executed:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2ekyxx1bka6v4z0vllu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2ekyxx1bka6v4z0vllu.png" alt="Alt Text"></a></p> java xss owasp Testing with Mockito eidher Thu, 14 Jan 2021 05:22:57 +0000 https://dev.to/eidher/testing-with-mockito-j19 https://dev.to/eidher/testing-with-mockito-j19 <p>1) Register MockitoExtension<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@ExtendWith</span><span class="o">(</span><span class="nc">MockitoExtension</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="kd">class</span> <span class="nc">ObjectTest</span> <span class="o">{</span> <span class="kd">static</span> <span class="kd">final</span> <span class="nc">Long</span> <span class="no">ID</span> <span class="o">=</span> <span class="mi">1L</span><span class="o">;</span> </code></pre> </div> <p>2) Create the mock<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="nd">@Mock</span> <span class="kd">private</span> <span class="nc">ObjectRepo</span> <span class="n">mockRepo</span><span class="o">;</span> </code></pre> </div> <p>3) Inject the mock<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="nd">@InjectMocks</span> <span class="kd">private</span> <span class="nc">ObjectService</span> <span class="n">objectService</span><span class="o">;</span> <span class="nd">@Test</span> <span class="kt">void</span> <span class="nf">whenfindByIdThenReturnResult</span><span class="o">()</span> <span class="o">{</span> <span class="kt">var</span> <span class="n">objectDAO</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ObjectDAO</span><span class="o">();</span> <span class="n">objectDAO</span><span class="o">.</span><span class="na">setId</span><span class="o">(</span><span class="no">ID</span><span class="o">);</span> </code></pre> </div> <p>4) Define the behavior<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="n">when</span><span class="o">(</span><span class="n">mockRepo</span><span class="o">.</span><span class="na">findById</span><span class="o">(</span><span class="n">any</span><span class="o">(</span><span class="nc">Long</span><span class="o">.</span><span class="na">class</span><span class="o">))).</span><span class="na">thenReturn</span><span class="o">(</span><span class="nc">Optional</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="n">objectDAO</span><span class="o">));</span> </code></pre> </div> <p>5) Test<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="kt">var</span> <span class="n">result</span> <span class="o">=</span> <span class="nc">ObjectService</span><span class="o">.</span><span class="na">findById</span><span class="o">(</span><span class="no">ID</span><span class="o">);</span> </code></pre> </div> <p>6) Verify<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="n">verify</span><span class="o">(</span><span class="n">mockRepo</span><span class="o">,</span> <span class="n">times</span><span class="o">(</span><span class="mi">1</span><span class="o">)).</span><span class="na">findById</span><span class="o">(</span><span class="n">any</span><span class="o">(</span><span class="nc">Long</span><span class="o">.</span><span class="na">class</span><span class="o">));</span> </code></pre> </div> <p>7) Validate<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="n">assertAll</span><span class="o">(</span> <span class="o">()</span> <span class="o">-&gt;</span> <span class="n">assertNotNull</span><span class="o">(</span><span class="n">result</span><span class="o">),</span> <span class="o">()</span> <span class="o">-&gt;</span> <span class="n">assertEquals</span><span class="o">(</span><span class="n">objectDAO</span><span class="o">.</span><span class="na">getId</span><span class="o">(),</span> <span class="n">result</span><span class="o">.</span><span class="na">getId</span><span class="o">())</span> <span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> java junit mockito Spring Injection Types eidher Mon, 11 Jan 2021 06:30:56 +0000 https://dev.to/eidher/spring-injection-types-c6d https://dev.to/eidher/spring-injection-types-c6d <p>Spring supports three types of dependency injections:</p> <h1> Constructor injection </h1> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Component</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecondBeanImpl</span> <span class="kd">implements</span> <span class="nc">SecondBean</span> <span class="o">{</span> <span class="kd">private</span> <span class="nc">FirstBean</span> <span class="n">firstBean</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">public</span> <span class="nf">SecondBeanImpl</span><span class="o">(</span><span class="nc">FirstBean</span> <span class="n">firstBean</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">firstBean</span> <span class="o">=</span> <span class="n">firstBean</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>That is similar to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">FirstBean</span> <span class="n">firstBean</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FirstBeanImpl</span><span class="o">();</span> <span class="nc">SecondBean</span> <span class="n">secondBean</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecondBeanImpl</span><span class="o">(</span><span class="n">firstBean</span><span class="o">);</span> </code></pre> </div> <p>This type of dependency injection instantiates and initializes the object.<br> In this approach, beans are immutable and dependencies are not null. However, if you define many parameters in the constructor, your code is not clean.<br> From Spring 4.3 the @Autowired annotation is not required if the class has a single constructor.</p> <h1> Setter injection </h1> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Component</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecondBeanImpl</span> <span class="kd">implements</span> <span class="nc">SecondBean</span> <span class="o">{</span> <span class="kd">private</span> <span class="nc">FirstBean</span> <span class="n">firstBean</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">public</span> <span class="nf">setFirstBean</span><span class="o">(</span><span class="nc">FirstBean</span> <span class="n">firstBean</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">firstBean</span> <span class="o">=</span> <span class="n">firstBean</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>That is similar to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">FirstBean</span> <span class="n">firstBean</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FirstBeanImpl</span><span class="o">();</span> <span class="nc">SecondBean</span> <span class="n">secondBean</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecondBeanImpl</span><span class="o">();</span> <span class="n">secondBean</span><span class="o">.</span><span class="na">setFirstBean</span><span class="o">(</span><span class="n">firstBean</span><span class="o">);</span> </code></pre> </div> <p>In this approach, beans are not immutable (the setter could be called later), and not mandatory dependencies can lead to NullPointerExceptions.</p> <h1> Field injection </h1> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Component</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecondBeanImpl</span> <span class="kd">implements</span> <span class="nc">SecondBean</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">FirstBean</span> <span class="n">firstBean</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <p>This approach may look cleaner but hides the dependencies and makes testing difficult. While constructor and setter injections use proxies, field injection uses reflection which could affect the performance. Could be used in test classes.</p> spring java Jenkins: Automating your delivery pipeline eidher Mon, 28 Dec 2020 22:11:23 +0000 https://dev.to/eidher/jenkins-automating-your-delivery-pipeline-1d24 https://dev.to/eidher/jenkins-automating-your-delivery-pipeline-1d24 <p>In this post, we are going to create a Jenkins pipeline for a Java Spring project using Maven and Git:</p> <h1> Accessing Jenkins dashboard and configuring Maven in Jenkins: </h1> <p>Click on "Manage Jenkins" and then in "Global Tool Configuration"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fs8sgsyxjmba2bb4i9vdu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fs8sgsyxjmba2bb4i9vdu.png" alt="Alt Text"></a></p> <p>Add a Maven installation and provide a name for it. Click on Save.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fyy5ukhxl4o25anybpbzk.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fyy5ukhxl4o25anybpbzk.png" alt="Alt Text"></a></p> <h1> Creation of our first build job in Jenkins for a Spring application: </h1> <p>Click on "New Item"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F7l1ifhb259btttqvos2c.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F7l1ifhb259btttqvos2c.png" alt="Alt Text"></a></p> <p>Provide a name for the project and choose "Freestyle Project"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ffqp9qq348461ee2gt5fx.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ffqp9qq348461ee2gt5fx.png" alt="Alt Text"></a></p> <p>Go to "Source Code Management", choose "Git", and provide the Repository URL and the branch.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F164oywc9305altdu637u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F164oywc9305altdu637u.png" alt="Alt Text"></a></p> <p>Go to the "Build" tab and choose "Invoke top-level Maven targets"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1gcdbj2mf0k2no1bd7d7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1gcdbj2mf0k2no1bd7d7.png" alt="Alt Text"></a></p> <p>Choose the Maven Version, write compile in the goals and click on "Save"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F62g8olc1volpioiaaxjl.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F62g8olc1volpioiaaxjl.png" alt="Alt Text"></a></p> <p>Click on "Build Now"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz7848jfwsxe73i0gbp7w.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz7848jfwsxe73i0gbp7w.png" alt="Alt Text"></a></p> <p>Click on "Console Output" in the first build of the Build History section<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F7i3x6ni6mjyvwf1k4i59.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F7i3x6ni6mjyvwf1k4i59.png" alt="Alt Text"></a></p> <p>Confirm the "SUCCESS" message is displayed when finished<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F60god1mxu4167ricv5sq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F60god1mxu4167ricv5sq.png" alt="Alt Text"></a></p> <h1> Developing and viewing of a delivery pipeline of a Spring application with two stages build and test in Jenkins </h1> <p>Let's create a New Item<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdyviseds3uyd4szfoht2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdyviseds3uyd4szfoht2.png" alt="Alt Text"></a></p> <p>Enter an item name, choose the "Freestyle project" and click OK<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fx39aqy7j07ae9ruwagzo.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fx39aqy7j07ae9ruwagzo.png" alt="Alt Text"></a></p> <p>Go to the "Source Code Management" tab, select "Git", provide the URL of the Repository, and the branch<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm54gjxhu1ctqu8mplo0z.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm54gjxhu1ctqu8mplo0z.png" alt="Alt Text"></a></p> <p>Go to the "Build" tab and choose "Invoke top-level Maven targets"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1gcdbj2mf0k2no1bd7d7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1gcdbj2mf0k2no1bd7d7.png" alt="Alt Text"></a></p> <p>Choose the Maven Version, write test in the goals and click on "Save"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fw650pe8nb9n29iwlyssd.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fw650pe8nb9n29iwlyssd.png" alt="Alt Text"></a></p> <p>Click on "Build Now"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F2346l9iu0qmh6oyilap0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F2346l9iu0qmh6oyilap0.png" alt="Alt Text"></a></p> <p>Click on "Console Output" in the first build of the Build History section<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fhqd0l3zai3h91ii1smu4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fhqd0l3zai3h91ii1smu4.png" alt="Alt Text"></a></p> <p>Confirm the "SUCCESS" message is displayed when finished<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F3ukil8gfkcs258tucvm5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F3ukil8gfkcs258tucvm5.png" alt="Alt Text"></a></p> <p>To do it automatically after the compile job, let's go to the "Configure" option of the item<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fnq7eghv1vwthuum5uiqe.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fnq7eghv1vwthuum5uiqe.png" alt="Alt Text"></a></p> <p>Go to the "Build Triggers" section and select the "Build after other projects are built" option. Then, enter the other project name, and click "Save"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F55l51c6v2g8xif6c0xzs.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F55l51c6v2g8xif6c0xzs.png" alt="Alt Text"></a></p> <p>Go to the "Manage Jenkins" option in the main menu and choose "Manage Plugins"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fpn40g5x54xzpoquoswxf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fpn40g5x54xzpoquoswxf.png" alt="Alt Text"></a></p> <p>Go to the "Available" tab and look for "Build pipeline". Choose it and click on "Install without Restart"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Frsfmue5s4lzmmm7dk0nb.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Frsfmue5s4lzmmm7dk0nb.png" alt="Alt Text"></a></p> <p>Choose the plus symbol in the main dashboard<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzibqadjreksd11tjz1u4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzibqadjreksd11tjz1u4.png" alt="Alt Text"></a></p> <p>Choose the "Build Pipeline View" option, provide a view name, and click on "OK"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxf66km2r9ulriw8hvbcg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxf66km2r9ulriw8hvbcg.png" alt="Alt Text"></a></p> <p>Select the initial job and click ok<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Faz99750zi0utkpnc0k61.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Faz99750zi0utkpnc0k61.png" alt="Alt Text"></a></p> <p>Click "Run"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fwwo6w4tc7h53yy06smlv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fwwo6w4tc7h53yy06smlv.png" alt="Alt Text"></a></p> <h1> Transforming your delivery pipeline in the form of scripted/declarative pipeline </h1> <p>First, install the "Pipeline Maven Integration Plugin"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqh606q3i8e72c6kk21f1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqh606q3i8e72c6kk21f1.png" alt="Alt Text"></a></p> <p>Now, let's create a new item (Pipeline)<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5jkgluv98f0dbblbt5dy.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5jkgluv98f0dbblbt5dy.png" alt="Alt Text"></a></p> <p>Then, go to the "Pipeline" tab and choose "Scripted Pipeline" or "GitHub + Maven" for a declarative pipeline<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F37oveg05mzfeb60h1sc3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F37oveg05mzfeb60h1sc3.png" alt="Alt Text"></a></p> <p>Finally, adapt the code according to your needs, and click on "Save"<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fbqk0jlmxdzqrxc2v80bo.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fbqk0jlmxdzqrxc2v80bo.png" alt="Alt Text"></a></p> <p>If you click on "Build Now" you can see the result<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fy5xwu309iz681146q3bh.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fy5xwu309iz681146q3bh.png" alt="Alt Text"></a></p> <h1> Developing a Jenkinsfile for our application </h1> <p>If you chose "GitHub + Maven" for a declarative pipeline you can copy that code into a Jenkinsfile in the root of your project. Now, edit the Pipeline and select "Pipeline script from SCM". Then, choose Git as your SCM and provide the Repository URL and branch. Finally, click "Save" and "Build now" to test your pipeline<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1nuustbgwtek68hk6rzz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1nuustbgwtek68hk6rzz.png" alt="Alt Text"></a></p> java spring jenkins devops Spring Security eidher Sat, 21 Nov 2020 22:02:05 +0000 https://dev.to/eidher/spring-security-ejk https://dev.to/eidher/spring-security-ejk <p>There are many authentication mechanisms (basic, digest, form, X.509, etc), and there are many storage options for credentials and authority information (in-memory, database, LDAP, etc). Authorization depends on authentication and determines if you have the required Authority. The decision process is often based on roles (e.g. ADMIN, MEMBER, GUEST, etc).</p> <p>There are three steps to set up and configure Spring Security in a web environment:</p> <ol> <li>Setup the filter chain: The implementation is a chain of Spring configured filters (Spring Boot does it automatically)</li> <li>Configure security (authorization) rules</li> <li>Setup Web Authentication</li> </ol> <p>In the next example, it is defined as specific authorization restrictions for URLs using mvcMatchers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Configuration</span> <span class="nd">@EnableWebSecurity</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecurityConfig</span> <span class="kd">extends</span> <span class="nc">WebSecurityConfigurerAdapter</span> <span class="o">{</span> <span class="nd">@Override</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">configure</span><span class="o">(</span><span class="nc">HttpSecurity</span> <span class="n">http</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="n">http</span><span class="o">.</span><span class="na">formLogin</span><span class="o">().</span><span class="na">loginPage</span><span class="o">(</span><span class="s">"/login"</span><span class="o">).</span><span class="na">permitAll</span><span class="o">().</span><span class="na">and</span><span class="o">().</span><span class="na">exceptionHandling</span><span class="o">().</span><span class="na">accessDeniedPage</span><span class="o">(</span><span class="s">"/denied"</span><span class="o">).</span><span class="na">and</span><span class="o">()</span> <span class="o">.</span><span class="na">authorizeRequests</span><span class="o">().</span><span class="na">mvcMatchers</span><span class="o">(</span><span class="s">"/accounts/resources/**"</span><span class="o">).</span><span class="na">permitAll</span><span class="o">().</span><span class="na">mvcMatchers</span><span class="o">(</span><span class="s">"/accounts/edit*"</span><span class="o">)</span> <span class="o">.</span><span class="na">hasRole</span><span class="o">(</span><span class="s">"EDITOR"</span><span class="o">).</span><span class="na">mvcMatchers</span><span class="o">(</span><span class="s">"/accounts/account*"</span><span class="o">).</span><span class="na">hasAnyRole</span><span class="o">(</span><span class="s">"VIEWER"</span><span class="o">,</span> <span class="s">"EDITOR"</span><span class="o">)</span> <span class="o">.</span><span class="na">mvcMatchers</span><span class="o">(</span><span class="s">"/accounts/**"</span><span class="o">).</span><span class="na">authenticated</span><span class="o">().</span><span class="na">and</span><span class="o">().</span><span class="na">logout</span><span class="o">().</span><span class="na">permitAll</span><span class="o">().</span><span class="na">logoutSuccessUrl</span><span class="o">(</span><span class="s">"/"</span><span class="o">);</span> <span class="o">}</span> <span class="nd">@Autowired</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">configureGlobal</span><span class="o">(</span><span class="nc">AuthenticationManagerBuilder</span> <span class="n">auth</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="n">auth</span><span class="o">.</span><span class="na">inMemoryAuthentication</span><span class="o">().</span><span class="na">passwordEncoder</span><span class="o">(</span><span class="k">new</span> <span class="nc">StandardPasswordEncoder</span><span class="o">()).</span><span class="na">withUser</span><span class="o">(</span><span class="s">"viewerUser"</span><span class="o">)</span> <span class="o">.</span><span class="na">password</span><span class="o">(</span><span class="s">"abc"</span><span class="o">).</span><span class="na">roles</span><span class="o">(</span><span class="s">"VIEWER"</span><span class="o">).</span><span class="na">and</span><span class="o">().</span><span class="na">withUser</span><span class="o">(</span><span class="s">"editorUser"</span><span class="o">).</span><span class="na">password</span><span class="o">(</span><span class="s">"abc"</span><span class="o">).</span><span class="na">roles</span><span class="o">(</span><span class="s">"EDITOR"</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>As you can see, you can chain multiple restrictions (using the and() method). The first method sets up a form-based authentication. The second method uses a UserDetailsManagerConfigurer. You can use jdbcAuthentication() instead of inMemoryAuthentication().</p> <p>Learn more at <a href="https://docs.spring.io/spring-security/site/docs/current/reference/html5/">Spring Security Reference</a> and <a href="https://examples.javacodegeeks.com/security-architecture-with-spring/">Security Architecture with Spring</a></p> spring security java