DEV Community: Jackson Williams

Master Microservices Packaging for Private Clouds: 5 Essential Tips

Jackson Williams — Fri, 25 Oct 2024 00:07:16 +0000

In the current software development environment, microservices architecture has emerged as a prevalent method for creating applications. Generally, microservices are packaged as container images using containerization tools like Docker, which are then uploaded to an image registry. For deploying these container images on a container orchestration platform such as Kubernetes, Helm stands out as the most widely used option. Helm charts refer to publicly available container registries to retrieve the container images.

However, some companies operate their own private cloud systems. In these settings, public container image registries or even the Internet may not be accessible. To deploy an application in these limited environments, it is crucial to bundle all necessary components—container images, Helm charts, documentation, and more—into a single archive. This article will examine how to package a microservices-based application for a private cloud, like on-premises Kubernetes, and will also cover strategies to reduce the package size.

Packaging Your Application

The first step is to package the Docker images. Assign a release SemVer tag to the Docker images, for example, 1.2.3.

&gt; docker tag &lt;current repo&gt;/image-name:tagname &lt;appname&gt;/image-name:tagname

&gt; docker tag myrepo:5000/myimage1:1.2.3 myapp/myimage1:1.2.3
&gt; docker tag myrepo:5000/myimage2:1.2.3 myapp/myimage2:1.2.3

Next, save all the images into a single tarball.

&gt; docker save --output &lt;App Name&gt;-images-1.2.3.tar &lt;docker-images with tags&gt;

&gt; docker save --output myapp-images-1.2.3.tar myrepo:5000/myimage1:1.2.3 myrepo:5000/myimage2:1.2.3 &lt;more images&gt;

Finally, add Helm Charts and a Readme to create a complete compressed archive.

myapp-package-1.2.3.tgz

           |_ _ _ _ _ _ myapp-1.2.3.tgz (helm chart)

           |_ _ _ _ _ _ myapp-images-1.2.3.tar (docker images)

           |_ _ _ _ _ _ Readme.txt (Contains checksums and installation instructions)

Installing Package

To install the package, the customer first untars the package, load the tarballs to Docker images, and if needed they can re-tag it according to the customer-specific repository.

&gt; docker load --input /root/myapp-images-1.2.3.tar
&gt; docker tag myapp/myimage:1.2.3 &lt;customer repo&gt;/myimage:1.2.3
&gt; docker push &lt;customer repo&gt;/myimage:1.2.3

To deploy the application using Helm, create a custom values file, custom-values.yaml, specific to the customer environment, and run Helm install.

&gt; helm install -f custom-values.yaml myapp myapp-1.2.3.tgz

Optimizing Package Size

With the packaging structure as above, the bulk of the package size will come from Docker images. List the contents of the package to confirm it.

&gt; tar -ztvf myapp-package-1.2.3.tgz

To reduce the overall size of the package, let’s classify Docker images into three categories:

Microservices crafted with Java
Microservices constructed using alternative technologies, such as Python and NodeJS
Microservices obtained from external sources, where we lack oversight of the containerization procedure

We will explore technologies like distroless images, Jib, docker-slim, dive, and others to decrease image sizes and visualize our containerization journey.

Containerizing Java Applications

A key aim when containerizing an application is to achieve the smallest image size feasible. A reduced container size results in

Quicker pod initialization times
Faster autoscaling
Lower resource consumption
Improved security

To generate a Docker image, we need a Dockerfile that Docker employs to define the layers of an image. For each microservice in our application, we generally create a fat jar that includes all dependencies. The actual code may be relatively compact. These dependencies are redundantly included and copied into each fat jar, leading to unnecessary space usage. We can take advantage of Docker’s image layering—by placing dependencies and resources in distinct layers, we can reuse them and only modify the code for each microservice.

Google provides an open-source tool named Jib, which offers Maven and Gradle plugins to facilitate this method. We do not require a running Docker daemon to create images with Jib—it constructs the image using the same standard output as we receive from docker build but does not engage Docker unless explicitly stated.

Creating Docker Image With Gradle

The first step, therefore, is to adjust each project’s build.gradle file to incorporate the new plugin:

plugins {
  id 'com.google.cloud.tools.jib' version '2.2.0'
}

Incorporate a tailored jib Gradle task to create the Docker image:

jib {
  from {
    image = 'gcr.io/distroless/java:11'
  }
  to {
    image = System.getenv('DOCKER_REGISTRY_ADDR') + "/myimage"
    tags = [branchName + "-" + System.getenv('CI_PIPELINE_ID'), 'latest']
  }
  container {
    mainClass = 'com.mycompany.myapp.MyServiceApplication'
    jvmFlags = ['-XX:GCPauseIntervalMillis=750', '-XX:MaxGCPauseMillis=100',
                '-XX:-OmitStackTraceInFastThrow']
    ports = ['8080', '9443', '5801']
    user = '5000:5000'
  }
 
  allowInsecureRegistries = 'true'
}

Create a labeled Docker image and push it to the Docker registry:

&gt; gradle build jib
 
&gt; Task :compileJava
Note: Some input files utilize or override a deprecated API.
Note: Recompile with -Xlint:deprecation for specifics.
Note: Some input files employ unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for specifics.
 
&gt; Task :jib
 
Containerizing application to myrepo:5000/myimage, myrepo:5000/myimage:staging-620672...
Base image 'gcr.io/distroless/java:11' does not specify a particular image digest - build may not be reproducible
Utilizing credentials from Docker config (/root/.docker/config.json) for myrepo:5000/myimage
Unable to verify server at https://myrepo:5000/v2/. Retrying without TLS verification.
Failed to connect to https://myrepo:5000/v2/ over HTTPS. Retrying with HTTP.
Using base image with digest: sha256:c94feda039172152495b5cd60a350a03162fce4f8986b560ea555de4d276ce19
 
Container entrypoint established as [java, -XX:GCPauseIntervalMillis=750, -XX:MaxGCPauseMillis=100, -XX:-OmitStackTraceInFastThrow, -cp, /app/resources:/app/classes:/app/libs/*, com.mycompany.myapp.MyServiceApplication]
 
Constructed and pushed image as myrepo:5000/myimage, myrepo:5000/myimage:staging-620Foundation Image
We have selected gcr.io/distroless/java:11 as our foundational image. “Distroless” images encompass solely our application along with its runtime necessities. They lack package managers, shells, or any other utilities typically found in a conventional Linux distribution.
Illustrate Docker Image
Dive serves as an invaluable resource for scrutinizing docker images and illustrating the effects of bulky jars within docker images. The subsequent illustration displays the newly crafted layer structures that Jib has generated.
&gt; dive myrepo:5000/myimage:1.2.3



Encapsulating and Enhancing Non-Java Applications

Within our application, we might incorporate a non-Java element, such as Python or NodeJS applications. The Docker images for these elements are constructed using the traditional approach with a Dockerfile. To refine the images, we employ an additional utility – docker-slim. This tool necessitates no alterations to our Docker image and optimizes it effortlessly.



> docker-slim build myapp --http-probe=false

...

docker-slim[build]: state=building message='building optimized image'

docker-slim[build]: state=completed

docker-slim[build]: info=results status='OPTIMIZED BY 18.82X [417722590 (418 MB) => 22199995 (22 MB)]'

docker-slim[build]: info=results  image.name=myapp.slim image.size='22 MB' data=true

...

Feel free to reach out if you require any additional support!

Enhancing Docker Images from External Origins

In our software, we frequently depend on external components, such as Ingress Gateway, which are accessible to the public. As we lack authority over the containerization of these microservices, we employ docker-slim to streamline their Docker images.

A notable drawback of utilizing docker-slim for image reduction is that it fails to preserve the original layering configuration. Although this method produces compact and secure individual images, it does not aid in diminishing the total image size, as there is no layer sharing between various images.

Holistic Approach

Our comprehensive approach entails using Jib for containerizing our proprietary Java applications and docker-slim for minimizing non-Java images, along with those obtained from other teams.



Final Thoughts

This article has delved into the methodology of packaging applications based on microservices for deployment in private clouds with restricted access to public repositories. We have also investigated various strategies for minimizing package size, ensuring effective deployment and management.

Secure Your App: 2-Factor Auth in 3 Easy Steps

Jackson Williams — Tue, 22 Oct 2024 22:51:35 +0000

In the current digital environment, multi-factor authentication (MFA) has become a crucial practice for many applications, especially those managing sensitive information like financial services. Additionally, MFA is increasingly required by legislation across various sectors in the EU, making it vital for developers to integrate this security feature into their applications. If you are developing an application that necessitates two-factor authentication, this article is a valuable resource.

This article will walk you through the steps to implement a two-factor authentication system for a reactive API created with Spring Webflux. This application employs TOTP (time-based one-time passwords generated by an app on the user's device, such as Google Authenticator) as the second security factor, alongside traditional email and password combinations.

Understanding Two-Factor Authentication

From a technical perspective, two-factor authentication (or multi-factor authentication) is defined as a security method that necessitates users to present two or more verification factors. Typically, this means that a user must enter a password along with another form of identification. This additional identifier can be a one-time password, hardware tokens, biometric data (like fingerprints), or other verification methods.

This security procedure consists of several essential steps:

The user inputs their email (username) and password.
Along with their credentials, the user provides a one-time code generated by an authenticator app.
The app verifies the email (username) and password, and checks the one-time code using the user's secret key, which was issued during the registration process.

Utilizing authenticator apps (such as Google Authenticator, Microsoft Authenticator, or FreeOTP) presents several benefits over SMS-based code delivery. These apps are less vulnerable to SIM attacks and can operate without cellular or internet access.

A Hands-On Example

In this article, we will create a straightforward REST API that integrates two-factor authentication methods. This API requires users to enter both an email-password combination and a short code generated by an app. You can use any compatible app to generate TOTP; for this demonstration, I will utilize Google Authenticator for Android. The source code can be found in this GitHub repository. The application requires JDK 11, Maven, and MongoDB (for user profile storage). Let’s examine the project structure in more detail:

Unlock Scala in 5 Minutes: Traits vs Abstract Classes

Jackson Williams — Tue, 22 Oct 2024 19:33:28 +0000

1. Unlocking Scala Mastery: Understanding Abstract Classes and Traits

To master Scala, it's essential to grasp the fundamental difference between abstract classes and traits. Let's break down each concept to appreciate their unique characteristics.

Traits are similar to Java interfaces but offer more flexibility, as they allow the implementation of their members. In contrast, abstract classes are defined using the abstract keyword and can contain both abstract and concrete methods.

2. Shared Characteristics

Before diving into the differences, let's explore the commonalities between abstract classes and traits. This understanding will help us appreciate their distinct features.

A trait can include a declared and implemented method, along with a variable:

trait mytrait { 
  def myMethod():Unit
  val aVal: Int 
  val myVal = 10 
  def myImpMethod = { println("I am from trait") } 
}

An abstract class can feature both an abstract and a concrete method, along with a variable:

abstract class abstClass { 
  def myMethod():Unit 
  val aVal: Int 
  val myVal = 10 
  def myImpMethod:Unit = { println("I am from abstClass") } 
}

Notably, neither a trait nor an abstract class can be instantiated in the main method.

val myTObj = new mytrait //compilation error
val myAObj = new abstClass() //compilation error

Classes that extend a trait or an abstract class must implement the declared methods.

class myTClass extends mytrait {
  val aVal=10 
  def myMethod ={ println("I am from myTclass") } 
} 
class myAClass extends abstClass {
  val aVal=10 
  def myMethod ={ println("I am from myAclass") } 
}

3. Key Differences

3.1 Constructor Parameters

trait myTraitWithParam(name: String){} 
abstract class abstClassWithParam(name : String){}

The name serves as a constructor parameter. However, using a constructor parameter in a trait results in a compilation error, whereas it functions correctly in an abstract class. For more information on Scala mastery, visit t8tech.

3.2 Modifying Object Instances

scala trait objectInstanceTrait { def myObjectMethod = { println("I stem from the object instance trait") } } class myTClass {} def main(args: Array[String]): Unit = { val classObjWithTrait = new myTClass with objectInstanceTrait classObjWithTrait.myObjectMethod } output => "I stem from the object instance trait"

The function “myObjectMethod” defined in the trait can be invoked via an instance of a class. An abstract class cannot be integrated into an object instance, leading to a compilation error.

3.3 Multiple Inheritances

In the realm of multiple inheritance, a single class can derive from more than one superclass, inheriting traits from all parent classes. Although Scala does not allow multiple inheritance with classes, it can be achieved using traits.

class myClass extends trait1 with trait2{} 
class myNewClass extends abstClass1 with abstClass2{}

Employing an abstract class for multiple inheritances results in a compilation error.

Scala resolves the diamond problem in multiple inheritance through trait linearization, where the trait located furthest to the right takes precedence.

trait Printer { 
  def print(msg: String) = println(msg) 
} 
trait DelimitWithHyphen extends Printer { 
  override def print(msg: String) = { println("-------------") } 
} 
trait DelimitWithStar extends Printer { 
  override def print(msg: String) = { println("*") } 
} 

class CustomPrinter extends Printer with DelimitWithHyphen with DelimitWithStar 

new CustomPrinter().print("Hello World!") 
  
output => "*"

3.4 Stackability

Stackable traits in Scala facilitate the amalgamation of multiple traits that jointly alter a method. This procedure entails invoking super.theMethod.

html

trait foundation { 
  def foundationMethod(s: String): Unit = println(s) 
}

trait stackA extends foundation {
  override def foundationMethod(s: String): Unit = println("from stackA") 
} 

trait substituteA extends foundation { 
  abstract override def foundationMethod(s: String): Unit = {
    super.foundationMethod(s); 
    println("from substituteA")
  } 
}

class Stackable { 
  this: foundation => 
  def apply() { 
    println(foundationMethod("base")) 
  } 
} 

(new Stackable with stackA with substituteA)() 

output => 
from stackA 
from substituteA

The invocation initiates with substituteA, which subsequently directs to stackA through super.foundationMethod(s).

This method invocation reaches stackA as it is situated to the left of substituteA.

3.5 Compatibility with Java

Traits can integrate effortlessly with Java provided they do not contain any implementation; abstract classes can be directly employed.

4. Summary

Scala traits provide enhanced versatility in comparison to abstract classes. Abstract classes should be utilized when a base class with a constructor parameter is required. In situations of doubt, it is prudent to choose traits, as they can be readily converted into abstract classes.

Unlock Spring Data JPA: Master Many-to-Many Relationships Now!

Jackson Williams — Mon, 21 Oct 2024 11:05:38 +0000

We will explore the following subjects:

Unidirectional many-to-many connections.
CRUD functions.

Let's start by modeling the entities.Next, we will see how Hibernate constructs the tables for us.A junction table is generated as a result.

Since this is a Many-to-Many, Unidirectional relationship, the definition in the User entity is as follows, while the Role entity will not include any related definition.

The crucial point to highlight is the relationship definition in the User Entity.

@ManyToMany(targetEntity = Role.class, cascade = CascadeType.ALL)

private List<Role> roles;

Now, let's see how this is implemented in code. All CRUD functions are executed in the following code. We will adjust the UPDATE methods in the next article. The code has been discussed in previous articles, and a video tutorial is also available for a comprehensive explanation of the code.

User Entity

package com.notyfyd.entity;

import javax.persistence.*;
import java.util.List;

@Entity@Table(name = "t_user")
public class User {
    @Id    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long userId;
    private String firstName;
    private String lastName;
    private String contactNumber;
    @Column(unique = true)
    private String email;
    @ManyToMany(targetEntity = Role.class, cascade = CascadeType.ALL)
    private List<Role> roles;

    public List<Role> getRoles() {
        return roles;
    }

    public void setRoles(List<Role> roles) {
        this.roles = roles;
    }

    public Long getUser Id() {
        return userId;
    }
    
    public void setUser Id(Long userId) {
        this.userId = userId;
    }
    
    public String getFirstName() {
        return firstName;
    }
    
    public void setFirstName(String firstName) {
        this.firstName = firstName;
    }
    
    public String getLastName() {
        return lastName;
    }
    
    public void setLastName(String lastName) {
        this.lastName = lastName;
    }
    
    public String getContactNumber() {
        return contactNumber;
    }
    
    public void setContactNumber(String contactNumber) {
        this.contactNumber = contactNumber;
    }
    
    public String getEmail() {
        return email;
    }
    
    public void setEmail(String email) {
        this.email = email;
    }
}

Role Entity

package com.notyfyd.entity;

import javax.persistence.*;

@Entity@Table(name = "t_role")
public class Role {
    @Id    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    private String name;
    private String description;

    public Long getId() {
        return this.id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public String getName() {
        return this.name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getDescription() {
        return this.description;
    }
    public void setDescription(String description) {
        this.description = description;
    }
}

Role Administration Controller

package com.notyfyd.controller;

import com.notyfyd.entity.User;
import com.notyfyd.repository.UserRepository;
import com.notyfyd.service.UserService;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@RestControllerpublic class UserController {

    private final UserService userService;
    private final UserRepository userRepository;

    public UserController(UserService userService, UserRepository userRepository) {
        this.userService = userService;
        this.userRepository = userRepository;
    }

    /
     * Creates a new user.
     * 
     * @param user the user to be created
     * @return the response entity containing the created user
     */
    @PostMapping("/user/create")    public ResponseEntity<Object> createUser(@RequestBody User user) {
        return userService.createUser(user);
    }

    /
     * Retrieves a user by ID.
     * 
     * @param id the ID of the user to be retrieved
     * @return the user with the specified ID, or null if not found
     */
    @GetMapping("/user/details/{id}")    public User getUser(@PathVariable Long id) {
        return userRepository.findById(id).orElse(null);
    }

    /
     * Retrieves a list of all users.
     * 
     * @return the list of users
     */
    @GetMapping("/user/all")    public List<User> getUsers() {
        return userRepository.findAll();
    }

    /
     * Updates an existing user.
     * 
     * @param id   the ID of the user to be updated
     * @param user the updated user
     * @return the response entity containing the updated user
     */
    @PutMapping("/user/update/{id}")    public ResponseEntity<Object> updateUser(@PathVariable Long id, @RequestBody User user) {
        return userService.updateUser(user, id);
    }

    /
     * Deletes a user by ID.
     * 
     * @param id the ID of the user to be deleted
     * @return the response entity containing the deletion result
     */
    @DeleteMapping("/user/delete/{id}")    public ResponseEntity<Object> deleteUser(@PathVariable Long id) {
        return userService.deleteUser(id);
    }
}

Function Regulator

package com.notyfyd.controller;

import com.notyfyd.entity.Role;
import com.notyfyd.repository.RoleRepository;
import com.notyfyd.service.RoleService;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;

import java.util.List;

/
 * Handles REST requests related to roles.
 */
@RestControllerpublic class RoleController {

    private final RoleService roleService;
    private final RoleRepository roleRepository;

    /
     * Initializes the controller with the required services.
     *
     * @param roleService  the role service instance
     * @param roleRepository the role repository instance
     */
    public RoleController(RoleService roleService, RoleRepository roleRepository) {
        this.roleService = roleService;
        this.roleRepository = roleRepository;
    }

    /
     * Creates a new role.
     *
     * @param role the role to be created
     * @return the response entity
     */
    @PostMapping("/role/create")    public ResponseEntity createRole(@RequestBody Role role) {
        return roleService.addRole(role);
    }

    /
     * Deletes a role by its ID.
     *
     * @param id the ID of the role to be deleted
     * @return the response entity
     */
    @DeleteMapping("/role/delete/{id}")    public ResponseEntity deleteRole(@PathVariable Long id) {
        return roleService.deleteRole(id);
    }

    /
     * Retrieves a role by its ID.
     *
     * @param id the ID of the role to be retrieved
     * @return the role instance, or null if not found
     */
    @GetMapping("/role/details/{id}")    public Role getRole(@PathVariable Long id) {
        return roleRepository.findById(id).orElse(null);
    }

    /
     * Retrieves all roles.
     *
     * @return a list of all roles
     */
    @GetMapping("/role/all")    public List getRoles() {
        return roleRepository.findAll();
    }

    /
     * Updates a role by its ID.
     *
     * @param id the ID of the role to be updated
     * @param role the updated role instance
     * @return the response entity
     */
    @PutMapping("/role/update/{id}")    public ResponseEntity updateRole(@PathVariable Long id, @RequestBody Role role) {
        return roleService.updateRole(id, role);
    }
}

Role Data Access Interface

package com.notyfyd.repository;

import com.notyfyd.entity.Role;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

import java.util.Optional;

/
 * Facilitates data retrieval and manipulation for roles.
 */
@Repositorypublic interface RoleRepository extends JpaRepository {
    /
     * Retrieves a role based on its designated name.
     *
     * @param name the name of the role to be retrieved
     * @return an Optional instance containing the role, if found
     */
    Optional findByName(String name);
}

User Data Access Interface

package com.notyfyd.repository;

import com.notyfyd.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

import java.util.Optional;

/
 * A specialized repository interface for user data management, 
 * leveraging JpaRepository for fundamental CRUD operations.
 */
@Repositorypublic interface UserRepository extends JpaRepository {
    /
     * Fetches a user by their specified email address, 
     * returning an Optional instance to accommodate potential non-existence.
     * 
     * @param email the email address to be searched
     * @return an Optional containing the user, if located
     */
    Optional findByEmail(String email);
}

User Service

package com.notyfyd.service;

import com.notyfyd.entity.Role;
import com.notyfyd.repository.RoleRepository;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;

@Servicepublic class RoleService {

    private RoleRepository roleRepository;

    public RoleService(RoleRepository roleRepository) {
        this.roleRepository = roleRepository;
    }


    /** Create a new role  */
    public ResponseEntity<Object> addRole(Role role)  {

        Role newRole = new Role();
        newRole.setName(role.getName());
        newRole.setDescription(role.getDescription());
        Role savedRole = roleRepository.save(newRole);
        if(roleRepository.findById(savedRole.getId()).isPresent()) {
            return ResponseEntity.accepted().body("Successfully Created Role ");
        } else
            return ResponseEntity.unprocessableEntity().body("Failed to Create specified Role");
    }


    /** Delete a specified role given the id */
    public ResponseEntity<Object> deleteRole(Long id) {
        if(roleRepository.findById(id).isPresent()){
            roleRepository.deleteById(id);
            if(roleRepository.findById(id).isPresent()){
                return ResponseEntity.unprocessableEntity().body("Failed to delete the specified record");
            } else return ResponseEntity.ok().body("Successfully deleted specified record");
        } else
            return ResponseEntity.unprocessableEntity().body("No Records Found");
    }


    /** Update a Role */
    public ResponseEntity<Object> updateRole(Long id, Role role) {
        if(roleRepository.findById(id).isPresent()){
            Role newRole = roleRepository.findById(id).get();
            newRole.setName(role.getName());
            newRole.setDescription(role.getDescription());
            Role savedRole = roleRepository.save(newRole);
            if(roleRepository.findById(id).isPresent())
                return ResponseEntity.accepted().body("Role saved successfully");
            else return ResponseEntity.badRequest().body("Failed to update Role");

        } else return ResponseEntity.unprocessableEntity().body("Specified Role not found");
    }
}

Client Assistance

package com.notyfyd.service;

import com.notyfyd.entity.User;
import com.notyfyd.repository.RoleRepository;
import com.notyfyd.repository.UserRepository;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Servicepublic class UserService {

    private UserRepository userRepository;
    private RoleRepository roleRepository;

    public UserService(UserRepository userRepository, RoleRepository roleRepository) {
        this.userRepository = userRepository;
        this.roleRepository = roleRepository;
    }
    /** Create a new User */
    public ResponseEntity<Object> createUser(User model) {
        User user = new User();
        if (userRepository.findByEmail(model.getEmail()).isPresent()) {
            return ResponseEntity.badRequest().body("The Email is already Present, Failed to Create new User");
        } else {
            user.setFirstName(model.getFirstName());
            user.setLastName(model.getLastName());
            user.setMobile(model.getMobile());
            user.setEmail(model.getEmail());
            user.setRoles(model.getRoles());

            User savedUser = userRepository.save(user);
            if (userRepository.findById(savedUser.getId()).isPresent())
                return ResponseEntity.ok("User Created Successfully");
            else return ResponseEntity.unprocessableEntity().body("Failed Creating User as Specified");
        }
    }

    /** Update an Existing User */
    @Transactional    public ResponseEntity<Object> updateUser(User user, Long id) {
        if(userRepository.findById(id).isPresent()) {
            User newUser = userRepository.findById(id).get();
            newUser.setFirstName(user.getFirstName());
            newUser.setLastName(user.getLastName());
            newUser.setMobile(user.getMobile());
            newUser.setEmail(user.getEmail());
            newUser.setRoles(user.getRoles());
            User savedUser = userRepository.save(newUser);
            if(userRepository.findById(savedUser.getId()).isPresent())
                return  ResponseEntity.accepted().body("User updated successfully");
            else return ResponseEntity.unprocessableEntity().body("Failed updating the user specified");
        } else return ResponseEntity.unprocessableEntity().body("Cannot find the user specified");
    }
    /** Delete an User*/
    public ResponseEntity<Object> deleteUser(Long id) {
        if (userRepository.findById(id).isPresent()) {
            userRepository.deleteById(id);
            if (userRepository.findById(id).isPresent())
                return ResponseEntity.unprocessableEntity().body("Failed to Delete the specified User");
            else return ResponseEntity.ok().body("Successfully deleted the specified user");
        } else return ResponseEntity.badRequest().body("Cannot find the user specified");
    }
}

We will revisit the update technique in our forthcoming edition.

application.properties

server.port=2003
spring.datasource.driver-class-name= org.postgresql.Driver
spring.datasource.url= jdbc:postgresql://192.168.64.6:30432/jpa-test
spring.datasource.username = postgres
spring.datasource.password = root
spring.jpa.show-sql=true
spring.jpa.hibernate.ddl-auto=create

Access the source code at https://github.com/gudpick/jpa-demo/tree/many-to-many-unidirecctional-starter

Watch the instructional video tutorials

Secure Your APIs in 5 Minutes: Token-Based RSocket with JWT

Jackson Williams — Sun, 13 Oct 2024 04:26:36 +0000

RSocket provides a robust messaging system, built on top of the reactive streaming framework, and supports a variety of protocols including TCP, WebSocket, HTTP 1.1, and HTTP 2. Its programming language-agnostic interaction models, such as REQUEST_RESPONSE, REQUEST_FNF, REQUEST_STREAM, and REQUEST_CHANNEL, cater to diverse communication scenarios, including Microservices, API Gateway, Sidecar Proxy, and Message Queue.

When securing communication, RSocket-based applications can easily adopt TLS-based and Token-based solutions. While RSocket can reuse TLS over TCP or WebSocket, this article focuses on token-based implementation to demonstrate the Role-Based Access Control (RBAC) feature.

As the most widely adopted technology for OAuth2 globally, JSON Web Token (JWT) is an ideal choice due to its programming language-agnostic nature. After thorough research, I firmly believe that combining RSocket with JWT is an excellent approach to implementing secure communication between services, particularly for Open API. For a more detailed guide on securing APIs, visit computerstechnicians.com. Now, let’s delve deeper into the intricacies.

Implementing RSocket for Secure Communication

The primary question is how to utilize tokens for inter-service communication in RSocket.

There are two approaches to transmitting tokens from the requester to the responder. One method involves embedding the token into metadata API during setup, while the other involves sending the token as metadata, accompanied by payload as data, with each request.

Beyond that, routing plays a pivotal role in authorization, indicating the resource on the responder side. In RSocket extensions, there exists a routing metadata extension to extend the four interaction models. If tag payloads are supported by both requester and responder, it’s straightforward to define authorization at the top layer.

Understanding JSON Web Token (JWT)

To grasp this article, understanding the following five aspects of JWT is sufficient.

JWT encompasses JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Algorithms (JWA).

HS256 is a symmetric-key algorithm, whereas RS256/ES256 is an asymmetric-key algorithm based on Public Key Infrastructure (PKI). Both are defined in the JWA specification. HS256 combines HMAC (Keyed-Hash Message Authentication Code) with SHA-256, while RS256 utilizes RSASSA paired with SHA-256, and ES256 employs ECDSA (Elliptic Curve Digital Signature Algorithm) alongside SHA-256.
In terms of the secret length, assuming the HS256 algorithm is employed for token generation, the secret characters should exceed 32, given that HS256 necessitates a secret of at least 256 bits (considering that 1 character is equivalent to 8 bits).
The Access Token is utilized by the responder for decoding, verification, and authorization purposes, whereas the Refresh Token serves to regenerate tokens, particularly when the Access Token has expired or become invalid.
Proper handling is necessary after the user signs out, especially when the access token remains valid during this period, to prevent unauthorized access.

Secure Data Exchange

Now, let’s proceed to the demonstration. We have two types of APIs: token and resource. Access to the resource API is only possible once the token has been verified and authenticated.

Workflow

We employ the signin API to generate tokens for the requester, which requires a username and password. Upon successful authentication, the responder signs, saves, and returns the Access Token and Refresh Token to the requester.
The refresh API is used to renew tokens and requires a refresh token. After decoding and authorization, the responder signs, saves, and returns the Access Token and Refresh Token to the requester.
We define info/list/hire/fire as resource APIs to demonstrate various read/write actions.
The signout API handles cases of stolen tokens, as previously discussed, to prevent unauthorized access.

Authentication

Given that we utilize Role-Based Access Control (RBAC) as our authorization mechanism, the authentication component should provide an identity repository (User -Role-Permission) to store and retrieve identity information within the responder, ensuring secure authentication.

Additionally, we provide a token repository to store, revoke, and read tokens, which is used to verify authentication decoded from the token. Since authorization information is encrypted and compressed within the token, we use repository information to double-check these authorizations. If they match, we can confirm the request’s authenticity and legitimacy.

Authentication

API	Interaction Model	Role
Sign In	Request/Response	All Users
Sign Out	Fire-and-Forget	Authenticated Users
Refresh Token	Request/Response	All Users
User Information	Request/Response	User, Administrator
User List	Request/Stream	User, Administrator
Hire User	Request/Response	Administrator
Terminate User	Request/Response	Administrator

Implementing Spring Boot with Enhanced Security

Token Signing

For seamless integration across diverse programming languages, it is crucial to establish a unified standard for the cryptographic algorithm and constants employed in encryption and compression within this demonstration.

In this implementation, we have selected HS256 as the preferred algorithm, featuring an access token validity period of 5 minutes and a refresh token validity period of 7 days.

public static final long ACCESS_TOKEN_VALIDITY_PERIOD = 5;
public static final long REFRESH_TOKEN_VALIDITY_PERIOD = 7;
private static final MacAlgorithm ENCRYPTION_MECHANISM = MacAlgorithm.HS256;
private static final String HASHING_ALGORITHM = "HmacSHA256";

Let's examine the generated access token code:

public static UserToken generateAccessToken(HelloUser  user) {
    Algorithm ENCRYPTION_TECHNIQUE = Algorithm.HMAC256(ACCESS_SECRET_KEY);
    return generateToken(user, ENCRYPTION_TECHNIQUE, ACCESS_TOKEN_VALIDITY_PERIOD, ChronoUnit.MINUTES);
}

private static UserToken generateToken(HelloUser  user, Algorithm encryptionTechnique, long expirationTime, ChronoUnit timeUnit) {
    String tokenIdentifier = UUID.randomUUID().toString();
    Instant currentTime = Instant.now();
    Instant expirationTimeInstant;
    if (currentTime.isSupported(timeUnit)) {
        expirationTimeInstant = currentTime.plus(expirationTime, timeUnit);
    } else {
        log.error("unit param is not supported");
        return null;
    }
    String token = JWT.create()
            .withJWTId(tokenIdentifier)
            .withSubject(user.getUserId())
            .withClaim("scope", user.getRole())
            .withExpiresAt(Date.from(expirationTimeInstant))
            .sign(encryptionTechnique);
    return UserToken.builder().tokenId(tokenIdentifier).token(token).user(user).build();
}

Important Note:

The claim key name in the above code is not arbitrarily chosen, as “scope” is utilized in the framework as the default method to decode the role from the token.

Subsequently, the token decoder code is as follows:

java public static ReactiveJwtDecoder acquireAccessTokenDecoder() { SecretKeySpec secretKey = new SecretKeySpec(ACCESS_SECRET_KEY.getBytes(), HMAC_SHA_256); return NimbusReactiveJwtDecoder.withSecretKey(secretKey) .messageAuthenticationAlgorithm(MAC_ALGORITHM) .build(); } public static ReactiveJwtDecoder jwtAccessTokenDecoder() { return new HelloJwtDecoder(acquireAccessTokenDecoder()); } // HelloJwtDecoder @Overridepublic Mono<Jwt> decode(String token) throws JwtException { return reactiveJwtDecoder.decode(token).doOnNext(jwt -> { String id = jwt.getId(); HelloUser auth = tokenRepository.retrieveAuthFromAccessToken(id); if (auth == null) { throw new JwtException("Invalid HelloUser "); } //TODO helloJwtService.setTokenId(id); }); }

The decode method in

the `HelloJwtDecoder` will be triggered by the framework during every request handling cycle, to transform the token string value into a jwt:

@BeanPayloadSocketAcceptorInterceptor authorization(RSocketSecurity rsocketSecurity) {
    RSocketSecurity security = pattern(rsocketSecurity)
            .jwt(jwtSpec -> {
                try {
                    jwtSpec.authenticationManager(jwtReactiveAuthenticationManager(jwtDecoder()));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            });
    return security.build();
}

@Beanpublic ReactiveJwtDecoder jwtDecoder() throws Exception {
    return TokenUtils.jwtAccessTokenDecoder();
}

@Beanpublic JwtReactiveAuthenticationManager jwtReactiveAuthenticationManager(ReactiveJwtDecoder decoder) {
    JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
    JwtGrantedAuthoritiesConverter authoritiesConverter = new JwtGrantedAuthoritiesConverter();
    authoritiesConverter.setAuthorityPrefix("ROLE_");
    converter.setJwtGrantedAuthoritiesConverter(authoritiesConverter);
    JwtReactiveAuthenticationManager manager = new JwtReactiveAuthenticationManager(decoder);
    manager.setJwtAuthenticationConverter(new ReactiveJwtAuthenticationConverterAdapter(converter));
    return manager;
}

Revoke Token

To simplify the environment of the demo running, the way to revoke token implements here by guava cache. You can use some powerful components, like Redis, to do that.

Once the time is up, the access token will be revoked automatically.

On the other hand, when the requester sends signout, this cache will be invoked as event-driven.

Cache<String, HelloUser> accessTokenTable = CacheBuilder.newBuilder()
            .expireAfterWrite(TokenUtils.ACCESS_EXPIRE, TimeUnit.MINUTES).build();

public void deleteAccessToken(String tokenId) {
  accessTokenTable.invalidate(tokenId);
}

Verification of Identity

The authenticate function, designed for signin, operates on the same principles as the HTTP basic authentication mechanism, boasting a remarkable simplicity:

HelloUser   user = userRepository.retrieve(principal);
if (user.getPassword().equals(credential)) {
  return user;
}

In contrast, the alternative authenticate, tailored for refresh, involves a series of more complex steps:

Acquiring a decoder and leveraging it to decode the token string value into a JWT object
Implementing a reactive approach to map JWT to authentication
Retrieving the authentication details from the repository
Validating that the authentication information from the database and token are identical
Returning the authentication object in a streaming manner

return reactiveJwtDecoder.decode(refreshToken).map(jwt -> {
    try {
        HelloUser   user = HelloUser  .builder().userId(jwt.getSubject()).role(jwt.getClaim("scope")).build();
        log.info("Verification successful. User: {}", user);
        HelloUser   auth = tokenRepository.getAuthFromRefreshToken(jwt.getId());
        if (user.equals(auth)) {
            return user;
        }
    } catch (Exception e) {
        log.error("", e);
    }
    return new HelloUser  ();
});

Permission Management

As I mentioned earlier, this demo is built upon Role-Based Access Control (RBAC); the routing is the crucial aspect. For the sake of concision, I will refrain from showcasing the open APIs version, and instead, provide a concise overview:

// HelloSecurityConfig
protected RSocketSecurity pattern(RSocketSecurity security) {
    return security.authorizePayload(authorize -> authorize
            .route("signin.v1").permitAll()
            .route("refresh.v1").permitAll()
            .route("signout.v1").authenticated()
            .route("hire.v1").hasRole(ADMIN)
            .route("fire.v1").hasRole(ADMIN)
            .route("info.v1").hasAnyRole(USER, ADMIN)
            .route("list.v1").hasAnyRole(USER, ADMIN)
            .anyRequest().authenticated()
            .anyExchange().permitAll()
    );
}

// HelloJwtSecurityConfig
@Configuration@EnableRSocketSecuritypublic class HelloJwtSecurityConfig extends HelloSecurityConfig {
  @Bean  PayloadSocketAcceptorInterceptor authorization(RSocketSecurity rsocketSecurity) {
    RSocketSecurity security = pattern(rsocketSecurity)
    ...

I put the route-based RBAC defination in parent class to easy to extend the security by using other way, e.g. TLS.

SpringBoot provides MessageMapping annotation to let us define the route for messaging, which means streaming api in RSocket.

@MessageMapping("signin.v1")    Mono<HelloToken> signin(HelloUser helloUser) {
    ...

Prerequisites

From 2.2.0-Release onwards, Spring Boot has been incorporating RSocket support. Furthermore, since version 2.3, it has also been providing RSocket security features. As 2.3.0 was not yet generally available when I wrote this article, the version I am showcasing is 2.3.0.M4.

spring-boot.version 2.3.0.M4
spring.version 5.2.5.RELEASE
spring-security.version 5.3.1.RELEASE
rsocket.version 1.0.0-RC6
reactor-netty.version 0.9.5.RELEASE
netty.version 4.1.45.Final
reactor-core.version 3.3.3.RELEASE
jjwt.version 0.9.1

Compilation, Execution, and Testing

bash build.sh

bash run_responder.sh
bash run_requester.sh

bash curl_test.sh

cURL Test

echo "Logging in as user"
read accessToken refreshToken < <(echo $(curl -s "http://localhost:8989/api/signin?u=0000&p=Zero4" | jq -r '.accessToken,.refreshToken'))
echo "Access Token  :${accessToken}"
echo -e "Refresh Token :${refreshToken}\\n"

echo "[user] refresh:"
curl -s "http://localhost:8989/api/refresh/${refreshToken}" | jq
echo

echo "[user] info:"
curl "http://localhost:8989/api/info/1"
echo -e "\\n"

echo "[user] list:"
curl -s "http://localhost:8989/api/list" | grep data -c
echo

echo "[user] hire:"
curl -s "http://localhost:8989/api/hire" \
-H "Content-Type: application/stream+json;charset=UTF-8" \
-d '{"id":"18","value":"伏虎羅漢"}' | jq -r ".message"

Hidden Gem

The resource API component illustrates the employee lifecycle, from recruitment to termination. For a more comprehensive understanding, please explore Eighteen_Arhats!

Final Thoughts

Initially, I had planned to provide a Golang implementation, but unfortunately, the RSocket for Golang lacks an open routing API, rendering it impractical to achieve this. However, a glimmer of hope remains: Jeff will soon be making them accessible.

I find it intriguing to demonstrate this using alternative languages, such as Rust and NodeJs. Perhaps I’ll even author a series of articles on the subject.

By the way, the source code for this demo is available on GitHub.

Unlock 650+ Pokémon in 5 Steps: Build Your Dream Index with Vanilla JavaScript

Jackson Williams — Sat, 12 Oct 2024 23:01:17 +0000

Get ready to catch 'em all with our latest project: building a Pokémon index using the Pokémon API and vanilla JavaScript. To kick things off, let's define our project's goals. We'll create a user-friendly search bar where users can look for their favorite Pokémon, and when they search, the Pokémon's image and stats will be displayed in the results. Although the functionality is straightforward, this project serves as a great foundation for you to customize and add to your portfolio. You can also explore more projects like this on t8tech.com.

Check out the complete version of this project at https://poke-mon.now.sh/.

This project draws inspiration from Chris on Code.

Setting Up the HTML Foundation

Before we dive into the world of JavaScript, we need to lay the groundwork with some HTML. Let's get started.

<!DOCTYPE html>
<html lang="en">
  <head>
    <title>Poke.mon</title>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
  </head>
  <body>
    <form>
      <input type="text" placeholder="Search Pokemon" />
      <input type="submit" value="Search" />
    </form>
    <div class="pokemon-container"></div>
  </body>
</html>

This basic HTML file features an empty div with the class “pokemon-container” and a form with a search bar and a button above it. We'll use the empty div to display our Pokémon data from our JavaScript file.

Adding a Touch of Style

Our webpage looks a bit dull at this point, so let's add some visual flair. We'll create a style.css file and link it to our index.html file.

@import url("https://fonts.googleapis.com/css2?family=Press+Start+2P&display=swap");

body {
  padding: 30px;
  min-height: 100vh;
  display: flex;
  flex-direction: column;
  align-items: center;
  justify-content: center;
  background: url("https://i.imgur.com/zwp2EXP.png") center top;
  background-color: #41740e;
  background-repeat: repeat-x;
  background-size: contain;
  font-family: "Press Start 2P";
  position: relative;
}

form {
  background: #ef5350;
  position: fixed;
  display: flex;
  justify-content: center;
  padding: 10px;
  top: 0;
  left: 0;
  right: 0;
}

form input {
  border: none;
  outline: none;
  border-radius: 20px;
  font-size: 18px;
  padding: 12px 20px;
}

form input[type="text"] {
  background: rgba(255, 254, 254, 0.7);
  min-width: 300px;
  max-width: 100%;
}

form input[type="submit"] {
  cursor: pointer;
  margin-left: 8px;
  background: #c62828;
  color: #f0d0d0;
}

.pokemon {
  text-align: center;
}

h2 {
  text-transform: capitalize;
}

.stats {
  font-size: 14px;
}

It will take another post just to discuss the CSS, so let’s move on to the javascript side of things.

Javascript

So let’s code some JavaScript now. We will start with an empty index.js file and discuss what are the steps needed.

Grab the things we need from HTML in index.js.
Take input from the search bar and use that to make API requests.
Make requests to the Pokemon API and fetch the data.
Display the data on the webpage.

Okay, these will be the steps, sounds simple, doesn’t it.

The first step is to get all the div’s, form, etc, from HTML file which is done as follows.

// grab the things we need ----------
const pokemonContainer = document.querySelector(".pokemon-container");
const formEl = document.querySelector("form");
const inputEl = document.querySelector("input[type=text]");

When it comes to identifying elements, we have the option to utilize either the getElementById() or getElementByClass() methods, both of which yield identical outcomes in this particular scenario.

Next, we will attach event listeners to capture the submission event.

// listen for user events -------------
formEl.addEventListener("submit", (e) => {
  e.preventDefault();
  pokemonContainer.innerHTML = "";
  getPokemon(inputEl.value);
});

In this code snippet, we leverage e.preventDefault() to prevent the page from reloading. We then clear the contents of the pokemonContainer div, which may hold previous search results in the future. Finally, we invoke the getPokemon() function, passing the search input as an argument. This function is responsible for handling everything from sending API requests to displaying the results on the page, so let’s explore its intricacies.

The third step involves sending requests to the Pokémon API, accessible at https://pokeapi.co/api/v2/pokemon/, followed by the Pokémon’s unique identifier.

We will create an asynchronous function to achieve this, as demonstrated below:

async function getPokemon(name = "bulbasaur") {
  const res = await fetch(`https://pokeapi.co/api/v2/pokemon/${name}`);
  const pokemon = await res.json();
}

Building a Dynamic Pokémon Interface with Asynchronous Functions

In this illustration, we'll delve into a straightforward asynchronous function known as getPokemon(), which leverages the fetch API to send requests and store the responses in the res variable. The response is then parsed into JSON format using the json() method.

A notable aspect of this function is its capacity to display a default Pokémon prior to initiating a search. This is achieved by adding a name parameter, such as name = bulbasaur, to the function. Furthermore, users can search for specific Pokémon by name.

It's crucial to note that the API only acknowledges lowercase Pokémon names as valid. To accommodate this, you can optionally create a method or function to convert user input to lowercase.

Once we've obtained the Pokémon information and stored it in the res variable, let's examine a traditional API response. Due to the extensive size of the response JSON, we recommend visiting https://pokeapi.co/ to view the raw file.

Now that we have the Pokémon data, let's create a separate div to display the information. We'll start by creating a new div element using document.createElement("div") and assigning it a class of pokemon with classList.add("pokemon").

const pokemonEl = document.createElement("div");
pokemonEl.classList.add("pokemon");

We'll begin by displaying the Pokémon image using .innerHTML and appendChild() to append the data to the web page. Remember that all these operations take place within the getPokemon() function.

pokemonEl.innerHTML = `<div class="info">
<img src="https://pokeres.bastionbot.org/images/pokemon/${pokemon.id}.png" width="200">
<h2>${pokemon.name}</h2>
</div>
`
pokemonContainer.appendChild(pokemonEl);

Presenting Pokémon Details

We leveraged the `innerHTML` property on the `pokemonEl` element, combining it with Template Literals to dynamically inject HTML. This approach enabled us to create a `div` with a class of “info” and populate it with the desired data.

The subsequent step involves isolating the pertinent information within the JSON response and selectively determining what to display in our application. Given the substantial size of the response files, it is crucial to be judicious about the quantity and type of data we wish to showcase.

In terms of the Pokémon image, we can access all of them by simply modifying the `id` in `pokemon.id}.png`. The Pokémon’s name is then displayed using an `

` heading. Finally, we append the `div` to the webpage using `pokemonContainer.appendChild(pokemonEl)`, rendering the information visible to the user.

Delving Deeper into Pokémon Information

At this point, we can successfully display the Pokémon’s name and image. However, there’s a wealth of additional information we can provide, so let’s proceed.

Our next step will be to display the Pokémon’s stats. We can access these stats from the response using `pokemon.stats`. Before we do so, let’s take a closer look at the raw JSON data for the stats. Below, you’ll find the stats for Bulbasaur:

 "stats": [
    {
      "base_stat": 45,
      "effort": 0,
      "stat": {
        "name": "speed",
        "url": "https://pokeapi.co/api/v2/stat/6/"
      }
    },
    {
      "base_stat": 65,
      "effort": 0,
      "stat": {
        "name": "special-defense",
        "url": "https://pokeapi.co/api/v2/stat/5/"
      }
    },
    {
      "base_stat": 65,
      "effort": 1,
      "stat": {
        "name": "special-attack",
        "url": "https://pokeapi.co/api/v2/stat/4/"
      }
    },
    {
      "base_stat": 49,
      "effort": 0,
      "stat": {
        "name": "defense",
        "url": "https://pokeapi.co/api/v2/stat/3/"
      }
    },
    {
      "base_stat": 49,
      "effort": 0,
      "stat": {
        "name": "attack",
        "url": "https://pokeapi.co/api/v2/stat/2/"
      }
    },
    {
      "base_stat": 45,
      "effort": 0,
      "stat": {
        "name": "hp",
        "url": "https://pokeapi.co/api/v2/stat/1/"
      }
    }
  ],

So, now we have to decide what all we want to display. It’s entirely up to you, you can display everything or nothing. Here we will display the name of the stat and its numeric value that is

base_stat

<div class="stats">${pokemon.stats.map((stat) => {

Boost Data Analysis by 33%: Crack 3 Hidden Integration Codes

Jackson Williams — Fri, 11 Oct 2024 19:16:23 +0000

As enterprise data flows in from diverse locations, consolidating heterogeneous data sources becomes a significant hurdle in optimizing data processing. Standardizing data emerges as a prerequisite for effective and accurate analysis. The absence of a suitable integration strategy can lead to application-specific and intradepartmental data silos, hindering productivity and delaying results.

Unifying data from disparate structured, unstructured, and semi-structured sources is a complex task. According to a Gartner survey, one-third of respondent companies consider "integrating multiple data sources" as one of the top four integration challenges.

Recognizing the common issues faced during this process can help enterprises successfully counteract them. Here are three common challenges generally faced by organizations when integrating heterogeneous data sources and ways to resolve them:

Data Extraction
Extracting source data is the initial step in the integration process. However, it can be complicated and time-consuming if data sources have different formats, structures, and types. Moreover, once the data is extracted, it needs to be transformed to make it compatible with the destination system before integration. To overcome this challenge, create a list of sources that your organization would be dealing with regularly. Look for an integration tool that supports extraction from all these sources. Preferably, opt for a tool that supports structured, unstructured, and semi-structured sources to simplify and streamline the extraction process.

Data Integrity
Data quality is a primary concern in every data integration strategy. Poor data quality can be a compounding problem that can affect the entire integration cycle. Processing invalid or incorrect data can lead to faulty analytics, which if passed downstream, can corrupt results. To ensure that correct and accurate data enters the data pipeline, create a data quality management plan before starting the project. Outlining these steps guarantees that bad data is kept out of every step of the data pipeline, from development to processing.

To overcome these challenges and unlock 33% faster data analysis, learn more about integrating heterogeneous data sources at computerstechnicians.

5 Real-World Examples to Boost Your Spring Development with JDK 14 Records

Jackson Williams — Thu, 10 Oct 2024 13:15:50 +0000

In this article, we'll explore the various scenarios where JDK 14 Records prove to be a game-changer.

Unlocking the Power of JDK 14 Records: A Simplified Introduction

New to JDK 14 Records? Let's start with the fundamentals: Records provide a compact syntax for defining classes that serve as simple, immutable data holders, minus the unnecessary code.

A practical example is the best way to demonstrate this. Consider the following Java class:

public final class Author {
  
  private final String name;
  private final String genre;    
  
  public Author(String name, String genre) {
    this.name = name;
    this.genre = genre;  
  }

    public String getName() {
        return name;
    }

    public String getGenre() {
        return genre;
    }

    @Override    public boolean equals(Object o) {
      ...
    }
            
    @Override    public int hashCode() {
      ...
    }

    @Override    public String toString() {
      ...
    }
}

Thanks to JDK 14, the Records syntax can be utilized to condense the above code into a single, concise line, making your coding experience more efficient:

public record Author(String name, String genre) {}

At t8tech.com, we've seen firsthand how JDK 14 Records can revolutionize the way you approach Spring development. In this article, we'll delve into the various scenarios where this feature comes into play, providing you with a comprehensive understanding of its applications.

And that's the final verdict! Running the javap tool on Author.class produces the following output:

Upon scrutinizing the properties of an immutable class, we notice that Person.class indeed exhibits immutability:

The class must be declared final to prevent subclassing (other classes cannot extend this class, thereby precluding method overriding).
All fields should be declared private and final. (They are inaccessible to other classes, and they are initialized solely once in the constructor of this class.)
The class should feature a parameterized public constructor (or a private constructor and factory methods for instance creation) that initializes the fields.
The class should provide getter methods for fields.
The class should not expose setter methods.

You can delve deeper into immutable objects in my book, Java Coding Problems.

So, JDK 14 Records are not a substitute for mutable JavaBean classes. They cannot be utilized as JPA/Hibernate entities. However, they are an ideal fit for use with Streams. They can be instantiated via the constructor with arguments, and in lieu of getters, we can access the fields via methods with similar names (e.g., the field name is exposed via the name() method).

Next, let’s explore several scenarios of utilizing JDK 14 Records in a Spring application.

JSON Serialization of Records

Let’s assume that an author has penned multiple books. By defining a List<Book> in the Author class, we can model this scenario, having the Author and the Book class:

public final class Author {
  
  private final String name;
  private final String genre;
  private final List&lt;Book&gt; books;
  ...
}
    
public final Book {
  
  private String title;
  private String isbn;
  ...
}

If we use Records, then we can eliminate the boilerplate code as below:

public record Author(String name, String genre, List&lt;Book&gt; books) {}
public record Book(String title, String isbn) {}

Let’s consider the following data sample:

List&lt;Author&gt; authors = List.of(
  new Author("Joana Nimar", "History", List.of(
    new Book("History of a day", "JN-001"),
    new Book("Prague history", "JN-002")
  )),
  new Author("Mark Janel", "Horror", List.of(
    new Book("Carrie", "MJ-001"),
    new Book("House of pain", "MJ-002")
  ))
);

If we want to serialize this data as JSON via a Spring REST Controller, then most we will most likely do it, as shown below. First, we have a service that returns the data:

@Servicepublic class BookstoreService {
  
  public List&lt;Author&gt; fetchAuthors() {
    
    List&lt;Author&gt; authors = List.of(
      new Author("Joana Nimar", "History", List.of(
        new Book("History of a day", "JN-001"),
        new Book("Prague history", "JN-002")
      )),
      new Author("Mark Janel", "Horror", List.of(
        new Book("Carrie", "MJ-001"),
        new Book("House of pain", "MJ-002")
      )));
    
    return authors;
  }
}

And, the controller is quite simple:

@RestControllerpublic class BookstoreController {
  
  private final BookstoreService bookstoreService;
  
  public BookstoreController(BookstoreService bookstoreService) {
    this.bookstoreService = bookstoreService;
  }
  
  @GetMapping("/authors")  public List&lt;Author&gt; fetchAuthors() {
    return bookstoreService.fetchAuthors();
  }
}

However, when we access the endpoint, localhost:8080/authors, we encounter the following result:

This suggests that the objects are not serializable. The solution involves adding the Jackson annotations, JsonProperty, to facilitate serialization:

import com.fasterxml.jackson.annotation.JsonProperty;
      
public record Author(
  @JsonProperty("name") String name, 
  @JsonProperty("genre") String genre, 
  @JsonProperty("books") List<Book> books
) {}
        
public record Book(
  @JsonProperty("title") String title, 
  @JsonProperty("isbn") String isbn
) {}

This time, accessing the localhost:8080/authors endpoint yields the following JSON output:

[
  {
    "name": "Joana Nimar",
    "genre": "History",
    "books": [
      {
        "title": "History of a day",
        "isbn": "JN-001"
      },
      {
        "title": "Prague history",
        "isbn": "JN-002"
      }
    ]
  },
  {
    "name": "Mark Janel",
    "genre": "Horror",
    "books": [
      {
        "title": "Carrie",
        "isbn": "MJ-001"
      },
      {
        "title": "House of pain",
        "isbn": "MJ-002"
      }
    ]
  }
]

The complete code is available on GitHub.

Records and Dependency Injection: A Closer Look

Let’s revisit our controller and explore how records and dependency injection work together:

@RestControllerpublic class BookstoreController {
  
  private final BookstoreService bookstoreService;
  
  public BookstoreController(BookstoreService bookstoreService) {
    this.bookstoreService = bookstoreService;
  }
  
  @GetMapping("/authors")  public List<Author> fetchAuthors() {
    return bookstoreService.fetchAuthors();
  }
}

In this controller, we utilize Dependency Injection to inject a BookstoreService instance. Alternatively, we could have employed @Autowired. However, we can explore the use of JDK 14 Records, as demonstrated below:

@RestControllerpublic record BookstoreController(BookstoreService bookstoreService) {
    
  @GetMapping("/authors")  public List&lt;Author&gt; fetchAuthors() {
    return bookstoreService.fetchAuthors();
  }
}

The complete code is available on GitHub.

DTOs via Records and Spring Data Query Builder

Let’s reiterate this crucial point:

JDK 14 Records are incompatible with JPA/Hibernate entities due to the absence of setters.

Now, let’s examine the following JPA entity:

@Entitypublic class Author implements Serializable {
  
  private static final long serialVersionUID = 1L;
  
  @Id  @GeneratedValue(strategy = GenerationType.IDENTITY)
  private Long id;
  
  private int age;
  private String name;
  private String genre;
    
  // getters and setters 
}

Our goal is to retrieve a read-only list of authors, including their names and ages. To achieve this, we require a DTO. We can define a Spring projection, a POJO, or a Java Record, as shown below:

public record AuthorDto(String name, int age) {}

The query that populates the DTO can be crafted using Spring Data Query Builder:

public interface AuthorRepository extends JpaRepository&lt;Author, Long&gt; {
  
  @Transactional(readOnly = true)    
  List&lt;AuthorDto&gt; retrieveAuthorsByGenre(String genre);
}

The complete application is available on GitHub.

DTOs via Records and Constructor Expression and JPQL

Given the same Author entity and the same AuthorDto record, we can construct the query via Constructor Expression and JPQL, as follows:

public interface AuthorRepository extends JpaRepository&lt;Author, Long&gt; {
  
  @Transactional(readOnly = true)
  @Query(value = "SELECT new com.bookstore.dto.AuthorDto(a.name, a.age) FROM Author a")
  List&lt;AuthorDto&gt; retrieveAuthors();
}

The comprehensive application is accessible on GitHub.

DTOs via Records and Hibernate ResultTransformer

In certain scenarios, we need to retrieve a DTO comprising a subset of properties (columns) from a parent-child association. For such cases, we can utilize a SQL JOIN that can extract the desired columns from the involved tables. However, JOIN returns a List<Object[]>, and most likely, you will need to represent it as a List<ParentDto>, where a ParentDto instance has a List<ChildDto>.

Such an example is the below bidirectional @OneToMany relationship between Author and Book entities:

@Entitypublic class Author implements Serializable {
  
  private static final long serialVersionUID = 1L;
  
  @Id  @GeneratedValue(strategy = GenerationType.IDENTITY)
  private Long id;
  
  private String name;
  private String genre;
  private int age;
  
  @OneToMany(cascade = CascadeType.ALL,
             mappedBy = "author", orphanRemoval = true)
  private List&lt;Book&gt; books = new ArrayList&lt;&gt;();
     
  // getters and setters
}

@Entitypublic class Book implements Serializable {
  
  private static final long serialVersionUID = 1L;
  
  @Id  @GeneratedValue(strategy = GenerationType.IDENTITY)
  private Long id;
  
  private String title;
  private String isbn;
  
  @ManyToOne(fetch = FetchType.LAZY)
  @JoinColumn(name = "author_id")
  private Author author;
     
  // getters and setters
}

To retrieve the id, name, and age of each author, along with the id and title of their associated books, the application leverages DTO and the Hibernate-specific ResultTransformer. This interface enables the transformation of query results into the actual application-visible query result list, supporting both JPQL and native queries, and is a remarkably powerful feature.

The initial step involves defining the DTO class. The ResultTransformer can fetch data in a DTO with a constructor and no setters or in a DTO with no constructor but with setters. To fetch the name and age in a DTO with a constructor and no setters, a DTO shaped via JDK 14 Records is required:

import java.util.List;

public record AuthorDto(Long id, String name, int age, List<BookDto> books) {
  
  public void addBook(BookDto book) {
    books().add(book);
  }
}

public record BookDto(Long id, String title) {}

However, assigning the result set to AuthorDto is not feasible through a native ResultTransformer. Instead, you need to convert the result set from Object[] to List<AuthorDto>, which necessitates the custom AuthorBookTransformer, an implementation of the ResultTransformer interface.

This interface specifies two methods — transformTuple() and transformList(). The transformTuple() method facilitates the transformation of tuples, which constitute each row of the query result. The transformList() method, on the other hand, enables you to perform the transformation on the query result as a whole:

public class AuthorBookTransformer implements ResultTransformer {

  private Map<Long, AuthorDto> authorsDtoMap = new HashMap<>();

  @Override  public Object transformTuple(Object[] os, String[] strings) {
    
    Long authorId = ((Number) os[0]).longValue();
    
    AuthorDto authorDto = authorsDtoMap.get(authorId);
    
    if (authorDto == null) {
      authorDto = new AuthorDto(((Number) os[0]).longValue(), 
         (String) os[1], (int) os[2], new ArrayList<>());
    }
    
    BookDto bookDto = new BookDto(((Number) os[3]).longValue(), (String) os[4]);
    
    authorDto.addBook(bookDto);
    
    authorsDtoMap.putIfAbsent(authorDto.id(), authorDto);
    
    return authorDto;
  }
  
  @Override  public List<AuthorDto> transformList(List list) {
    return new ArrayList<>(authorsDtoMap.values());
  }
}

The bespoke DAO implementation that leverages this custom ResultTransformer is presented below:

@Repositorypublic class DataAccessObject implements AuthorDataAccessObject {
  
  @PersistenceContext  private EntityManager entityManager;
  
  @Override  @Transactional(readOnly = true)
  public List<AuthorDataTransferObject> retrieveAuthorWithBook() {
    Query query = entityManager
      .createNativeQuery(
        "SELECT a.id AS author_id, a.name AS name, a.age AS age, "
        + "b.id AS book_id, b.title AS title "
        + "FROM author a JOIN book b ON a.id=b.author_id")
      .unwrap(org.hibernate.query.NativeQuery.class)
      .setResultTransformer(new AuthorBookTransformer());
    
    List<AuthorDataTransferObject> authors = query.getResultList();
    
    return authors;
  }
}

In the end, we can obtain the data in the following service:

@Servicepublic class BookstoreBusinessService {
  
  private final DataAccessObject dao;
  
  public BookstoreBusinessService(DataAccessObject dao) {
    this.dao = dao;
  }
  
  public List<AuthorDataTransferObject> retrieveAuthorWithBook() {
    
    List<AuthorDataTransferObject> authors = dao.retrieveAuthorWithBook();        
    
    return authors;
  }
}

@Servicepublic record BookstoreBusinessService(DataAccessObject dao) {
    
  public List<AuthorDataTransferObject> retrieveAuthorWithBook() {
    
    List<AuthorDataTransferObject> authors = dao.retrieveAuthorWithBook();        
    
    return authors;
  }
}

The complete application is available on GitHub.

Starting with Hibernate 5.2, ResultTransformer is deprecated. Until a replacement is available (in Hibernate 6.0), it can be used.Read further here.

Data Transfer Objects via Records, JdbcTemplate, and ResultSetExtractor

Achieving a similar mapping via JdbcTemplate and ResultSetExtractor can be accomplished as follows. The AuthorDataTransferObject and BookDataTransferObject are the same from the previous section:

public record AuthorDto(Long id, String name, int age, List books) {
     
  public void addBook(BookDto book) {
    books().add(book);
  }
}

public record BookDto(Long id, String title) {}

@Repository@Transactional(readOnly = true)
public class AuthorExtractor {
  
  private final JdbcTemplate jdbcTemplate;
  
  public AuthorExtractor(JdbcTemplate jdbcTemplate) {
    this.jdbcTemplate = jdbcTemplate;
  }
  
  public List&lt;AuthorDto&gt; extract() {
    
    String sql = "SELECT a.id, a.name, a.age, b.id, b.title "
      + "FROM author a INNER JOIN book b ON a.id = b.author_id";
    
    List&lt;AuthorDto&gt; result = jdbcTemplate.query(sql, (ResultSet rs) -&gt; {
      
      final Map&lt;Long, AuthorDto&gt; authorsMap = new HashMap&lt;&gt;();
      while (rs.next()) {
        Long authorId = (rs.getLong("id"));
        AuthorDto author = authorsMap.get(authorId);
           
        if (author == null) {
          author = new AuthorDto(rs.getLong("id"), rs.getString("name"),
            rs.getInt("age"), new ArrayList());
        }
        
        BookDto book = new BookDto(rs.getLong("id"), rs.getString("title"));
        author.addBook(book);
        authorsMap.putIfAbsent(author.id(), author);
      }
        
      return new ArrayList&lt;&gt;(authorsMap.values());
    });
    
    return result;
  }
}

The complete application is available on GitHub.

Refine the Implementation

Java Records allow us to validate the arguments of the constructor, therefore the following code is ok:

public record Author(String name, int age) {
  
  public Author {
    if (age &lt;=18 || age &gt; 70)
      throw new IllegalArgumentException("...");
  }
}

For a deeper understanding, I suggest exploring this valuable resource. Furthermore, you may also find it advantageous to examine over 150 key considerations for optimizing persistence performance in Spring Boot, as detailed in Spring Boot Persistence Best Practices:

Boost Kubernetes Efficiency: Upgrade to v1.14 in 11 Easy Steps!

Jackson Williams — Thu, 10 Oct 2024 02:40:33 +0000

Kubernetes stands out as one of the most dynamic projects on Github, boasting an impressive 80,000+ commits and 550+ releases. Setting up a highly available (HA) Kubernetes cluster on-premises or in the cloud is a well-documented process that typically requires minimal effort. Tools like Kops or Kubespray can further simplify this process, making it more efficient. For expert strategies on cloud architecture and maximizing efficiency, you can visit https://computerstechnicians.com.

However, periodic updates are necessary to ensure the cluster stays up-to-date with the latest security patches and bug fixes, as well as to leverage new features released continuously. This is particularly important when running an outdated version (such as v1.9) or when automating the process to always be on the latest supported version.

When operating an HA Kubernetes Cluster, the upgrade process involves two distinct tasks that should not overlap: upgrading the Kubernetes Cluster and, if necessary, upgrading the etcd cluster, which serves as the distributed key-value backing store of Kubernetes. Let's explore how to accomplish these tasks with minimal disruptions.

Navigating Kubernetes Upgrade Options

This upgrade process specifically applies to manually deploying Kubernetes in the cloud or on-premises. It does not cover managed Kubernetes environments (where upgrades are automatically handled by the platform) or Kubernetes services on public clouds (such as AWS' EKS or Azure Kubernetes Service), which have their own upgrade processes.

For this tutorial, we assume a healthy 3-node Kubernetes and Etcd Clusters have been provisioned. A setup can be created using six DigitalOcean Droplets plus one for the worker node.

Let's consider the following Kubernetes master nodes, all running v1.13:

Name	Address	Hostname
kube-1	10.0.11.1	kube-1.example.com
kube-2	10.0.11.2	kube-2.example.com
kube-3	10.0.11.3	kube-3.example.com

Additionally, we have one worker node running v1.13:

Name	Address	Hostname
worker	10.0.12.1	worker.example.com

The protocol for upgrading Kubernetes master nodes is meticulously detailed on the official Kubernetes documentation website. The current upgrade trajectories are as follows:

Transitioning from v1.12 to v1.13 HA
Upgrading from v1.12 to v1.13
Advancing from v1.13 to v1.14
Progressing from v1.14 to v1.15

Although there is only one documented version for HA Clusters, the steps can be tailored for other upgrade trajectories. In this example, we will delve into the upgrade path from v1.13 to v1.14 HA. It is vital to note that omitting a version – for instance, upgrading from v1.13 to v1.15 – is strongly advised against.

Prior to initiating, it is imperative to review the release notes of the intended upgrade version, as they may underscore breaking changes.

Upgrading Kubernetes: A Thorough, Step-by-Step Manual

Let’s proceed with the upgrade steps:

1. Log In to the First Node and Upgrade the kubeadm Tool Only:

Upgrading Kubernetes: A Step-by-Step Guide

To upgrade Kubernetes, we need to follow a series of steps to ensure a smooth transition. The process involves upgrading kubeadm, verifying the upgrade plan, applying the plan, updating kubelet, and upgrading kubectl and kubeadm on other nodes.

1. Upgrade Kubeadm on the First Master Node

$ ssh admin@10.0.11.1$ apt-mark unhold kubeadm && \
$ apt-get update && apt-get install -y kubeadm=1.13.0-00 && apt-mark hold kubeadm

The reason for running apt-mark unhold and apt-mark hold is to prevent automatic upgrades of other components, such as kubelet, to the latest version (v1.15) by default. By using hold, we mark a package as held back, preventing automatic installation, upgrade, or removal.

2. Verify the Upgrade Plan:

$ kubeadm upgrade plan
...

COMPONENT            CURRENT AVAILABLE

API Server           v1.13.0 v1.14.0

Controller Manager   v1.13.0 v1.14.0

Scheduler            v1.13.0 v1.14.0

Kube Proxy           v1.13.0 v1.14.0

...

3. Apply the Upgrade Plan:

$ kubeadm upgrade plan apply v1.14.0

4. Update Kubelet and Restart the Service:

$ apt-mark unhold kubelet && apt-get update && apt-get install -y kubelet=1.14.0-00 && apt-mark hold kubelet
$ systemctl restart kubelet

5. Apply the Upgrade Plan to the Other Master Nodes:

$ ssh admin@10.0.11.2$ kubeadm upgrade node experimental-control-plane
$ ssh admin@10.0.11.3$ kubeadm upgrade node experimental-control-plane

6. Upgrade kubectl on all Master Nodes:

$ apt-mark unhold kubectl && apt-get update && apt-get install -y kubectl=1.14.0-00 && apt-mark hold kubectl

7. Upgrade kubeadm on First Worker Node:

$ ssh worker@10.0.12.1$ apt-mark unhold kubeadm && apt-get update && apt-get install -y kubeadm=1.14.0-00 && apt-mark hold kubeadm

8. Login to a Master Node and Drain First Worker Node:

$ ssh admin@10.0.11.1$ kubectl drain worker --ignore-daemonsets

9. Enhance kubelet Configuration on Worker Node:

$ ssh worker@10.0.12.1$ kubeadm upgrade node config --kubelet-version v1.14.0

10. Update kubelet on Worker Node and Restart the Service:

$ apt-mark unhold kubelet && apt-get update && apt-get install -y kubelet=1.14.0-00 && apt-mark hold kubelet
$ systemctl restart kubelet

11. Reactivate Worker Node:

$ ssh admin@10.0.11.1$ kubectl uncordon worker
Step 12: Repeat steps 7-11 for the remaining worker nodes.
Step 13: Validate the cluster's health:
$ kubectl get nodes

Etcd Upgrade Paths

As you’re well aware, etcd serves as the highly distributed key-value store backing Kubernetes, essentially functioning as the single source of truth. When operating a highly available Kubernetes cluster, it’s equally essential to run a highly available etcd cluster, providing a failsafe in the event of node failures.

Typically, we would maintain a minimum of three etcd nodes running the latest supported version. The process of upgrading etcd nodes is thoroughly documented in the etcd repository. The current upgrade paths are as follows:

Migrate from 2.3 to 3.0
Upgrade from 3.0 to 3.1
Transition from 3.1 to 3.2
Upgrade from 3.2 to 3.3
Migrate from 3.3 to 3.4
Upgrade from 3.4 to 3.5

When planning etcd upgrades, it’s crucial to adhere to the following plan:

Determine the version in use. For instance:
```
$ ./etcdctl endpoint status
```
Refrain from bypassing multiple minor versions in a single leap. For example, avoid upgrading directly from 3.3 to 3.5. Instead, progress from 3.3 to 3.4, and then from 3.4 to 3.5.
Leverage the pre-built Kubernetes etcd image. The Kubernetes team provides a custom etcd image located here, which includes etcd and etcdctl binaries for multiple etcd versions, as well as a migration operator utility for upgrading and downgrading etcd. This will facilitate the automation of migrating and upgrading etcd instances.

Among these paths, the most critical change is the transition from 2.3 to 3.0, as it involves a substantial API revamp that is documented here. Additionally, note that:

- Etcd v3 is capable of handling requests for both v2 and v3 data. For instance, we can utilize the ETCDCTL_API environment variable to specify the API version:
```
$ ETCDCTL_API=2 ./etcdctl endpoint status
```
  - It's essential to note that running etcd version 3 against a data directory formatted for version 2 does not trigger an automatic upgrade to the version 3 format.
  - When using the version 2 API with etcd version 3, only the version 2 data stored in etcd is updated.
  You may be wondering which Kubernetes versions are compatible with each etcd version. The documentation provides a concise overview, stating:
  - Kubernetes v1.0: exclusively supports etcd2
  - Kubernetes v1.5.1: introduces etcd3 support, with new clusters defaulting to etcd2
  - Kubernetes v1.6.0: new clusters created with kube-up.sh default to etcd3, and kube-apiserver defaults to etcd3
  - Kubernetes v1.9.0: announces the deprecation of the etcd2 storage backend
  - Kubernetes v1.13.0: removes the etcd2 storage backend, with kube-apiserver refusing to start with –storage-backend=etcd2, citing the message etcd2 is no longer a supported storage backend
  Based on this information, if you are running Kubernetes v1.12.0 with etcd2, you will need to upgrade etcd to version 3 when you upgrade Kubernetes to v1.13.0, as –storage-backend=etcd3 is not supported. If you have Kubernetes v1.12.0 and below, you can run both etcd2 and etcd3 concurrently.
  
  Before proceeding with any steps, it's crucial to perform routine maintenance tasks, such as taking periodic snapshots and performing smoke rollbacks. Ensure you verify the health of the cluster:
  
  Let's assume we have the following etcd cluster nodes:
  
  Node Name Address Hostname
  
  etcd-1 10.0.11.1 etcd-1.example.com
  
  etcd-2 10.0.11.2 etcd-2.example.com
  
  etcd-3 10.0.11.3 etcd-3.example.com
```
$ ./etcdctl cluster-health
member 6e3bd23ae5f1eae2 is functioning correctly: received a healthy response from http://10.0.1.1:22379
member 924e2e83f93f2565 is functioning correctly: received a healthy response from http://10.0.1.2:22379
member 8211f1d0a64f3269 is functioning correctly: received a healthy response from http://10.0.1.3:22379
cluster is functioning correctly
```
  Upgrading etcd
  
  Based on the above considerations, a typical etcd upgrade procedure involves the following steps:
  
  1. Access the First Node and Terminate the Existing etcd Process:
```
$ ssh 10.0.1.1
$ kill `pgrep etcd`
```
  2. Create a Backup of the etcd Data Directory to Provide a Downgrade Path in Case of Errors:
```
$ ./etcdctl backup \
      --data-dir %data_dir% \
      [--wal-dir %wal_dir%] \
      --backup-dir %backup_data_dir% \
      [--backup-wal-dir %backup_wal_dir%]
```
  3. Download the New Binary from the etcd Releases Page and Launch the etcd Server Using the Same Configuration:
```
ETCD_VER=v3.3.15
# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /usr/local/etcd && mkdir -p /usr/local/etcd

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /usr/local/etcd --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

/usr/local/etcd/etcd --version
ETCDCTL_API=3 /usr/local/etcd/etcdctl version
# start etcd server
/usr/local/etcd/etcd -name etcd-1 -listen-peer-urls http://10.0.1.1:2380 -listen-client-urls http://10.0.1.1:2379,http://127.0.0.1:2379 -advertise-client-urls http://10.0.1.1:2379,http://127.0.0.1:2379
```
  4. Replicate the Process for All Remaining Members.
  
  5. Validate the Cluster's Correct Functionality:
```
$ ./etcdctl endpoint health
10.0.1.1:12379 is operating as expected: successfully ratified proposal: took =
10.0.1.2:12379 is operating as expected: successfully ratified proposal: took =
10.0.1.3:12379 is operating as expected: successfully ratified proposal: took =
```
  Crucial Note: If you experience difficulties establishing a connection to the cluster, you may need to provide transport layer security certificates via HTTPS; for instance:
```
$ ./etcdctl --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key endpoint health
```
  For added convenience, you can leverage the following environment variables:
```
ETCD_CA_FILE=/etc/kubernetes/pki/etcd/ca.crt
ETCD_CERT_FILE=/etc/kubernetes/pki/etcd/server.crt
ETCD_KEY_FILE=/etc/kubernetes/pki/etcd/server.key
```
  Final Thoughts
  
  In this article, we presented a detailed, step-by-step guide on upgrading both Kubernetes and Etcd clusters. These vital maintenance procedures are essential for the smooth day-to-day operations in a typical business environment. All stakeholders involved in HA Kubernetes deployments should acquaint themselves with the aforementioned steps.

Protect Your App in 5 Minutes: OAuth Tokens Made Easy

Jackson Williams — Tue, 08 Oct 2024 10:50:32 +0000

Securing Your App in 5 Steps: A Beginner's Guide to OAuth Tokens

When it comes to generating OAuth tokens, passwords are not exchanged between services. Instead, tokens serve as the authentication mechanism. In this article, we'll establish a basic authorization server that generates tokens based on the provided username and password.

To begin, let's create a new class that extends AuthorizationServerConfigurerAdapter. We can annotate it with @Configuration to indicate that it's a configuration class containing one or more @Bean methods. To enable the authorization server, we'll utilize @EnableAuthorizationServer.java@Configuration@EnableAuthorizationServerpublic class AuthServer extends AuthorizationServerConfigurerAdapter

Next, we'll create a bean for the password encoder. We can leverage the BcryptPasswordEncoder for encoding passwords.

java
@Beanpublic PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

We'll override the configure methods as follows. There are three configure methods. We'll implement them as below. Here, we can configure grant types, passwords, refresh token validity, access token validity, and scopes.

java
@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client")
.secret(passwordEncoder.encode(("secret")))
.authorizedGrantTypes("password")
.scopes("webclient","mobileclient");
}

Grant Types:

Authorization code grant
Implicit grant
Resource owner credentials grant
Client credentials grant
Refresh token grant

Scope

Scopes impose limitations on an application's access to user's accounts. It can encompass one or more scopes. For a more in-depth guide on securing your app with OAuth tokens, check out this article: https://t8tech.com/it/coding/secure-your-app-in-5-steps-a-beginners-guide-to-oauth-tokens/

@Overridepublic void define(AuthorizationServerEndpointsConfigurator endpoints) throws Exception {
    endpoints.setAuthenticationManager(this.authenticationManagerBean);
}

Unlock 10% Discounts in 5 Minutes: Build a Drools Project with Maven

Jackson Williams — Tue, 08 Oct 2024 00:03:57 +0000

Building a Drools Project with Maven in 5 Easy Steps

In this tutorial, we will guide you through the process of creating a sample Drools project using Maven dependencies, eliminating the need for pre-configuring Drools in your Eclipse environment.

Our demo project will utilize Drools to determine the discount offered on various Bank Cards. For instance, if the user is employing an ABC Bankcard, we will provide a 10% discount. Follow the steps below to build the Maven Drools Project:

Step 1-2: Create a New Maven Project

Launch Eclipse and navigate to File -> New -> Project. A new window will open; search for Maven -> Maven Project. Click next until you reach the "Enter a group id for the artifact" page.

Step 3: Configure the Project

Enter the Artifact Id as "DroolsDemo", Group Id as "com.demo", and click Finish. After clicking Finish, the project will be created.

Step 4: Add Dependencies

Expand the project and open the pom.xml file. Under the dependencies tag, add the following dependency:

xml

org.drools
drools-compiler
6.0.1.Final

By following these easy steps, you can unlock 10% discounts and build a Drools project with Maven. For more information, visit computerstechnicians.

Proceed by creating a POJO class and deleting the default App.java file if present. Navigate to src/main/java, right-click on com.demo.DroolsDemo, and select New -> Class
Specify the class name as “CardDetails” and click Finish
Insert the following code into the CardDetails class

package com.demo.DroolsDemo;

public class CardDetails {

Reach 3.5 Billion Mobile Users with a 3-Step Responsive Fix!

Jackson Williams — Mon, 07 Oct 2024 11:46:10 +0000

In today's digital landscape, a website's success relies heavily on its ability to adapt effortlessly to various screen sizes, from desktops to tablets and smartphones. A responsive website is one that can seamlessly adjust to the client's screen, ensuring an optimal user experience. With over 3.5 billion mobile users worldwide, having a responsive website is crucial to stay ahead in the game. To learn more about transforming your website, visit https://carsnewstoday.com. In this article, we'll delve into how to create a responsive website in just three easy steps.

Step 1: Designing a Flexible Layout

When building a responsive website or revamping an existing one, the layout is the first vital element to consider. My approach is to start by creating a non-responsive layout with a fixed default size. For instance, the default width of CatsWhoCode.com is 1100px. Once I'm satisfied with the non-responsive version, I add media queries and make slight adjustments to the code to make it responsive. This approach allows me to focus on one task at a time, making the process more efficient.

After completing your non-responsive website, the next step is to add the following lines of code within the <head> and </head> tags on your HTML page. This will set the view on all screens to a 1×1 aspect ratio and remove the default functionality from iPhones and other smartphone browsers, which render websites at full-view and allow users to zoom into the layout by pinching.

<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="HandheldFriendly" content="true">

Node Name	Address	Hostname
etcd-1	10.0.11.1	etcd-1.example.com
etcd-2	10.0.11.2	etcd-2.example.com
etcd-3	10.0.11.3	etcd-3.example.com

DEV Community: Jackson Williams

Master Microservices Packaging for Private Clouds: 5 Essential Tips

Packaging Your Application

Installing Package

Optimizing Package Size

Containerizing Java Applications

Creating Docker Image With Gradle

Foundation Image

Illustrate Docker Image

Encapsulating and Enhancing Non-Java Applications

Enhancing Docker Images from External Origins

Holistic Approach

Final Thoughts

Secure Your App: 2-Factor Auth in 3 Easy Steps

Understanding Two-Factor Authentication

A Hands-On Example

Unlock Scala in 5 Minutes: Traits vs Abstract Classes

1. Unlocking Scala Mastery: Understanding Abstract Classes and Traits

2. Shared Characteristics

3. Key Differences

3.1 Constructor Parameters

3.2 Modifying Object Instances

3.3 Multiple Inheritances

3.4 Stackability

3.5 Compatibility with Java

4. Summary

Unlock Spring Data JPA: Master Many-to-Many Relationships Now!

Secure Your APIs in 5 Minutes: Token-Based RSocket with JWT

Implementing RSocket for Secure Communication

Understanding JSON Web Token (JWT)

Secure Data Exchange

Workflow

Authentication

Authentication

Implementing Spring Boot with Enhanced Security

Token Signing

the HelloJwtDecoder will be triggered by the framework during every request handling cycle, to transform the token string value into a jwt:

Revoke Token

Verification of Identity

Permission Management

Prerequisites

Compilation, Execution, and Testing

cURL Test

Hidden Gem

Final Thoughts

Unlock 650+ Pokémon in 5 Steps: Build Your Dream Index with Vanilla JavaScript

Setting Up the HTML Foundation

Adding a Touch of Style

Javascript

Building a Dynamic Pokémon Interface with Asynchronous Functions

Presenting Pokémon Details

` heading. Finally, we append the `div` to the webpage using `pokemonContainer.appendChild(pokemonEl)`, rendering the information visible to the user.

Delving Deeper into Pokémon Information

Boost Data Analysis by 33%: Crack 3 Hidden Integration Codes

5 Real-World Examples to Boost Your Spring Development with JDK 14 Records

Unlocking the Power of JDK 14 Records: A Simplified Introduction

JSON Serialization of Records

Records and Dependency Injection: A Closer Look

DTOs via Records and Spring Data Query Builder

DTOs via Records and Constructor Expression and JPQL

DTOs via Records and Hibernate ResultTransformer

Data Transfer Objects via Records, JdbcTemplate, and ResultSetExtractor

Refine the Implementation

Boost Kubernetes Efficiency: Upgrade to v1.14 in 11 Easy Steps!

Navigating Kubernetes Upgrade Options

Upgrading Kubernetes: A Thorough, Step-by-Step Manual

1. Log In to the First Node and Upgrade the kubeadm Tool Only:

Upgrading Kubernetes: A Step-by-Step Guide

1. Upgrade Kubeadm on the First Master Node

2. Verify the Upgrade Plan:

3. Apply the Upgrade Plan:

4. Update Kubelet and Restart the Service:

5. Apply the Upgrade Plan to the Other Master Nodes:

6. Upgrade kubectl on all Master Nodes:

7. Upgrade kubeadm on First Worker Node:

8. Login to a Master Node and Drain First Worker Node:

9. Enhance kubelet Configuration on Worker Node:

10. Update kubelet on Worker Node and Restart the Service:

11. Reactivate Worker Node:

Etcd Upgrade Paths

the `HelloJwtDecoder` will be triggered by the framework during every request handling cycle, to transform the token string value into a jwt: