DEV Community: Pradipta

Seamless communication between containers - docker compose

Pradipta — Fri, 21 Jul 2023 17:30:35 +0000

Let's consider an example of a Spring Boot application which interacts with the MySQL database. Couple of images have been created for MySQL and Spring Boot respectively. The images can be run as containers. But how they going to interact with each other?

One way is to create a docker network and spin up the containers within that network. This will work but you have to deal with long commands which is difficult to maintain in bigger projects. This is the problem docker compose solves by making the container communication easy to achieve and maintain.

Let's consider the following Spring Boot Application which communicates with a MySQL database and provides a basic JWT implementation for securing Rest service endpoints.
https://github.com/pradz13/spring-security-jwt.git
Spring Boot Application needs to define a Dockerfile as follows -

FROM maven:3.9.3-sapmachine-17
WORKDIR .
COPY . .
RUN mvn clean install -DskipTests
CMD mvn spring-boot:run

Define the docker compose configuration file as follows -

version: "3.8"

services:
  mysqldb:
    image: mysql:5.7
    restart: unless-stopped
    env_file: ./.env
    environment:
      - MYSQL_ROOT_PASSWORD=$MYSQLDB_ROOT_PASSWORD
      - MYSQL_DATABASE=$MYSQLDB_DATABASE
    ports:
      - $MYSQLDB_LOCAL_PORT:$MYSQLDB_DOCKER_PORT
    volumes:
      - db:/var/lib/mysql

  app:
    depends_on:
      - mysqldb
    build: .
    restart: on-failure
    env_file: ./.env
    ports:
      - $SPRING_LOCAL_PORT:$SPRING_DOCKER_PORT
    environment:
      SPRING_APPLICATION_JSON: '{
            "spring.datasource.url"  : "jdbc:mysql://mysqldb:$MYSQLDB_DOCKER_PORT/$MYSQLDB_DATABASE?useSSL=false",
            "spring.datasource.username" : "$MYSQLDB_USER",
            "spring.datasource.password" : "$MYSQLDB_ROOT_PASSWORD",
            "spring.jpa.properties.hibernate.dialect" : "org.hibernate.dialect.MySQLDialect",
            "spring.jpa.hibernate.ddl-auto" : "update"
          }'
    volumes:
      - .m2:/root/.m2
    stdin_open: true
    tty: true

volumes:
  db:

Create the .env file which will have the configurations.

MYSQLDB_USER=root
MYSQLDB_ROOT_PASSWORD=123456
MYSQLDB_DATABASE=bezkoder_db
MYSQLDB_LOCAL_PORT=3307
MYSQLDB_DOCKER_PORT=3306

SPRING_LOCAL_PORT=6868
SPRING_DOCKER_PORT=8080

Run the containers with the following command -

docker-compose up -d

-d will run it in detached mode.

To stop the containers following command can be used -

docker-compose down

To stop the containers and delete the images, use the following command -

docker-compose down --rmi all

Please note, when docker compose is used, no need to create docker network explicitly, it is taken care by docker compose internally.

Useful Docker Commands

Pradipta — Sun, 16 Jul 2023 16:03:32 +0000

Docker is a platform for developing, shipping and running applications. In this post, we'll discuss about some of the salient Docker commands used in our projects frequently.

docker pull
This command helps to pull the image from docker hub. If we do not specify the tag to be pulled, latest docker image will be pulled.

docker pull image:tag

docker pull mysql:8.0.33
8.0.33: Pulling from library/mysql
e2c03c89dcad: Pull complete 
68eb43837bf8: Pull complete 
796892ddf5ac: Pull complete 
6bca45eb31e1: Pull complete 
ebb53bc0dcca: Pull complete 
2e2c6bdc7a40: Pull complete 
6f27b5c76970: Pull complete 
438533a24810: Pull complete 
e5bdf19985e0: Pull complete 
667fa148337b: Pull complete 
5baa702110e4: Pull complete 
Digest: sha256:232936eb036d444045da2b87a90d48241c60b68b376caf509051cb6cffea6fdc
Status: Downloaded newer image for mysql:8.0.33
docker.io/library/mysql:8.0.33

docker images
Shows the docker images downloaded to the local machine.

docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
mysql        8.0.33    041315a16183   11 days ago   565MB

docker run
Runs the container from the docker image.

docker run -p6000:3306 --name some-mysql-new -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:8.0.33
0dacb1101ad336475f7ebcbc5e21cc9fb894f2bfa4c0a805f65d3ef1f39bf7e4

-p(host port):(container port) - Host port gets bounded to the container port so that it can be accessible.
-d : Runs the container in the detached mode.

docker ps
Shows the list of running containers.

docker ps
CONTAINER ID   IMAGE          COMMAND                  CREATED              STATUS              PORTS                               NAMES
0dacb1101ad3   mysql:8.0.33   "docker-entrypoint.s…"   About a minute ago   Up About a minute   33060/tcp, 0.0.0.0:6000->3306/tcp   some-mysql-new

docker stop
Stops a running docker container. The container id needs to be passed.

docker stop 0dacb1101ad3

docker start
Starts a docker container. The container id needs to be passed.

docker start 0dacb1101ad3

docker logs

Shows the logs of a Docker container. The container id needs to be passed.

docker logs 0dacb1101ad3
2023-07-16 14:02:16+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.33-1.el8 started.
2023-07-16 14:02:16+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2023-07-16 14:02:16+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.33-1.el8 started.
2023-07-16 14:02:16+00:00 [Note] [Entrypoint]: Initializing database files
2023-07-16T14:02:16.555166Z 0 [Warning] [MY-011068] [Server] The syntax '--skip-host-cache' is deprecated and will be removed in a future release. Please use SET GLOBAL host_cache_size=0 instead.
2023-07-16T14:02:16.555434Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.33) initializing of server in progress as process 81
2023-07-16T14:02:16.562164Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2023-07-16T14:02:17.077951Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2023-07-16T14:02:18.844888Z 6 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2023-07-16 14:02:23+00:00 [Note] [Entrypoint]: Database files initialized
2023-07-16 14:02:23+00:00 [Note] [Entrypoint]: Starting temporary server
2023-07-16T14:02:23.967805Z 0 [Warning] [MY-011068] [Server] The syntax '--skip-host-cache' is deprecated and will be removed in a future release. Please use SET GLOBAL host_cache_size=0 instead.
2023-07-16T14:02:23.969395Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.33) starting as process 123
2023-07-16T14:02:23.984575Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2023-07-16T14:02:24.258224Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2023-07-16T14:02:24.669973Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2023-07-16T14:02:24.670204Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2023-07-16T14:02:24.673431Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2023-07-16T14:02:24.732237Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: /var/run/mysqld/mysqlx.sock
2023-07-16T14:02:24.733339Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.33'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  MySQL Community Server - GPL.
2023-07-16 14:02:24+00:00 [Note] [Entrypoint]: Temporary server started.
'/var/lib/mysql/mysql.sock' -> '/var/run/mysqld/mysqld.sock'
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leapseconds' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/tzdata.zi' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.

2023-07-16 14:02:29+00:00 [Note] [Entrypoint]: Stopping temporary server
2023-07-16T14:02:29.418853Z 10 [System] [MY-013172] [Server] Received SHUTDOWN from user root. Shutting down mysqld (Version: 8.0.33).
2023-07-16T14:02:31.320144Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.33)  MySQL Community Server - GPL.
2023-07-16 14:02:31+00:00 [Note] [Entrypoint]: Temporary server stopped

2023-07-16 14:02:31+00:00 [Note] [Entrypoint]: MySQL init process done. Ready for start up.

2023-07-16T14:02:31.685058Z 0 [Warning] [MY-011068] [Server] The syntax '--skip-host-cache' is deprecated and will be removed in a future release. Please use SET GLOBAL host_cache_size=0 instead.
2023-07-16T14:02:31.686585Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.33) starting as process 1
2023-07-16T14:02:31.694428Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2023-07-16T14:02:31.882615Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2023-07-16T14:02:32.331478Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2023-07-16T14:02:32.331559Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2023-07-16T14:02:32.334663Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2023-07-16T14:02:32.367684Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx.sock
2023-07-16T14:02:32.367707Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.33'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server - GPL.
2023-07-16T14:07:21.221136Z 0 [System] [MY-013172] [Server] Received SHUTDOWN from user <via user signal>. Shutting down mysqld (Version: 8.0.33).
2023-07-16T14:07:22.110930Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.33)  MySQL Community Server - GPL.
2023-07-16 14:07:32+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.33-1.el8 started.
2023-07-16 14:07:32+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2023-07-16 14:07:32+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.33-1.el8 started.
'/var/lib/mysql/mysql.sock' -> '/var/run/mysqld/mysqld.sock'
2023-07-16T14:07:33.176975Z 0 [Warning] [MY-011068] [Server] The syntax '--skip-host-cache' is deprecated and will be removed in a future release. Please use SET GLOBAL host_cache_size=0 instead.
2023-07-16T14:07:33.178454Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.33) starting as process 1
2023-07-16T14:07:33.185757Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2023-07-16T14:07:33.376968Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2023-07-16T14:07:33.689001Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2023-07-16T14:07:33.689518Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2023-07-16T14:07:33.693007Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2023-07-16T14:07:33.743641Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx.sock
2023-07-16T14:07:33.744479Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.33'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server - GPL.

docker exec
Get into the terminal of the container.

docker exec -it 0dacb1101ad3 /bin/bash
bash-4.4# ls
bin  boot  dev  docker-entrypoint-initdb.d  entrypoint.sh  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
bash-4.4# exit
exit

-it refers to interactive.

docker image rm
Removes an image. Image name along with tag should be mentioned in the command.

docker image rm mysql:8.0.33 -f    
Untagged: mysql:8.0.33
Untagged: mysql@sha256:232936eb036d444045da2b87a90d48241c60b68b376caf509051cb6cffea6fdc
Deleted: sha256:041315a161837f8bb87361e13390abda7159b98aeedee5e6152a0bb7a9b45f27

How JWT authentication can be done using the latest release of Spring Security?

Pradipta — Sat, 15 Jul 2023 09:06:17 +0000

In this article, we will see how to implement JWT implementation using Spring Boot 3 and Java 17.

Go to Spring Initialiser and create a project with following dependencies. Please note, we are using MySQL database in this project.
https://start.spring.io/#!type=maven-project&language=java&platformVersion=3.1.1&packaging=jar&jvmVersion=17&groupId=com.example.jwt&artifactId=spring-security-jwt&name=spring-security-jwt&description=Implementation%20of%20JWT%20using%20Spring%20Boot%203&packageName=com.example.jwt&dependencies=web,data-jpa,mysql,security,lombok
Add the following additional dependencies separately as they are not available in Spring Initialiser for the JWT implementation.

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-api</artifactId>
    <version>0.11.5</version>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-impl</artifactId>
    <version>0.11.5</version>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-jackson</artifactId>
     <version>0.11.5</version>
</dependency>

Define entity class as follows to store the User Details under entities package.

package com.example.jwt.entities;

import jakarta.persistence.*;
import lombok.*;

@Entity
@Table(name = "USER_DATA")
@Data
@AllArgsConstructor
@NoArgsConstructor
@Getter
@Setter
@Builder
public class UserData {
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private long id;

    private String name;

    @Column(unique = true)
    private String email;

    private String password;

    private String roles;

    private boolean isEnabled;
}

Create a repository interface named UserRepository as follows.

package com.example.jwt.repository;

import com.example.jwt.entities.UserData;
import org.springframework.data.jpa.repository.JpaRepository;

import java.util.Optional;

public interface UserRepository extends JpaRepository<UserData, Long> {
    Optional<UserData> findByEmail(String email);
}

Create a package called dto and create two classes named AuthRequestDto and UserDto respectively.

package com.example.jwt.dto;

import lombok.*;

@Data
@AllArgsConstructor
@NoArgsConstructor
@Getter
@Setter
@Builder
public class AuthRequestDto {
    private String email;

    private String password;
}

package com.example.jwt.dto;

import lombok.*;

@Data
@AllArgsConstructor
@NoArgsConstructor
@Getter
@Setter
@Builder
public class UserDto {
    private Long id;

    private String name;

    private String email;

    private String password;
}

Create a UserService interface and its implementation to create the user in the database.

package com.example.jwt.service;

import com.example.jwt.dto.UserDto;

public interface UserService {
    public UserDto createUser(UserDto userDto);
}

package com.example.jwt.service.impl;

import com.example.jwt.dto.UserDto;
import com.example.jwt.entities.UserData;
import com.example.jwt.repository.UserRepository;
import com.example.jwt.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;

@Service
public class UserServiceImpl implements UserService {
    @Autowired
    private UserRepository userRepository;

    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Override
    public UserDto createUser(UserDto userDto) {
        UserData user = convertToEntity(userDto);
        return convertToDto(userRepository.save(user));
    }

    private UserData convertToEntity(UserDto userDto) {
        return UserData.builder()
                .name(userDto.getName())
                .password(passwordEncoder.encode(userDto.getPassword()))
                .email(userDto.getEmail())
                .roles("ROLE_USER")
                .isEnabled(true)
                .build();

    }

    private UserDto convertToDto(UserData user) {
        return UserDto.builder()
                .id(user.getId())
                .name(user.getName())
                .email(user.getEmail())
                .build();

    }
}

Create a controller class for exposing a REST endpoint to create users. Also, add an additional endpoint which will be secured and will help us to test the JWT implementation post the completion of the implementation.

package com.example.jwt.controller;


import com.example.jwt.dto.UserDto;
import com.example.jwt.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/users")
public class UserController {

    @Autowired
    private UserService userService;

    @PostMapping("/create")
    public ResponseEntity<UserDto> createUser(@RequestBody UserDto userDto) {
        UserDto createdUserDto = userService.createUser(userDto);
        return new ResponseEntity<>(createdUserDto, HttpStatus.CREATED);
    }

    @GetMapping("/secured")
    public String test() {
        return "secured";
    }
}

Create a Service class for JWT implementation as follows under the service package.

package com.example.jwt.service;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

import java.security.Key;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

@Service
public class JwtService {

    private static final String SECRET = "5367566B59703373367639792F423F4528482B4D6251655468576D5A71347437";

    public String extractUsername(String token) {
        return extractClaim(token, Claims::getSubject);
    }

    public Date extractExpiration(String token) {
        return extractClaim(token, Claims::getExpiration);
    }

    public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
        final Claims claims = extractAllClaims(token);
        return claimsResolver.apply(claims);
    }

    private Claims extractAllClaims(String token) {
        return Jwts
                .parserBuilder()
                .setSigningKey(getSignKey())
                .build()
                .parseClaimsJws(token)
                .getBody();
    }

    private Boolean isTokenExpired(String token) {
        return extractExpiration(token).before(new Date());
    }

    public Boolean validateToken(String token, UserDetails userDetails) {
        final String username = extractUsername(token);
        return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
    }


    public String generateToken(String userName) {
        Map<String, Object> claims = new HashMap<>();
        return createToken(claims, userName);
    }

    private String createToken(Map<String, Object> claims, String userName) {
        return Jwts.builder()
                .setClaims(claims)
                .setSubject(userName)
                .setIssuedAt(new Date(System.currentTimeMillis()))
                .setExpiration(new Date(System.currentTimeMillis() + 1000*60*30))
                .signWith(getSignKey(), SignatureAlgorithm.HS256).compact();

    }

    private Key getSignKey() {
        byte[] keyBytes= Decoders.BASE64.decode(SECRET);
        return Keys.hmacShaKeyFor(keyBytes);
    }
}

Create a filter package and create class called JwtAuthFilter class.

package com.example.jwt.filter;

import com.example.jwt.configuration.UserInfoUserDetailsService;
import com.example.jwt.service.JwtService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

@Component
public class JwtAuthFilter extends OncePerRequestFilter {

    @Autowired
    private JwtService jwtService;

    @Autowired
    private UserInfoUserDetailsService userDetailsService;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        String authHeader = request.getHeader("Authorization");
        String token = null;
        String username = null;
        if (authHeader != null && authHeader.startsWith("Bearer ")) {
            token = authHeader.substring(7);
            username = jwtService.extractUsername(token);
        }

        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = userDetailsService.loadUserByUsername(username);
            if (jwtService.validateToken(token, userDetails)) {
                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                SecurityContextHolder.getContext().setAuthentication(authToken);
            }
        }
        filterChain.doFilter(request, response);
    }
}

Create a new package configuration and create the class UserInfoUserDetailsService.

package com.example.jwt.configuration;

import com.example.jwt.entities.UserData;
import com.example.jwt.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

import java.util.Optional;

@Component
public class UserInfoUserDetailsService implements UserDetailsService {

    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Optional<UserData> userInfo = userRepository.findByEmail(username);
        return userInfo
                .map(UserInfoUserDetails::new)
                .orElseThrow(() -> new UsernameNotFoundException("User not found :" + username));

    }
}

Create UserInfoUserDetails class under the configuration package.

package com.example.jwt.configuration;

import com.example.jwt.entities.UserData;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;

public class UserInfoUserDetails implements UserDetails {

    private String email;
    private String password;
    private List<GrantedAuthority> authorityList;

    private boolean isEnabled;

    public UserInfoUserDetails(UserData user) {
        this.email = user.getEmail();
        this.password = user.getPassword();
        this.authorityList = Arrays.stream(user.getRoles().split(","))
                .map(SimpleGrantedAuthority::new).collect(Collectors.toList());

        this.isEnabled = user.isEnabled();

    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorityList;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return email;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return isEnabled;
    }
}

Create the SecurityConfiguration class under the configuration package for defining the security configuration of the application. Please note that WebSecurityConfigurerAdapter class is removed from latest released version of Spring Security. So, not required to extend any class now. We need to define the bean definition of SecurityFilterChain and provide the security configuration inside it.

package com.example.jwt.configuration;

import com.example.jwt.filter.JwtAuthFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfiguration {

    @Autowired
    private JwtAuthFilter jwtAuthFilter;

    @Bean
    public UserDetailsService userDetailsService() {
        return new UserInfoUserDetailsService();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> {
                    auth.requestMatchers("/users/create", "/authenticate/**").permitAll();
                    auth.requestMatchers("/users/**").authenticated();
                })
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authenticationProvider(authenticationProvider())
                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
                .build();

    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userDetailsService());
        authenticationProvider.setPasswordEncoder(passwordEncoder());
        return authenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        return configuration.getAuthenticationManager();
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

Create the AuthenticationController class and define a Rest endpoint to pass the credentials. In case of successful authentication against the database, a JWT token will be issued to the user for accessing the secured endpoints.

package com.example.jwt.controller;

import com.example.jwt.dto.AuthRequestDto;
import com.example.jwt.service.JwtService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/authenticate")
public class AuthenticationController {

    @Autowired
    private JwtService jwtService;

    @Autowired
    private AuthenticationManager authenticationManager;

    @PostMapping("/")
    public String authenticateUserAndGetToken(@RequestBody AuthRequestDto authRequestDto) {
        Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authRequestDto.getEmail(), authRequestDto.getPassword()));
        if(authentication.isAuthenticated())
            return jwtService.generateToken(authRequestDto.getEmail());
        else
            throw new UsernameNotFoundException("User not found!");
    }
}

Define the application configurations in the application.yml file.

server:
  port: 9002
  servlet:
    context-path: /jwt-implementation/

spring:
  datasource:
    url: jdbc:mysql://localhost:3306/<Database name goes here>
    username: <User Name goes here>
    password: <Password goes here>
    driver-class-name: com.mysql.cj.jdbc.Driver
  jpa:
    properties:
      hibernate:
        dialect: org.hibernate.dialect.MySQLDialect
    hibernate:
      ddl-auto: update

logging:
  level:
    org:
      hibernate:
        SQL: DEBUG
        type:
          descriptor:
            sql:
              BasicBinder: TRACE

Testing the implementation

Create the user.

Hit the /authenticate endpoint with the credentials to get the JWT token.

Hit the /secured endpoint with the JWT token received from the previous step. You should be able to access it successfully if the implementation has been done properly as per the above steps mentioned.

Source Code

https://github.com/pradz13/spring-security-jwt.git

Deploy Spring Boot Crud Application with MySQL Database to Minikube

Pradipta — Wed, 28 Dec 2022 16:24:06 +0000

Source Code : https://github.com/pradz13/K8S/tree/main/SpringBootCrudRest

K8S Scripts :
https://github.com/pradz13/K8S/tree/main/SpringBootCrudRest-scripts

Following are the steps to deploy Spring Boot Crud Application with MySQL Database in K8S Minikube cluster :

Create a Spring Boot Crud project with MySQL DB and test it locally.

Create the DB Deployment YML file. Please refer - https://github.com/pradz13/K8S/blob/main/SpringBootCrudRest-scripts/db-deployment.yaml

Persistent Volume Claim is created for providing storage space for the database. Deployment and Service concepts we have already discussed in the previous tutorial.

Start the Minikube - minikube start

Check Minikube status - minikube status

Allow Kubernetes to read our local Docker repository - eval $(minikube docker-env)

Deploy the MySQL Deployment created above in Minikube with the command - kubectl apply -f db-deployment.yaml

Get the MySQL running POD with the command - kubectl get pods

Connect to the Node inside the cluster using the following command - kubectl exec -it bash

Then use the following command to connect to MySQL Server : mysql -h mysql -u root -p

Use the command to see all databases :
show databases;

It should have created a database mentioned in our db-deployment.yaml file(mysql in this example). Change the database with the following command :

use database_name;

Build the Docker image of the Spring Boot application :
docker build -t springbootcrudrest:1.0 .

Check if the image has been build or not with the command : docker images

Write the Deployment and Service for Spring Boot application -
https://github.com/pradz13/K8S/blob/main/SpringBootCrudRest-scripts/app-deployment.yaml

Deploy the Spring Boot Deployment created in Minikube with the command - kubectl apply -f app-deployment.yaml

Deploy simple SpringBoot application in Minikube

Pradipta — Thu, 22 Dec 2022 18:10:02 +0000

Source Code repository -
https://github.com/pradz13/K8S/tree/main/kubernetes-demo

Kubernetes Scripts repository -
https://github.com/pradz13/K8S/tree/main/kubernetes-demo-scripts

Please follow the following steps to deploy the Spring Boot application in Minikube -

Start the Minikube - minikube start
Check Minikube status - minikube status
Allow Kubernetes to read our local Docker repository - eval $(minikube docker-env)
List all the Docker images - docker images
Navigate to project folder and create the image of the application docker build -t kubernetes-demo:1.0 .
Again check the list of Docker images - docker images
Create the K8S deployment file - deployment.yaml
Deploy the deployment file in the cluster with command : kubectl apply -f deployment.yaml
Check the deployment status : kubectl get depoyments
Check the running pods : kubectl get pods
Fetch the logs of running PODs : kubectl logs
Create a service.yaml for Service discovery, it will also act as a Load Balancer
Expose the app creating the service : kubectl apply -f service.yaml
Check the service status : kubectl get service
To get the URL type the command : minikube service kubernetes-demo-svc --url
Application can be accessed by the URL retrieved at step 15
Dashboard can be launched using the command : minikube dashboard

Kubernetes local environment set up in Mac

Pradipta — Wed, 21 Dec 2022 16:10:26 +0000

Environment Setup in Mac :

kubctl : It is a command line tool that helps to connect to K8S Cluster. Run the following command -

brew install kubectl

After installation check the version with the following command -

kubectl version

Hyperkit : Install a Hypervisor

brew install hyperkit

See the installations done already using the command -

brew list

Minikube : Minikube is a tool that helps to run K8S Cluster in local machine. It runs Single Node K8S cluster on local machine which eases the process of development. Install -

brew install minikube

Verify installation -

minikube version

Start Minikube(prerequisite - Docker Daemon should be up and running) -

minikube start

Status of Minikube -

minikube status

Check the Cluster Information -

kubectl cluster-info

Check nodes -

kubectl get nodes

Stop Minikube -

minikube stop

Delete cluster

minikube delete

Architecture of Kubernetes on a high level

Pradipta — Wed, 21 Dec 2022 11:30:17 +0000

As discussed in the previous post of the series, Kubernetes has one Master node and multiple Worker nodes. Master node monitors all Worker nodes. In Kubernetes, there must be at least one Cluster, one Master node and one Worker node.

Master Node : It has four components. They are API Manager, Scheduler, Controller Manager and ETCD.

API Server acts as a Cluster Gateway. It can be used using command line tool kubectl or through Kubernetes Dashboard.

Scheduler schedules PODs in the Worker nodes based of availability of CPU and Memory. Scheduler gets the information of Worker nodes from ETCD.

Whenever a POD or Node gets crashed, ReplicaSet creates a new one. Controller Manager manages the process of Scheduling the same as per availability working with the Scheduler.

Worker Node : It has three components. They are kubelet, kube-proxy and Container runtime.

Kubelet is an agent that runs on each Worker node and communicates with Master node using API Server.

Kube-Proxy is a network agent that runs on each Worker node.

Container runtime helps to run container inside PODs.

Kubernetes and its main components

Pradipta — Wed, 21 Dec 2022 10:58:00 +0000

Kubernetes(K8S) is a Container Orchestration Engine. It automates the process of deploying, scaling and managing containerized applications.

There are many components of Kubernetes. Following are the key components -

POD : Containers are wrapped into a functional unit known as PODs. Each POD has single IP address.
Node : PODs(one or multiple) are clubbed into a virtual machine known as Node.
Cluster : Multiple nodes are clubbed into Cluster. Kubernetes cluster comprises of one Master node and many Worker nodes.
ReplicaSet : Creates replicas of PODs to ensure no downtime of the application.
Service : One or more PODs can associate with a single Service. Service provides static IP and DNS name. Service also plays the role of Load Balancer by forwarding the traffic to the appropriate POD. There are three types of Services -
Cluster IP
NodePort
LoadBalancer
Deployment : Kubernetes objects for managing PODs. Deployments can be created using commands or YML files.
ConfigMap and Secrets : Configurable properties of the application are stored in ConfigMap. Sensitive Configurable properties of the application are stored in Secrets.
ETCD : It is a key-vale datastore. Kubernetes cluster configuration is stored in ETCD.
Volumes : Volumes are used for persistent datastore like database.

What is Record in Java? What problem does it solve?

Pradipta — Sat, 11 Jun 2022 16:40:22 +0000

For any data intensive applications, we write Java classes that can hold the data as per our requirement.

We need to define the following in most cases :

Define the variables
Define the constructor
Define the getter and setter methods
Override equals() and hashCode() methods
Override the toString() method

Although some of these can be auto-generated from IDEs, but lines of code increases with the increasing number of data elements.

Record comes to the rescue and reduces all the boilerplate code we had to write thus far. Record was introduced in Java language as a preview feature in Java SE 14.

How to define a record?

public record EmployeeRecord(String name, int employeeNumber) {
}

Records can be instantiated like a class and attributes can be accessed by getter methods[please note that the the getter method names do not start with getXXXX()]

public class RecordExampleTest {
    public static void main(String[] args) {
        EmployeeRecord employeeRecord = new EmployeeRecord("Pradipta", 123);
        System.out.println(String.format("Employee Name : %s , Employee Number : %s",
                employeeRecord.name(), employeeRecord.employeeNumber()));
    }
}

Constructor gets automatically generated which is known as Cannonical Constructor. The methods like toString(), equals() and hashCode() methods are also automatically generated implicitly.

Some points to remember :

Instance methods and static methods can be created inside a Record.
Static fields can be declared inside a Record.
Instance fields cannot be declared inside a Record.
Records cannot extend any other class as it implicitly extends Record class. As Java does not support Multiple Inheritance, Records cannot extend any other class.
Records are implicitly final - they cannot be extended by any other classes.
Records can implement interfaces.
Although Records provide Cannonical constructor by default, custom constructors can be created as well. It is not necessary to mention the arguments and set them explicitly if all the arguments to be set as mentioned in the Record. This is also known as Compact Constructor. Compact Constructors may be useful if some custom logic needs to be implemented.

The points mentioned above can be represented like below :

public record EmployeeRecord(String name, int employeeNumber) {
    private static final String DEFAULT_VALUE = "default-value";

    public EmployeeRecord {
        if(employeeNumber < 0)
            throw new IllegalStateException("Employee Numbers cannot be negative");
    }
    public String generateUniqueNumber() {
        return name + "-" + employeeNumber;
    }

    public static void printSomething() {
        System.out.println("Print anything here...." + DEFAULT_VALUE);
    }
}

Regular Expressions - Cheat Sheet

Pradipta — Fri, 23 Jul 2021 17:39:01 +0000

Metacharacters -

a. Wildcard - dot(.) matches any character except line breaks
b. Escaping - Backslash(\) allows use of metachacaters as literal characters
c. Special characters - Space, Tab(\t)

Character Sets -

[aeiou] - Matches one character from within the character set
[a-zA-Z0-9] - Character range
[^a-e] - Negative character set

Shorthand -
\d - [0-9]
\w - [a-zA-Z0-9_]
\s - Whitespace[\t\r\n]
\D - No digit
\W - Non word character
\S - Not Whitespace

Repetition -

- Preciding item, 0 or more times
- Preciding item, 1 or more times ? - Preciding item, 0 or 1 time

Ex : Good .+. - matches Good morning. Good day.
\d+ - Matches any number of characters
\s[a-z]+ed\s - Matches any word ending with ed.
It should have leading and trailing spaces.

Quantified repition -
{min, max}

\d{4,8} - 4 to 8 digits
\d{4} - Exactly 4 digits
\d{4,} - With 4 or more digits

Ex : \d{1}.\s\w{0,6}

a. a
b. ab
c. abc
d. abcd
e. abcde
f. abcdef

(+\d{1})\d{3}-\d{3}-*\d{4}
111-233-3455
1112333455
+1111-233-3455

Greedy Expression - Tries to match longest possible string

Lazy Expression - ? - Make preceding quantifier lazy

"(.|\n)+?" - Find anything within quotes including new line.

Grouping and Alteration

(in)?dependent - Matches independent and dependent
(abc)+ - Matches abc and abcabcabc

(\d{3})-(\d{3})-(\d{4}) - 555-666-8767
$1.($2).$3 - Gives 555.(666).8767

Alternation Metacharacter - |
apple|orange - Matches apple or orange

peanut(butter)? - Matches peanutbutter (Greedy)
peanut(butter)?? - Matches peanut (Lazy)

Anchors

^ - Start of String/Line
$ - End of String/Line
\A - Start of String, never end of line
\Z - End of String, never end of line

^\w+.\w+@\w+.[a-z]{3}$ - Email validation(^ and $ added to ensure it matches entire regular expression)
Word Boundary - \b - Word Boundary(Start/End of Word)
\B - Not a Word Boundary

Secure your Restful WebServices using JWT | Spring Boot

Pradipta — Sun, 21 Mar 2021 05:37:05 +0000

JWT(JSON Web Token) is the most popular way of securing your Restful Web Services. If you want to learn more about JWT, please refer the following website -

JWT Reference

This article is intended towards a working example of how JWT can be implemented using Spring Boot, Spring Security and Relational Database(MySQL in this example).

Create a new Spring Boot project and add the following dependencies -

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>javax.xml.bind</groupId>
            <artifactId>jaxb-api</artifactId>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.1</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>

Add the following properties in application.properties that resides in src/main/resources -

server.port=9091
jwtdemo.secretKey=jWtSpRiNgBoOtExAmPlE

spring.datasource.url = jdbc:mysql://localhost:3306/<Database Name>?useSSL=false
spring.datasource.username = <DB User Name>
spring.datasource.password = <DB Password>


## Hibernate Properties
# The SQL dialect makes Hibernate generate better SQL for the chosen database
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5InnoDBDialect

# Hibernate ddl auto (create, create-drop, validate, update)
spring.jpa.hibernate.ddl-auto = update

Add the following Configuration class to read the values from properties file -

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;

@Configuration
@ConfigurationProperties(prefix = "jwtdemo")
@Data
@AllArgsConstructor
@NoArgsConstructor
public class ConfigProperties {
    private String secretKey;
}

Add the following Security Configuration.

import com.springboot.jwt.filter.JWTFilter;
import com.springboot.jwt.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;

    @Autowired
    private JWTFilter jwtFilter;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf()
                .disable()
                .authorizeRequests()
                .antMatchers("/authenticate", "/add-user")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
    }

Add the following Entity class which corresponding to the database table -

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

import javax.persistence.*;

@Entity
@Table(name = "userdetails")
@Data
@NoArgsConstructor
@AllArgsConstructor
public class UserEntity {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private long id;

    @Column(name = "first_name")
    private String firstName;

    @Column(name = "last_name")
    private String lastName;

    @Column(name = "email")
    private String email;

    @Column(name = "user_name")
    private String userName;

    @Column(name = "password")
    private String password;
}

Add the database repository interface

import com.springboot.jwt.entity.UserEntity;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

@Repository
public interface UserRepository extends JpaRepository<UserEntity, Long> {
    UserEntity findByUserName(String userName);
}

Add the following JWT Utility class -

import com.springboot.jwt.config.ConfigProperties;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

@Component
public class JWTUtility implements Serializable {

    private static final long serialVersionUID = 1L;

    public static final long JWT_TOKEN_VALIDITY = 5 * 60 * 60;

    @Autowired
    private ConfigProperties configProperties;

    //retrieve username from jwt token
    public String getUsernameFromToken(String token) {
        return getClaimFromToken(token, Claims::getSubject);
    }

    //retrieve expiration date from jwt token
    public Date getExpirationDateFromToken(String token) {
        return getClaimFromToken(token, Claims::getExpiration);
    }


    public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
        final Claims claims = getAllClaimsFromToken(token);
        return claimsResolver.apply(claims);
    }


    //for retrieving any information from token we will need the secret key
    private Claims getAllClaimsFromToken(String token) {
        return Jwts.parser().setSigningKey(configProperties.getSecretKey()).parseClaimsJws(token).getBody();
    }


    //check if the token has expired
    private Boolean isTokenExpired(String token) {
        final Date expiration = getExpirationDateFromToken(token);
        return expiration.before(new Date());
    }


    //generate token for user
    public String generateToken(UserDetails userDetails) {
        Map<String, Object> claims = new HashMap<>();
        return doGenerateToken(claims, userDetails.getUsername());
    }


    //while creating the token -
    //1. Define  claims of the token, like Issuer, Expiration, Subject, and the ID
    //2. Sign the JWT using the HS512 algorithm and secret key.
    private String doGenerateToken(Map<String, Object> claims, String subject) {
        return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
                .setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY * 1000))
                .signWith(SignatureAlgorithm.HS512, configProperties.getSecretKey()).compact();
    }


    //validate token
    public Boolean validateToken(String token, UserDetails userDetails) {
        final String username = getUsernameFromToken(token);
        return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
    }

Add the following model objects for sending and receiving JWT Request and Response data simultaneously.

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@AllArgsConstructor
@NoArgsConstructor
public class JWTRequest {

    private String userName;
    private String password;
}

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@AllArgsConstructor
@NoArgsConstructor
public class JWTResponse {

    private String jwtToken;
}

Add the JWT Request Filter for performing the authentication.

import com.springboot.jwt.service.UserService;
import com.springboot.jwt.utility.JWTUtility;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class JWTFilter extends OncePerRequestFilter {

    @Autowired
    private JWTUtility jwtUtility;

    @Autowired
    private UserService userService;

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest,
                                    HttpServletResponse httpServletResponse,
                                    FilterChain filterChain) throws ServletException, IOException {

        String authorization = httpServletRequest.getHeader("Authorization");
        String token = null;
        String userName = null;

        if(null != authorization && authorization.startsWith("Bearer ")) {
            token = authorization.substring(7);
            userName = jwtUtility.getUsernameFromToken(token);
        }

        if(null != userName && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = userService.loadUserByUsername(userName);

            if(jwtUtility.validateToken(token,userDetails)) {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken
                        = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());

                usernamePasswordAuthenticationToken.setDetails(
                        new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));

                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
            }

        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}

Add the Service class -

import com.springboot.jwt.entity.UserEntity;
import com.springboot.jwt.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.ArrayList;

@Service
public class UserService implements UserDetailsService {

    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        UserEntity userEntity = userRepository.findByUserName(s);
        return new User(userEntity.getUserName(), userEntity.getPassword(), new ArrayList<>());
    }
}

Add the Controller class with three endpoints- /add-user endpoint is used for adding user to database, /authenticate is used for JWT Authentication, /restricted-access-rest-endpoint is a restricted endpoint which can be used post successful JWT authentication -

import com.springboot.jwt.entity.UserEntity;
import com.springboot.jwt.model.JWTRequest;
import com.springboot.jwt.model.JWTResponse;
import com.springboot.jwt.repository.UserRepository;
import com.springboot.jwt.service.UserService;
import com.springboot.jwt.utility.JWTUtility;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
@Slf4j
public class UserController {

    @Autowired
    private JWTUtility jwtUtility;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserService userService;

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @PostMapping("/add-user")
    public UserEntity createUser(@RequestBody UserEntity userEntity) {
        log.info("Saving the new user with user name : " + userEntity.getUserName());
        userEntity.setPassword(passwordEncoder.encode(userEntity.getPassword()));
        return userRepository.save(userEntity);
    }

    @GetMapping("/restricted-access-rest-endpoint")
    public String restrictedAccessEndpoint() {
        return "Welcome to the demo of JWT with Spring Boot!!!!";
    }

    @PostMapping("/authenticate")
    public JWTResponse authenticate(@RequestBody JWTRequest jwtRequest) throws Exception {
        try {
            authenticationManager.authenticate
                    (new UsernamePasswordAuthenticationToken(jwtRequest.getUserName(), jwtRequest.getPassword()));

        } catch (BadCredentialsException e) {
            throw new Exception("INVALID_CREDENTIALS", e);
        }
        final UserDetails userDetails = userService.loadUserByUsername(jwtRequest.getUserName());
        final String token = jwtUtility.generateToken(userDetails);
        return new JWTResponse(token);
    }
}

The entire source code is available in the following link - JWTCodebase

Important IntelliJ Idea Shortcuts I use in my day-to-day coding

Pradipta — Sun, 21 Feb 2021 16:04:09 +0000

IntelliJ Idea IDE is the most popular IDE among Java Developers now-a-days. I use it for my day-to-day coding assignments. I use the following shortcuts quite heavily to improve my productivity while using IntelliJ Idea.

Alt + 1 - Show/Hide Project Explorer
Double Shift - Search Anything in IntelliJ Idea
Increase Fonts - Double Shift and Search 'Increase Fonts'
Decrease Fonts - Double Shift and Search 'Decrease Fonts'
Ctrl + E - Navigate between files opened in Explorer
Ctrl + Shift + E - Shows the last changed files
Ctrl + Shift + N - Search all files
Ctrl + N - Search only class files
Ctrl + Alt + L - Reformat Code
Ctrl + B - Open Declaration

I hope these shortcuts will also help you to improve your productivity. For complete list of shortcuts, please refer to the Jetbrains official website -

(https://www.jetbrains.com/help/idea/mastering-keyboard-shortcuts.html)