In Spring AOP, there are two main ways to define pointcut that we use most often:
Non-intrusive interception using execution. Use annotations for interception. This should be the daily work of the two most used in the definition of Pointcut. But in addition to these two there are some other, this article to explore this topic.
1. Pointcut Classification Take a look at the definition of Pointcut:
1 2 3 4 5 public interface Pointcut { ClassFilter getClassFilter(); MethodMatcher getMethodMatcher(); Pointcut TRUE = TruePointcut.
Analyzing Spring IOC Source Code
If you’re going to learn, the best time to do it was ten years ago, followed by the present.
In the Spring Framework, IOC (Inversion of Control) is one of the most important core concepts. It is implemented by means of containers such as BeanFactory and ApplicationContext to manage object creation, dependency injection, life cycle and so on.
Below, we will analyze Spring’s source code to better understand the principle of IOC implementation.
Difference between BeanFactory and FactoryBean in Spring
In fact, from the name you can see that BeanFactory is Factory and FactoryBean is a Bean, let’s look at the summary:
BeanFactory is one of the core interfaces of the Spring Framework for managing and obtaining instances of beans in an application. It is an implementation of the Factory pattern and is responsible for creating, configuring, and managing Bean objects.BeanFactory is the foundation of the Spring IoC container, which reads Bean definitions from configuration metadata (e.
Auto-configuration in Spring Boot
1. @SpringBootApplication To talk about the auto-configuration of Spring Boot, it is important to start with the project’s starter class @SpringBootApplication, which is the starting point of the whole Spring Boot universe. The definition of this annotation is as follows.
1 2 3 4 5 6 7 8 9 10 11 @Target(ElementType.TYPE) @Retention(RetentionPolicy.RUNTIME) @Documented @Inherited @SpringBootConfiguration @EnableAutoConfiguration @ComponentScan(excludeFilters = { @Filter(type = FilterType.CUSTOM, classes = TypeExcludeFilter.class), @Filter(type = FilterType.CUSTOM, classes = AutoConfigurationExcludeFilter.
Multi-tenant architecture with Spring Boot and Spring Cloud: supporting multi-tenant deployment and management of applications
1. Overview 1.1. What is a multi-tenant architecture? A multi-tenant architecture is an application that supports simultaneous access by multiple tenants, each with separate resources and data, and is completely isolated from each other. In layman’s terms, multi-tenancy is the process of “partitioning” an application into multiple independent instances, each without interfering with the other, according to the needs of the customer.
1.2. Advantages of multi-tenant architecture It can better meet the individual needs of different tenants.
Using Spring Security for authentication and authorisation
Spring Security is an open source security framework that provides permission-based access control, authentication, security event publishing, and other features. Using Spring Security in a Spring Boot application makes it very easy to implement user authentication and authorization.
The main way Spring Security implements authentication is by using an authentication filter chain that contains multiple filters for authenticating and authorising users. In Spring Security, authentication and authorisation are processed through the filters in the filter chain, ultimately returning a successfully authenticated user object.
The difference between @Resource and @Autowired in Spring
1. Analysis from the usage level First, we create an interface UserService and two implementation classes UserServiceImpl1 and UserServiceImpl2.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 public interface UserService { void save(); } @Service public class UserServiceImpl1 implements UserService { @Override public void save() { System.out.println("UserServiceImpl1 save"); } } @Service public class UserServiceImpl2 implements UserService { @Override public void save() { System.
Researching Spring Framework past vulnerabilities
The main goal of this article is to analyze, summarize, and summarize the historical Spring framework vulnerabilities, so as to try to find out the potential patterns, in order to learn from the past. Of course, as a Java novice, before directly analyzing the vulnerabilities, we will first learn some core concepts in Spring from the developer’s perspective, so as to lay the foundation for the subsequent understanding.
Preface Spring was originally created in 2003 as a competitor to J2EE due to the complexity of the early J2EE specifications and the lack of community input.
The resources configuration in spring-boot-starter-parent
When you create a Spring Boot project, there is a parent by default, which helps us determine the project’s JDK version, coding format, dependency version, plugin version, and various other common things. Some of you may have seen the source code of the parent, which has a configuration like this.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 <resources> <resource> <directory>${basedir}/src/main/resources</directory> <filtering>true</filtering> <includes> <include>**/application*.
Spring Boot Applications and Unit Testing
Spring Boot provides a rich set of testing features, consisting of the following two modules:
spring-boot-test: Provides core functionality for testing. spring-boot-test-autoconfigure: Provides automatic configuration of tests. Spring Boot provides a spring-boot-starter-test one-stop starter, as shown in the following dependency configuration.
1 2 3 4 5 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> The Test starter dependency contains not only the two Spring Boot modules above, but also the Spring Test test module, as well as other third-party testing libraries, as shown below.
Authentication and authorization with Spring Security
Using Spring Seucurity to implement login authentication and authorization management is a large part of the project, and a relatively difficult part. This project has improved on the original project by replacing the deprecated FilterSecurityInterceptor authorization API with the new AuthorizationFilter authorization API recommended by the new version, and by taking into account the concurrent security of authorization during coding. In addition, the project has integrated Spring Session to provide cluster session support, improved the authorisation of anonymously accessible interfaces, added the ability to disable roles, and made some code optimisations.
File Downloading in Spring Boot Applications
This article provides guidance on how to download a single file, download a Gzip-compressed file, and download multiple files through a zip archive in a Spring Boot application.
Download a single file The key points are as follows.
Get the size of the file. Get the media type (Content-Type) of the file. Construct the Content-Disposition header with the ContentDisposition utility class to avoid the problem of downloading file name gibberish. Copy data to the client.
Inventory of Spring Security framework in the eight classic design patterns
1. Template method pattern The template method pattern is an abstract class that overtly defines a template for executing its methods. Its subclasses can override the method implementation as needed, but the invocation will be made in the same way as defined in the abstract class, which is a behavioral pattern.
The advantages of the Template method are as follows.
The public part of the code is extracted in the parent class, which is easy to reuse and extend the code.
Customizing Jackson in Spring Boot2 Applications
Overview This article was originally written to understand how Spring Boot2 specifically serializes and deserializes the JSR 310 datetime system, Spring MVC application scenarios are as follows.
using @RequestBody to read the JSON request body from the client and encapsulate it into a Java object. use @ResponseBody to serialize the object into JSON data and respond to the client. For some basic types of data like Integer, String, etc., Spring MVC can solve it with some built-in converters without user concern, but for datetime types (e.
Comparison and application of Spring AOP and AspectJ
1. Introduction AOP, or aspect-oriented programming is a very common technique, especially in Java Web development. And the most popular AOP frameworks are Spring AOP and AspectJ respectively.
2. Spring AOP vs AspectJ Spring AOP is based on the Spring IoC implementation, which addresses most common requirements, but it is not a complete AOP solution. It has even less to offer for objects that are not managed by the Spring container.
Migrating Spring Cloud Eureka Registry to K8s
Background Recently, I was responsible for migrating our Spring Cloud microservices running on AliCloud ECS to k8s. To ensure smoothness, we still need to keep the Eureka system in k8s, and will not consider removing Eureka until all services are running in k8s.
The implementation process can be roughly divided into two phases: pilot and full-scale rollout.
In the pilot phase, some independent peripheral services are migrated to k8s to observe the operation.
Spring WebFlux supports Spring Security for JWT authentication
Mobile projects, authentication requirements are relatively simple, Spring Cloud Gateway is only responsible for JWT verification and role authentication, login and so on are all custom processing, microservices pass JWS to achieve the purpose of passing credentials, downstream services do not need to authenticate and do not rely on Spring Security, the code that requires the current user directly resolve JWS to get the current user
There is also the fact that WebSecurityConfigurerAdapter has been marked as deprecated in Spring Security 5.
javax.inject.Named is not available after upgrading to Spring Boot 3
To keep up with Spring 6, Spring Boot released 3.0.0 on November 24, 2022. The current version is 3.0.1 (2022-12-23). Spring 6 requires JDK 17+, and naturally Spring Boot 3 requires JDK 17+ to work. For those who have been clinging to JDK 8, upgrading to Spring Boot 3 is a big challenge.
What are the significant features that Spring Boot brings to the table?
Relies on Spring 6, requires Java 17 minimum, Java 19 compatible support for generating GraalVM native images, replacing the experimental Spring Native project requires Java EE 9 and supports Jakarta EE 10 as a minimum dependency migration from Java EE to Jakarta EE API Upgrade to Tomcat 10 For guidance on upgrading from Spring Boot 2.
Talking about the push and pull model of service discovery
Preface In the past year, my focus has been on API gateway (AliCloud CSB), which is a new area for me, but inseparable from my previous exposure to microservices governance. API gateways for microservices scenarios require some basic capabilities, one of which is to connect to registries that serve as entry points for microservices. For example, Zuul and SpringCloud Gateway have implemented such a feature. In fact, many open source gateways have major limitations in this feature, so I will not discuss these limitations in this paper, but share my thoughts on it for the common scenario of service discovery.
GraalVM and Spring Native Tasting, Launching SpringBoot Projects in 66ms
Introduction GraalVM is a high-performance JDK that supports Java/Python/JavaScript and other languages. It allows Java to be turned into a binary file for execution, making programs run faster anywhere. This may be a war between Java and Go?
Download and install GraalVM Install GraalVM First of all, go to the official website to download, I downloaded it directly from GitHub Release Page, please download the corresponding system package, I downloaded the following.