#SpringBoot : Tutorial Part 3 (Basic Spring Boot Project)

ALSO CHECK: #SpringBootTutorial

In the part 1 of #SpringBoot tutorial we got the gist of the Spring Boot, in part 2 we discussed dependency injection. Now in this tutorial we will create a basic Spring Boot project from scratch.

You can STS (Spring Tool Suite) to create the project. STS is an Eclipse-based development environment. It is an IDE to develop Spring applications. It provides a ready-to-use environment to implement, run, deploy, and debug the application.

You can download the Spring Tool Suite from https://spring.io/tools3/sts/all. It's pretty simple to install.

#SpringBoot : Tutorial Part 2 (Dependency Injection)

ALSO CHECK: #SpringBootTutorial

In the previous tutorial we got the gist of the Spring Boot. Before proceeding further let's discuss Dependency Injection.

What is Dependency Injection (DI)?

When writing a complex Java application, application classes should be as independent as possible of other Java classes to increase the possibility to reuse these classes and to test them independently of other classes while doing unit testing. Dependency Injection helps in gluing these classes together and keeping them independent at the same time.

Dependency Injection design pattern allows us to remove the hard-coded dependencies and make our application loosely coupled, extendable and maintainable. 

#SpringBoot : Tutorial Part 1

ALSO CHECK: #SpringBootTutorial

In this tutorial we will have some basic theoretical knowledge about Spring Boot.

What is Spring Boot?

• Spring Boot is not a framework, it is a way to create stand-alone applications with minimal or zero configurations.
• With Spring Boot we can develop spring based applications with very less configuration. It provides defaults for code and annotation configuration to quickly start new spring projects within no time.
• It is a Spring module that provides the RAD (Rapid Application Development) feature to the Spring Framework. It comes with the auto-dependency resolution, embedded HTTP servers, auto-configuration, management endpoints and Spring Boot CLI.
• SpringBoot uses convention over configuration software design paradigm, that's why in SpringBoot we don't have XML configuration (deployment descriptor) or beans defined with @Configuration. It had embedded HTTP servers. In short we can say Spring Boot is the combination of Spring Framework and Embedded Servers.

#SpringSecurity: OAuth2 Implementation with Spring Boot

ALSO CHECK: Spring Interview Questions and Answers

In this tutorial we will learn to build an authorization server using oauth2 to authenticate user's identity to provide access_token. This access_token will be used to request data from resource server.

We will be creating an authorization server and embedding the resource server inside authorization server. Authorization server will generate the tokens and resource server will validate these token.

We will be having two services, first one would be authorization server (along with resource server) and the second one would be a client, from which we will be accessing the servers.

#SpringSecurity: What is the difference between access and refresh token?

ALSO CHECK: Spring Interview Questions and Answers

Access Token

• An access token is a string representing an authorization issued to the client. Tokens represent specific scopes and duration of access, granted by the resource owner, and enforced by the resource server and authorization server.
• An access token is put in the Authorization header of our request and it usually looks like 'Bearer h090Yuuyuiyv'. It is verified by the API, which the client is calling.
• Access token are usually in JWT format, but you can use any other format.
• Access tokens are usually short lived, because it is difficult (although not impossible) to centrally revoke access tokens.
• The responsibility of access token is to access data before it gets expired.

#SpringSecurity:Oauth 2.0 Roles

ALSO CHECK: Spring Interview Questions and Answers

OAuth 2 is an authorization method to provide access to protected resources over the HTTP protocol.

It enables a third-party application to obtain limited access to an HTTP service:
a). Either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service
b). Or by allowing the third-party application to obtain access on its own behalf.

#SpringSecurity: What’s the difference OAuth 1.0 and OAuth 2.0?

ALSO CHECK: Spring Interview Questions and Answers

 OAuth 2.0 is a completely new protocol, and this release is not backwards-compatible with OAuth 1.0.

#JWT: Part 3 - Spring Boot project with Spring Security and JWT Example

ALSO CHECK: Spring/JWT Interview Questions And Answers

We will develop a Spring boot project with Spring security and JWt from scratch.

Objectives:
1). Create an API which will authenticate the user details and generate JWT token.
2). Functionality which will verify each request for the valid JWT.

#JWT: Part 2 - JWT Structure

ALSO CHECK: Spring/JWT Interview Questions And Answers

What is JWT token?
JWT (JSON Web Token) is a safe, compact, and self-contained way of transmitting information between multiple parties in the form of a JSON object. It is used for authorization.

#JWT: Part 1 - Authorization Strategies, Real Life examples of Session and JWT Token

ALSO CHECK: Spring/JWT Interview Questions And Answers

Authorization Strategies
HTTP is a stateless protocol that's why we need to send all the desired information each time, so that the server can authorize the request.

Let's say you are logged in tinder, while login you need to enter your user name and password. Tinder will verify if you are a valid user or not, if yes, it will start showing potential matches. Now if you right or left swipe on any profile, or do anything else on Tinder, it will send a request again to the Tinder server. Since HTTP is stateless, with each request you will asked to enter your credentials, which is quite irritating. To solve this problem, the session is managed.

#SpringAOP Part 2: Aspect Oriented Programming Interview Questions & Answers

ALSO CHECK: Spring Interview Questions And Answers

How to declare aspect in Spring AOP?
 < bean id="myAspect" class="com.scrutiny.aop.MyAspect" >
   < !-- configure properties of aspect here -- >
 < /bean >

Difference between Spring's @RequestParam vs @PathVariable

ALSO CHECK: Spring Interview Questions

What is the difference between Spring's @RequestParam vs @PathVariable Annotations.
Let's first understand the purpose and usage of @RequestParam and @PathVariable.

@RequestParam annotation is used to get the request parameters from URI, also known as query parameters. e.g If we have an incoming request with order id – http://scrutinybykhimaanshu.com/posts?postId=72

Then we can read the get the postId, using @RequestParam like below

@RequestMapping("/posts")
public String getPostDetails(@RequestParam("postId") String postId) {
  return "postDetails";
}

The required=false can be used to make the query parameter optional. e.g

@RequestMapping("/posts")
public String getPostDetails(@RequestParam(value="postId", required=false) String postId) {
  return "postDetails";
}

How to use YAML with Spring Boot?

ALSO CHECK: Spring Interview Questions

What is YAML?
YAML stands for 'YAML Ain’t Markup Language'.

It is a human friendly data serialization standard for all programming languages. It is a superset of JSON, and as such is a very convenient format for specifying hierarchical configuration data.

YAML is more readable and it is good for the developers for read/write configuration files.

Spring Security-Part 4.3: Form Based Authentication

> > Previous Tutorial: Spring Security-Part 4.2

Form Based Authentication

• When we do basic authentication, we need to pass 'Authorization' in header (e.g, Authentication:Basic BASE_64_UserName:Password). Though the basic auth is simple and fast, it has one disadvantage that we can't logout.
• We can user form based authentication, in which user will enter user name and password and can logout whenever required.

To switch from Basic to Form based authentication, we need to update ApplicationSecurityConfig. In the configure() method instead of httpBasic(), we need to use formLogin().

Spring Security-Part 4.2: @PreAuthorize, @PostAuthorize, @Secured, @RoleAllowed, @EnableGlobalMethodSecurity annotations

< < Previous Tutorial : Spring Security-Part 4.1

Annotation Based Roles and Authorities/Permissions

In our previous tutorial we had configured the roles and authorities in ApplicationSecurityConfig (which extends WebSecurityConfigurerAdapter). We can do the same thing by using @PreAuthorize annotation.

Spring Security-Part 4.1: Spring Security

Let's create a new project from Spring Initializr https://start.spring.io/.

• Project: Maven Project
• Language: Java
• Spring Boot: 2.2.4
• Group: com.example
• Artifact: spring-security-demo
• Java Version: 8
• Dependencies: Spring Web

Generate the project and import it in either Eclipse/STS or IntelliJ.

Spring Security-Part 3 : Spring Security with JPA authentication and MySQL

Example of Spring Security with JPA authentication and MySQL
We will build a Spring boot project with Spring Security that will do database authentication using JPA and connect with MYSQL database.

Let's say we have a mysql database locally with database instance with name 'springsecurity'. This database has a table with a name 'user'. 'roles' has comma separated roles.

#SpringSecurity Part 3 : Spring Security Flow

In the Part 1 of #SpringSecurity tutorial, we learned the difference between Authentication and Authorization. In Part 2, we created a Basic Authentication implementation was explained.

In this section, we will understand Spring Security Flow.

Above diagram show, how Spring Security works internally.

#SpringSecurity Part 2 : Securing Web-services with Spring (Basic, In-Memory and JDBC Authentication)

ALSO CHECK: Spring Interview Questions and Answers

How can we implement basic authentication in Spring?
For this let us create a Spring Starter Project titled 'BasicAuthentication' from STS, this project has only Spring Web dependency.

#SpringSecurity Part 2 : Creating a simple Spring security project (Basic Authentication)

In the Part 1 of #SpringSecurity tutorial, I explained the difference between Authentication and Authorization. Now let's see how can we implement basic authentication in Spring.