SivaLabs

Spring Boot 3.1.0 introduced support for Testcontainers to simplify local development and testing. Testcontainers helps in writing tests using real dependencies instead of mocks, but it may also increase the test execution time. In this article, I will share some insights on how to reduce test execution time while using Testcontainers. Sample Spring Boot application Let’s assume you have created a Spring Boot project using Spring Initializr by selecting Spring Web, Spring Data JPA, PostgreSQL, Flyway and Testcontainers.

If you ever worked with Spring Boot, then you are probably aware of Spring Initializr. The Spring Initializr is a web application that you can use to create a Spring Boot application. Do you know Spring Initializr itself is an open-source Spring Boot application? You can fork it, customize it, deploy on your infrastructure and use it to generate Spring Boot applications. The next question would be what kind of customizations I can do?

Spring Boot is the most popular framework in the Java world to build enterprise applications. Also, Spring Boot is the most sought-after skill to get hired as a Java developer. Here is my recommended approach to learn Spring Boot. 1. Prerequisites: What you should already know If you are completely new to Java, then directly jumping on to Spring Boot is NOT recommended. First, learning Core Java and get familiar with Java ecosystem.

Typically, in Spring Boot + Thyemleaf applications, we use thymeleaf-layout-dialect to define the common layout of the web pages and it works fine. But when we compile the Spring Boot application to GraalVM native image, it is failing due to this error. I tried many suggestions mentioned in the above issue, but none of them worked for me. Then Oliver Drotbohm suggested me Flexible layouts approach to create layouts support natively provided by Thymeleaf itself.

In this article, we will learn how to implement Service to Service Communication using Client Credentials Flow. We will create the archival-service in which we will use a scheduler job to invoke the messages-service APIs to archive the messages. For implementing this, we will use Client Credentials Flow. We will also implement POST /api/messages/archive API endpoint in archival-service which can only be called by users who have ROLE_ADMIN role. Considering this, archival-service will act as a Resource Server and as a Client too.

In the previous articles, we have created messages-webapp and messages-service and invoked API endpoints using Postman. In this article, we will learn how to invoke the secured messages-service API endpoints from the Client application messages-webapp. Source Code: You can find the complete source code of this project on GitHub: https://github.com/sivaprasadreddy/spring-security-oauth2-microservices-demo Show List of Messages As GET /api/messages API endpoint in messages-service is publicly accessible, we can invoke it from messages-webapp without any authentication.

In the previous article, we have created messages-webapp and secured it with Spring Security OAuth 2.0 using Authorization Code Flow. In this article, we will create messages-service, which is a Spring Boot Resource Server, and secure it with Spring Security OAuth 2.0. Source Code: You can find the complete source code of this project on GitHub: https://github.com/sivaprasadreddy/spring-security-oauth2-microservices-demo Create messages-service You can generate messages-service using Spring Initializr by clicking on this link.

In this article, we will create messages-webapp which is a Spring MVC + Thymeleaf web application and secure it with Spring Security OAuth 2.0 using Keycloak. Source Code: You can find the complete source code of this project on GitHub: https://github.com/sivaprasadreddy/spring-security-oauth2-microservices-demo Setup Keycloak using Docker Compose In the previous article, we have already seen how to setup Keycloak using Docker Compose. Create docker-compose.yml file with the following content: version: '3.8' name: spring-security-oauth2-microservices-demo services: keycloak: image: quay.

In the previous articles, we have learned about various OAuth 2.0 / OpenID Connect flows using web browser, cURL and Postman. Now it’s time to put what we have learned into practice. What better way to do that than to build a sample project? While implementing OAuth 2.0 / OpenID Connect based security using a Security framework like Spring Security, many activities are performed by the framework under the hood. It is important to understand what is happening under the hood so that we can use the framework effectively.

In the Part 4: OAuth 2.0 Authorization Code Flow with PKCE, we learned how to acquire access_token using Authorization Code Flow with PKCE. In this article, we will explore how to use Implicit Flow and Resource Owner Password Credentials Flow. IMPORTANT The Implicit Flow and Resource Owner Password Credentials Flow are DEPRECATED. Unless you have a good reason, you shouldn’t be using them. Implicit Flow The Implicit Flow is a kind of shorter version of Authorization Code Flow where you will be directly getting access_token using authorization_endpoint itself.