実例で学ぶ、明日から使えるSpring Boot Tips #jsug

‹#›© 2016 Pivotal Software, Inc. All rights reserved. ‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Spring Boot Tips
Toshiaki Maki (@making)
tmaki@pivotal.io
Spring 2017 Feb
2017-02-27

© 2016 Pivotal Software, Inc. All rights reserved.
Who am I ?
• Toshiaki Maki (@making) https://ik.am
• Sr. Solutions Architect @Pivotal
• Spring ☘ / Cloud Foundry ☁ / Concourse ✈ / BOSH 🐚
bit.ly/hajiboot2

Spring Boot is ....
• Opinionated Framework on Spring Ecosystem

Spring Boot is ....
• Opinionated Framework on Spring Ecosystem
Spring Boot Way

https://goo.gl/Ey1y3X
https://github.com/openenquete/enquete

enquete.jar
Thymeleaf
SpringData
JPA
Spring Data REST
Spring MVC
MySQL
SpringSecurity
OAuth
Cloud Foundry

enquete.jar
Thymeleaf
SpringData
JPA
Spring Data REST
Spring MVC
MySQL
SpringSecurity
OAuth
Cloud Foundry
AJAX / REST

enquete.jar
Thymeleaf
SpringData
JPA
Spring Data REST
Spring MVC
MySQL
SpringSecurity
OAuth
Cloud Foundry
AJAX / REST
GitHub

Error
Spring Data REST
CSRF
@EnableOAuth2Sso
@ConditionalOnProperty
Configuration Properties
Spring Boot Actuator
Cloud Foundry Integration

Error

Error
org.springframework.boot.autoconfigure.web.DefaultErrorViewResolver
src/main/resources
/static/error/403.html
404.html
40x.html
500.html
50x.html

Error
org.springframework.boot.autoconfigure.web.DefaultErrorViewResolver
src/main/resources
/templates/error/403.<ext>
404.<ext>
40x.<ext>
500.<ext>
50x.<ext>

<table th:if="${@environment.acceptsProfiles('default')}"> 
<tr>
<th>Status</th><td th:text="${status}"></td>
</tr> 
<tr>
<th>Error</th><td th:text="${error}"></td>
</tr> 
<tr>
<th>Exception</th><td th:text="${exception}"></td>
</tr> 
<tr>
<th>Message</th><td th:text="${message}"></td>
</tr> 
</table>

<table th:if="${@environment.acceptsProfiles('default')}"> 
<tr>
<th>Status</th><td th:text="${status}"></td>
</tr> 
<tr>
<th>Error</th><td th:text="${error}"></td>
</tr> 
<tr>
<th>Exception</th><td th:text="${exception}"></td>
</tr> 
<tr>
<th>Message</th><td th:text="${message}"></td>
</tr> 
</table>
profile default
disabled

<table th:if="..."> 

<tr th:if="${trace}">
<th>Trace</th>
<td><pre th:text="${trace}"></pre></td>
</tr>

<table th:if="..."> 

<tr th:if="${trace}">
<th>Trace</th>
<td><pre th:text="${trace}"></pre></td>
</tr> 
server.error.include-stacktrace=always
application-default.properties

@ControllerAdvice(annotations = Controller.class) 
public class ErrorControllerAdvice { 
@ExceptionHandler(NoSuchElementException.class) 
@ResponseStatus(HttpStatus.NOT_FOUND) 
public String noSuchEelemtException() { 
return "error/404"; 
} 
}

@Autowired Environment env;
 
@ExceptionHandler(NoSuchElementException.class) 
@ResponseStatus(HttpStatus.NOT_FOUND) 
public String ex(NoSuchElementException e,
Model model) {
addErrors(e, HttpStatus.NOT_FOUND, model); 
return "error/404"; 
}

void addErrors(Exception e, HttpStatus status,
Model model) {
if (env.acceptsProfiles("default")) { 
StringWriter stackTrace = new StringWriter(); 
e.printStackTrace(new PrintWriter(stackTrace)); 
stackTrace.flush(); 
model.addAttribute("status", status.value()); 
model.addAttribute("error", status.getReasonPhrase()); 
model.addAttribute("exception", e.getClass()); 
model.addAttribute("message", e.getMessage()); 
model.addAttribute("trace", stackTrace.toString()); 
} 
}

Profile
• java -jar app.jar --spring.profiles.active=prod
• java -jar -Dspring.profiles.active=prod app.jar
• export SPRING_PRPFILES_ACTIVE=prod
Cloud Foundry
cloud

Spring Data REST REST API
<dependency> 
<groupId>org.springframework.boot</groupId> 
<artifactId>spring-boot-starter-data-rest</artifactId> 
</dependency>

public interface FooRepository
extends CrudRepository<Foo, Long> {
 
}
Repository --> REST API

extends CrudRepository<Foo, Long> {
 
}
GET /foos
POST /foos
GET /foos/{fooId}
PUT /foos/{fooId}
DELETE /foos/{fooId}
PATCH /foos/{fooId}
...

extends PagingAndSortingRepository<Foo, Long> {
 
}

 
}
GET /foos?page={page}
&size={size}&sort={sort}
...

List<Foo> findByName(String name); 
}

List<Foo> findByName(String name); 
}
GET /foos/search/findByName?name={name}
...

extends Repository<Foo, Long> {
@RestResource(exported = false)
List<Foo> findBySeminarId(Long seminarId);
Optional<Foo> findOne(Long id);
void save(Foo foo);  
}

extends Repository<Foo, Long> {
@RestResource(exported = false)
List<Foo> findBySeminarId(Long seminarId);
Optional<Foo> findOne(Long id);
void save(Foo foo);  
} GET /foos/{id}
POST /foos

RepositoryEventHandler
Traditional
Spring Data REST
Controller Service Repository
Repository EventHandler

@RepositoryEventHandler @Component
public class UsernameEventHandler {
@HandleReforeCreate
void setUsername(UsernameHolder holder) {
String username = SecurityContextHolder
.getContext().getAuthentication()
.getName();
holder.setUsername(username);
} 
}

@RepositoryEventHandler @Component
public class UsernameEventHandler {
@HandleReforeCreate
void setUsername(UsernameHolder holder) {
String username = SecurityContextHolder
.getContext().getAuthentication()
.getName();
holder.setUsername(username);
} 
}
UserHolder
username

Bean Validation
@Configuration public class RestConfig
extends RepositoryRestConfigurerAdapter {
private final Validator vldtr;
/* constructor */
@Override
public void configureValidatingRepositoryEventListener(...) {
lstnr.addValidator("beforeCreate", vldtr);
lstnr.addValidator("beforeSave", vldtr);
}
}

Bean Validation
@Configuration public class RestConfig
extends RepositoryRestConfigurerAdapter {
private final Validator vldtr;
/* constructor */
@Override
public void configureValidatingRepositoryEventListener(...) {
lstnr.addValidator("beforeCreate", vldtr);
lstnr.addValidator("beforeSave", vldtr);
}
}
{
"errors": [{
"entity": "ResponseForSession",
"property": "difficulty",
"invalidValue": null,
"message": "may not be null"
}, {
"entity": "ResponseForSession",
"property": "satisfaction",
"invalidValue": null,
"message": "may not be null"
}
]
}

Traditional
Spring Data REST
@Transactional

Traditional
Spring Data REST
@Transactional
RepositoryEntity
Controller

Traditional
Spring Data REST
@Transactional
RepositoryEntity
Controller
AOP

• https://blog.ik.am/entries/403

CSRF
• Spring Security CSRF
• Ajax / SPA

CSRF
• Ajax / SPA
public class SecurityConfig
extends WebSecurityConfigurerAdapter { 
@Override 
protected void configure(HttpSecurity http)
throws Exception { 
http.csrf().disable()/* ... */;
}
}

CSRF
• Ajax / SPA
extends WebSecurityConfigurerAdapter { 
@Override 
http.csrf().disable()/* ... */;
}
}
🙅

$.post('/user', {
firstName: 'Fred',
lastName: 'Flintstone',
_csrf: $('input[name=_csrf]').val()
});
$(document).ajaxSend(function(e, xhr, options) {
var token = $('input[name=_csrf]').val();
xhr.setRequestHeader('X-CSRF-TOKEN', token);
});
OR

I don't like jQuery 😟

extends WebSecurityConfigurerAdapter {
@Override 
http./* ... * /and().csrf() 
.csrfTokenRepository(
CookieCsrfTokenRepository
.withHttpOnlyFalse()); 
} 
}

HTTP (_csrf) HTTP
(X-CSRF-TOKEN) CSRF HTTP
( )

HTTP (_csrf) HTTP
(X-CSRF-TOKEN) CSRF HTTP
( )
HTTP (_csrf) HTTP
(X-XSRF-TOKEN) CSRF
Cookie(name=XSRF-TOKEN, httpOnly)

Axios
• https://github.com/mzabriskie/axios
• node.js Promise HTTP
• XSRF-TOKEN Cookie HTTP
X-XSRF-TOKEN (AngularJS )

Axios
• https://github.com/mzabriskie/axios
• node.js Promise HTTP
• XSRF-TOKEN Cookie HTTP
X-XSRF-TOKEN (AngularJS )
axios.post('/response_for_seminar', {
comment: 'Great!',
request: 'Sushi!'
})
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
});

OAuth2 SSO with GitHub
<dependency> 
<groupId>org.springframework.cloud</groupId> 
<artifactId>spring-cloud-starter-oauth2</artifactId> 
</dependency>

Authorization Code
(grant_type=authorization_code)
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)

Authorization Code
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)
authorize

Authorization Code
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)
authorize
redirect

Authorization Code
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)
authorize
redirect
code

Authorization Code
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)
authorize
redirect
code
code

Authorization Code
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)
authorize
redirect
code
code
token

Authorization Code
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)
authorize
redirect
code
code
token
token

Authorization Code
Authorization
Server (GitHub)
Web UI
Resource
Server (GitHub API)
authorize
redirect
code
code
token
token
response

@EnableOAuth2Sso
@SpringBootApplication
@EnableOAuth2Sso 
public class EnqueteApplication { 
public static void main(String[] args) { 
SpringApplication.run(EnqueteApplication.class,
args); 
}
}

security.oauth2.client.client-id=xxxxx
security.oauth2.client.client-secret=xxxxx
security.oauth2.client.access-token-
uri=https://github.com/login/oauth/access_token
security.oauth2.client.user-authorization-
uri=https://github.com/login/oauth/authorize 
security.oauth2.resource.user-info-uri=https://
api.github.com/user

PrincipalExtractor / AuthoritiesExtractor
public interface PrincipalExtractor { 
Object extractPrincipal(Map<String, Object> map);
}
public interface AuthoritiesExtractor { 
List<GrantedAuthority>
extractAuthorities(Map<String, Object> map);
}

public EnqUserPrincipalExtractor
implements AuthoritiesExtractor {
@Override 
Object extractPrincipal(Map<String, Object> map){
return new EnqUser(map.get("name"),
map.get("email"),
map.get("avatar_url"));
}
}

public EnqUserPrincipalExtractor
implements AuthoritiesExtractor {
@Override 
Object extractPrincipal(Map<String, Object> map){
return new EnqUser(map.get("name"),
map.get("email"),
map.get("avatar_url"));
}
}
security.oauth2.resource.user-info-uri

public EnqUserAuthoritiesExtractor
implements PrincipalExtractor {
@Override 
extractAuthorities(Map<String, Object> map){
return Arrays.asList(
!"making".equals(map.get("login")) ?
new SimpleGrantAuthority("ROLE_USER") :
new SimpleGrantAuthority("ROLE_ADMIN")
)
}

GitHub OK
Authorization
Server
Web UI
Resource
Server

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize
redirect

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize
redirect
code

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize
redirect
code
code

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize
redirect
code
code
token

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize
redirect
code
code
token
token

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize
redirect
code
code
token
token
response

GitHub OK
Authorization
Server
Web UI
Resource
Server
authorize
redirect
code
code
token
token
response
@EnableAuthorizationServer
@EnableResourceServer

UI SSO
Authorization
Server
Web UI
Resource
ServerAnother Web UI

• https://github.com/Pivotal-Japan/spring-security-oauth-
workshop

public interface UrlShortenerClient { 
String shorten(String longUrl);
}

@ConditionalOnProperty

@Component
@ConditionalOnProperty(name =
"enquete.bitly.access-token")
public BitlyClient
implements UrlShortenerClient {
@Override 
String shorten(String longUrl) {
String token = props.getBitly()
.getAccessToken();
/* ... */
}
}
Bit.ly URL

@Component
@ConditionalOnProperty(name =
"enquete.googl.api-key")
public GooglClient
implements UrlShortenerClient {
@Override 
String shorten(String longUrl) {
String apiKey = props.getGoogl().getApiKey();
/* ... */
}
}
Goo.gl URL

enquete.bitly.access-token=0123456789
enquete.googl.api-key=abcdef
BitlyClient
GooglClient

@Controller
public SeminarController {
final Optional<UrlShortenerClient> shortener; 
@GetMapping("seminars/{seminarId}") 
public String list(...) {
shortener.ifPresent(x -> {
String shorten = x.shorten(url);
model.addAttribute("shorten", shorten);
});
/* ... */
}
}

enquete.bitly.access-token=0123456789

enquete.bitly.access-token=0123456789enquete.googl.api-key=abcdef

@ConfigurationProperties
@ConfigurationProperties(prefix = "enquete")
@Component @Validated
public class EnqProps { 
private Set<String> adminUsers;
private Bitly bitly;
public static class Bitly { 
private String accessToken; 
}
// setter/getter
}

Configuration Processor
<dependency> 
<groupId>org.springframework.boot</groupId> 
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</scope> 
</dependency>

Spring Boot Actuator >= 1.5
• (ROLE_ACTUATOR)
• /info, /health (status )
management.security.enabled=false

Spring Boot Actuator >= 1.5
• (ROLE_ACTUATOR)
• /info, /health (status )
management.security.enabled=false
profile default
disabled

ROLE_ACTUATOR
public EnqUserAuthoritiesExtractor /* ... */ {
@Override 
extractAuthorities(Map<String, Object> map){
return !"making".equals(map.get("login")) ?
asList(new SimpleGrantAuthority("ROLE_USER")) :
asList(new SimpleGrantAuthority("ROLE_ADMIN"),
new SimpleGrantAuthority("ROLE_ACTUATOR"))
}
}

BeansViz
<dependency> 
<groupId>am.ik.beansviz</groupId> 
<artifactId>beansviz-spring-boot-actuator</artifactId> 
<version>0.1.0</version>
</dependency>

BeansViz
<dependency> 
<groupId>am.ik.beansviz</groupId> 
<artifactId>beansviz-spring-boot-actuator</artifactId> 
<version>0.1.0</version>
</dependency>
Actuator /beansviz
/beans Graphviz

Cloud Foundry Integration

• https://blog.ik.am/entries/401

Check Source code!
https://github.com/openenquete/enquete

Spring Cloud Services in PWS
• https://content.pivotal.io/blog/building-spring-microservices-
with-cloud-foundrys-new-container-networking-stack

Check Tutorials!!
•https://github.com/Pivotal-Japan
•https://pivotal-japan.connpass.com/

実例で学ぶ、明日から使えるSpring Boot Tips #jsug

More Related Content

実例で学ぶ、明日から使えるSpring Boot Tips #jsug