Spring VS config

1. Spring Framework The Spring Framework is a popular Java framework used for building enterprise-level applications. This repository contains the source code for the framework and related projects such as Spring Boot and Spring Security. https://github.com/spring-projects/spring-framework

This interface is a simplified version of real caching abstractions from Java technologies such as the ones from Spring or JCache (JSR-107). Both are part of quite complex solutions, having more generic types and different capabilities. Also, annotations would be preferred to using Cache directly in most Java applications.

Cross-post: Controller code using Unconfined Dispatcher #32032

Mitre really lost a lot of respect with CVE-2016-1000027. Every few weeks a warning that any SpringBoot 2.x project has a CVSS 9.8, which causes all sorts of heartache for those of us bound to CVE remediation. Every blasted security tool reports this one. Spring reviewed and rejected, as did our very, very large organization. Comically, this has become the CVE we use to see how our tools allow us to white/black list entries.

Thank god Spring dropped this interface in the Framework 6.x / Boot 3.x release, and the end for non-commercial support is this year for the old stuff.

https://github.com/spring-projects/spring-framework/issues/2...

Referring to https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/bind/annotation/GetMapping.java, the value could have got assigned to any of the other members like name, path, params, etc. Is there any logic involved that enables the single value passed to the GetMapping annotation to be assigned to the value member?

This one. In short, JMS listeners stopped working randomly (of course only on Saturdays, and only under load), but at first we didn't know that and suspected the message broker at fault. We had quite extensive logging, but no observability on the broker. Can't remember all the details, but eventually we figured out it was the listener container, and I could reproduce it after debugging deeply into Spring code during a load test.

GitHub Stars: 51 K GitHub Link: https://github.com/spring-projects/spring-framework

It still has, but it is more of "imaginary" one (https://github.com/spring-projects/spring-framework/issues/24434).

I don‘t understand why HOCON (https://github.com/lightbend/config/blob/main/HOCON.md) isn‘t used more often (at least for configuration use cases). It‘s a superset of JSON, has comments, multiline strings, optional quotes, replacement syntax. We use it at many places, and it‘s as nice at it can get.

HOCON is a great human-readable alternative to JSON. It's a superset of JSON with lots of cool features that make it both more readable and easier to use.

Here's a rundown of HOCON's main features: https://github.com/lightbend/config#features-of-hocon

"Typesafe Config" is the library generally used to read configuration files in HOCON format, which this library introduced. It's commonly used in essentially OOP/imperative Scala contexts, including Akka and its ecosystem.

Interesting!

For my own servers I use an internal tool that integrates apps with systemd. You point it at the output of your build system and a config file, and it produces a deb that contains systemd unit files and which registers/starts the server on install/reboot/upgrade, as a regular debian package would. Then it uploads it to the server via sftp and installs it using apt, so dependencies are resolved. As part of the build process it can download and bundle language runtimes (I use it with a JVM), it scans native binaries to find packages that the app should depend on, and you can define your config including package metadata like dependencies and systemd units using the HOCON language [1].

Upshot is you can go from a Gradle or Maven build to a running server with a few lines of config. Oh and it can build debs from any OS, so you can push from macOS and Windows too. If your server needs to depend on e.g. Postgres, you just add that dependency in your config and it'll be up and running after the push.

It also has features to turn on DynamicUser and other sandboxing features. I think I'll experiment with socket activation next, and then bundled BorgBackup.

Net/net it's pretty nice. I haven't tried with containers because many language ecosystems don't seem to really need them for many use cases. If your build tool knows how to download your language runtime and bundle it sans container by just setting up paths correctly, then going without means you can rely on your Linux distribution to keep things up to date with security patches in the background, it means networking works as you'd expect (no accidentally opened firewall ports!) and so on. SystemD knows how to configure resource isolation/cgroups and kernel sandboxing, so if you need those you can just write that into your build config and it's done. Or not, as you wish.

With a deployment tool to automate builds/pushes, systemd to supervise processes and a big beefy dedicated machine to let you scale up, I wonder how much value the container part is really still providing if you don't need the full functionality of Kubernetes.

[1] https://github.com/lightbend/config/blob/main/HOCON.md

Other similar standards: TOML, HOCON

I've also used HOCON pretty extensively for config, and it is better than both YAML and JSON for config with moderate to high complexity.