Spring Security
micrometer
Our great sponsors
Spring Security | micrometer | |
---|---|---|
10 | 4 | |
8,406 | 4,329 | |
1.6% | 1.3% | |
9.9 | 9.8 | |
7 days ago | 4 days ago | |
Java | Java | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spring Security
-
Spring Security private_key_jwt with AWS KMS
Spring security has long had great OAuth2.0 support from both the server and client elements. Recently spring security added support for the private_key_jwt client authentication method as part of the authorization code grant flow. Spring Security GitHub ref
- Issue since upgrading to Spring Boot 3 - 2: cannot access H2-console
-
Spring with java vs Spring with kotlin
To be fair there were quite some unexpected surprises in the past with Spring and Kotlin (e.g. the Cachable annotation did not work with suspend functions, not all Spring security annotations were supported with coroutines), but most of them were ironed out already.
-
Spring Security WebSecurityConfigurerAdapter deprecated
They recently updated all the examples in the javadocs if you wanna bump your Spring Security version to 5.7.3 (see here). Otherwise the reference docs all reflect the non-deprecated approach that uses SecurityFilterChain and supporting beans.
-
๐ Spring Boot 2.7.0 Released
Spring Security 5.7
-
Spring Security without the WebSecurityConfigurerAdapter
Since Spring Security 5.7.0-M2 the use of WebSecurityConfigurerAdapter was deprecated (link to GitHub - https://github.com/spring-projects/spring-security/issues/10822) to move to component-based security configuration.
-
Spring Reactive Oauth2 Webclient not using configured proxy
When i start the flow, no proxy is used and even the WebClient is not used to get access token. And i get a timeout exception for that. The same issue was discussed in Github: https://github.com/spring-projects/spring-security/issues/8966
-
How to ignore Url from Once per request filter
You can extract (and validate) the JWT token into the Principal by implementing the getPreAuthenticatedPrincipal method, and map the claims to user details by providing through a custom implementation of AuthenticationUserDetailsService.
-
Dynamically updating user roles.
Or, maybe simpler, is to create your own filter and add it after the SecurityContextPersistenceFilter. Here, just recreate the authentication token from the database, which is what token based authentication does (token based authentication has to preauthenticated authentication from the token for the actual user authentication with the user details).
micrometer
-
How to Store Spring Boot Application Metrics in InfluxDB
In this tutorial, you'll learn how to build a Java web application with Spring Boot that collects metrics via the Micrometer library and automatically sends them to an instance of InfluxDB, the ideal database for storing this type of data.
-
Introduction to Spring Scheduled and monitoring the task with Spring Actuator ๏ธ๐๏ธ๐๏ธ
If you want to visualize Spring Actuator and monitor your applicationโs performance simultaneously, use Micrometer (maybe I will share about this in another time).
-
Vendor lock-in is in the small details
I've bounced around Splunk, New Relic, Sentry and Datadog over the years. Most recently, I was working with Java and used the open source Vendor-neutral application observability facade Micrometer[1] to test out and confirm which APM we wanted to go with.
[1] https://micrometer.io
-
๐ Spring Boot 2.7.0 Released
Micrometer 1.9
What are some alternatives?
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
zipkin - Zipkin is a distributed tracing system
Bouncy Castle - Bouncy Castle Java Distribution (Mirror)
cache2k - Lightweight, high performance Java caching
Apache Shiro - Apache Shiro
tracing - Provides tracing abstractions over tracers and tracing system reporters.
jCasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Java
signoz - SigNoz is an open-source observability platform native to OpenTelemetry with logs, traces and metrics in a single application. An open-source alternative to DataDog, NewRelic, etc. ๐ฅ ๐ฅ. ๐ Open source Application Performance Monitoring (APM) & Observability tool
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
leakcanary - A memory leak detection library for Android.
jjwt - Java JWT: JSON Web Token for Java and Android
elasticsearch-mapper-attachments - Mapper Attachments Type plugin for Elasticsearch