Swagger2 is an open source project used to generate the REST API documents for RESTful web services. It provides a user interface to access our RESTful web services via the web browser.
To enable the Swagger2 in Spring Boot application, you need to add the following dependencies in our build configurations file.
To enable the Swagger 2 we use the annotation @EnableSwagger2 in our SpringBoot Applivation class.
A Docket bean is defined and using its select() method we get an instance of ApiSelectorBuilder. ApiSelectorBuilder we configure the endpoints exposed by Swagger.
After the Docket bean is defined, its select() method returns an instance of ApiSelectorBuilder, which provides a way to control the endpoints exposed by Swagger.
Using the RequestHandlerSelectors and PathSelectors we configure the predicates for selection of RequestHandlers.
These are the only changes required. Now go to http://localhost:8080/swagger-ui.html. We will see the documentation for the exposed API as follows-
In this tutorial, we will be developing a Spring Boot application that makes use of JWT authentication for securing an exposed REST API. In this example, we will be making use of hard-coded user values for user authentication.
Any user will be able to consume this API only if it has a valid JSON Web Token (JWT).
Develop a Spring Boot application that exposes a simple REST GET API with mapping /welcome.
Configure Spring Security for JWT. Expose REST POST API with mapping /token using which User will get a valid JSON Web Token. And then, allow the user access to the API /welcome only if it has a valid token.
The Maven project will look as follows:
Spring Security and JWT Configuration
We will be configuring Spring Security and JWT for performing 2 operations-
Generating JWT — Expose a POST API with mapping /token. On passing correct username and password it will generate a JSON Web Token(JWT)
Validating JWT — If user tries to access GET API with mapping /welcome. It will allow access only if request has a valid JSON Web Token(JWT).
The sequence flow for these operations will be as follows-
Generating JWT
Validating JWT
Add the Spring Security and JWT dependencies
The secret key is combined with the header and the payload to create a unique hash. We are only able to verify this hash if you have the secret key.
jwt.secret=java
JwtUtil
The JwtUtil is responsible for performing JWT operations like creation and validation.It makes use of the io.jsonwebtoken.Jwts for achieving this.
JWTUserDetailsService
JWTUserDetailsService implements the Spring Security UserDetailsService interface. It overrides the loadUserByUsername for fetching user details from the database using the username. The Spring Security Authentication Manager calls this method for getting the user details from the database when authenticating the user details provided by the user. Here we are getting the user details from a hardcoded User List. Also the password for a user is stored in encrypted format using BCrypt.
JwtAuthenticationController
Expose a POST API /authenticate using the JwtAuthenticationController. The POST API gets username and password in the body- Using Spring Authentication Manager we authenticate the username and password.If the credentials are valid, a JWT token is created using the JWTTokenUtil and provided to the client.
JwtRequest
This class is required for storing the username and password we recieve from the client.
JwtResponse
This is class is required for creating a response containing the JWT to be returned to the user.
JwtRequestFilter
The JwtRequestFilter extends the Spring Web Filter OncePerRequestFilter class. For any incoming request this Filter class gets executed. It checks if the request has a valid JWT token. If it has a valid JWT Token then it sets the Authentication in the context, to specify that the current user is authenticated.
JwtAuthenticationEntryPoint
This class will extend Spring’s AuthenticationEntryPoint class and override its method commence. It rejects every unauthenticated request and send error code 401
WebSecurityConfig
This class extends the WebSecurityConfigurerAdapter is a convenience class that allows customization to both WebSecurity and HttpSecurity.
Start the Spring Boot Application
Generate a JSON Web Token -
Create a POST request with url localhost:9191/token. Body should have valid username and password. In our case username is "amir" and password is "amir123".
Validate the JSON Web Token
- Try accessing the url localhost:9191/welcome using the above generated token in the header as follows
In Java, strings are special. Java gives some special attention to string types that no other types enjoy such attention. For example, to create the string objects you need not to use ‘new‘ keyword. Where as to create other type of objects you have to use ‘new’ keyword. Like this, strings enjoy some special attention by the java. This attention is worth the while, because the strings are used almost everywhere while developing any kind of applications.
While storing the string objects in the memory also, they are specially treated by the Java. After reading this article, you will come to know how they are specially treated in the memory.
We all know that JVM divides the allocated memory to a Java program into two parts. one is Stack and another one is heap. Stack is used for execution purpose and heap is used for storage purpose. In that heap memory, JVM allocates some memory specially meant for string literals. This part of the heap memory is called String Constant Pool.
Whenever you create a string object using string literal, that object is stored in the string constant pool and whenever you create a string object using new keyword, such object is stored in the heap memory.
For example, when you create string objects like below, they will be stored in the String Constant Pool.
String s1 = "abc";
String s2 = "xyz";
String s3 = "123";
String s4 = "A";
And when you create string objects using new keyword like below, they will be stored in the heap memory.
String s5 = newString("abc");
char[] c = {'J', 'A', 'V', 'A'};
String s6 = newString(c);
String s7 = newString(newStringBuffer());
This is how String Constant Pool looks like in the memory.
One more interesting thing about String Constant Pool is that, pool space is allocated to an object depending upon it’s content. There will be no two objects in the pool having the same content.
This is what happens when you create string objects using string literal,
“When you create a string object using string literal, JVM first checks the content of to be created object. If there exist an object in the pool with the same content, then it returns the reference of that object. It doesn’t create new object. If the content is different from the existing objects then only it creates new object.”
But, when you create string objects using new keyword, a new object is created whether the content is same or not.
This can be proved by using “==” operator. As “==” operator returns true if two objects have same physical address in the memory otherwise it will return false. In the below example, s1 and s2 are created using string literal “abc”. So, s1 == s2 returns true. Where as s3 and s4 are created using new operator having the same content. But, s3 == s4 returns false.
publicclassStringExamples
{
publicstaticvoidmain(String[] args)
{
//Creating string objects using literals
String s1 = "abc";
String s2 = "abc";
System.out.println(s1 == s2); //Output : true
//Creating string objects using new operator
String s3 = newString("abc");
String s4 = newString("abc");
System.out.println(s3 == s4); //Output : false
}
}
In simple words, there can not be two string objects with same content in the string constant pool. But, there can be two string objects with the same content in the heap memory.
