Introduction to Spring Boot

Spring Boot is another module provided by Spring Framework which provides RAD (Rapid Application Development) feature to Spring framework. Using boot, we can create standalone Spring based application that you can “just run” in no time and Most Spring Boot applications need very little Spring configuration and it does not require any XML configuration. It uses convention over configuration software design paradigm that means it decrease the effort of developer.

Why Spring Boot?

As we know Spring framework provides flexibility to configure the beans in multiple ways such as XML, Annotations and JavaConfig. With the number of features increased the complexity also gets increased and configuring Spring applications becomes tedious and error-prone.

Spring Boot:

·         Ease the dependency Management, Java-based applications Development, Unit Test and Integration Test Process.

• Eg: By adding springboot-starter-web dependency to pom.xml file will pull by default all the commonly used libraries such as spring-webmvc, jackson-json, validation-api and tomcat into your Spring MVC applications.
• Do the Auto Configuration
• Eg: By Adding above dependency will adds all these libraries but also configures the commonly registered beans like DispatcherServlet, ResourceHandlers, MessageSource etc beans with sensible defaults. Will see JDBC configuration blog in next blog.
• Support for Embedded Servlet (Tomcat, Jetty )
• It provides Embedded HTTP servers like Tomcat, Jetty etc. to develop and test our web applications very easily.
• Easy to develop Spring Based applications with Java or Groovy and it reduces lots of development time and increases productivity. It also avoids writing lots of boilerplate Code, Annotations and XML Configuration.
• Easy to integrate Spring Boot Application with its Spring Ecosystem like Spring-jdbc, Spring-orm, Spring-data-jpa, Spring security etc.

Spring Boot Components

·         Spring Boot Starter

• Spring boot starter are just JAR Files or set of convenient dependency descriptors which we can include in our application to makes development easier and faster. It follows a naming pattern like: spring-boot-starter-*, where * is a particular type of application. This naming structure is intended to help when you need to find a starter. For example, if we want to get started using Spring and JPA for database access, just include the spring-boot-starter-data-jpa dependency in your project.

·        Spring Boot AutoConfigurator

·   It used by Spring Boot Framework to provide “Auto-Configuration. It attempts to automatically configure your Spring application based on the jar dependencies that you have added. For example, If HSQLDB is on your classpath, and you have not manually configured any database connection beans, then we will auto-configure an in-memory database.

·      You need to opt-in to auto-configuration by adding the @EnableAutoConfiguration or @SpringBootApplication annotations to one of your @Configurationclasses.

·        Spring Boot Actuator

·         It is used to expose different types of information about the running application – health, metrics, info, dump, env etc.

·         We can choose to manage and monitor our application using HTTP endpoints, with JMX or even by remote shell (SSH or Telnet). Auditing, health and metrics gathering can be automatically applied to your application.

·         To start using the existing actuators in Boot – we’ll just need to add the spring-boot-actuator dependency to the pom:

<dependency>

    <groupId>org.springframework.boot</groupId>

    <artifactId>spring-boot-starter-actuator</artifactId>

    <version>1.4.2.RELEASE</version>

</dependency>

·        Spring Boot CLI

·         Tool to run and test Spring Boot applications from command prompt. When we run Spring Boot applications using CLI, then it internally uses Spring Boot Starter and Spring Boot AutoConfigurate components to resolve all dependencies and execute the application.

·         It internally contains Groovy and Grape (JAR Dependency Manager) to add Spring Boot Defaults and resolve all dependencies automatically.

·        Spring Boot Initilizr

·         It is a web tool which is provided by Spring on official site using which Spring Boot project can be created by providing project details. Check here in depth details.

That’s it all about Spring Boot Framework. Will add few more blogs for depth details.

Shibboleth Idp with External Authn Configuration

Shibboleth Idp comes with by default various flows like UsernamePassword, Mfa, X509, Kerberos, Spengo and various others flow but today I am going to discuss in details about one more flow which is also provided by Shibboleth Idp itself i.e External Flow

Use case:

Shibboleth Idp supports external Authn flow using which specific requirement can be fulfilled like your authentication database resides at some other location or some other servlet will do the authentication on the Idp’s behalf like authentication should be done at Facebook or Google side. All such scenario can be easily handled using External Authn flow.

Shibboleth team has already created document for the same which you can read it over here. I am writing this document to explain it in more details with example.

There are few predefined steps that we need to follow to add new custom flow in Shibboleth Idp as per Shibboleth guidelines. Let’s assume we have to create new flow named “Authn/Custom” in Shibboleth Idp. 

Here are the steps:

• Copy opt\shibboleth-idp\conf\authn\ external-authn-config.xml and change it to custom-authn-config.xml and keep it under the same directory i.e. “opt\shibboleth-idp\conf\authn”.
•  Replace all ‘External’ with ‘Custom’ in  custom-authn-config.xml file like 

<bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"

        c:_0="contextRelative:Authn/External" />                               

                                                TO

<bean id="shibboleth.authn.Custom.externalAuthnPath" class="java.lang.String"

        c:_0="contextRelative:Authn/Custom" />

• Copy files from system to flow folder:

            cp system/flows/authn/external-authn-flow.xml flows/authn/Custom/Custom-flow.xml

            cp system/flows/authn/external-authn-beans.xml flows/authn/Custom/Custom-beans.xml

           Note: Make sure the name of the folder should be same as flow name. over here it is Custom  and Replace all ‘External’ with ‘Custom’ and edits the correct path too in both files.

• Create a java project and create new Servlet CustomAuthnFlowServlet”. Servlet should contain final String key= ExternalAuthentication.startExternalAuthentication(httpRequest) and ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse) and the authentication logic should be added between this statement and If you are doing any redirect then make sure you should persist the key as startExternalAuthentication & finishExternalAuthentication require the same key.

One more point principal should be set as httpRequest.setAttribute(ExternalAuthentication.PRINCIPAL_NAME_KEY, username) if you want to retrieve at Shibboleth SP side and in case of error mapped it with AUTHENTICATION_ERROR_KEY. httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AUTHN_EXCEPTION);

                            

•  Add new Servlet mapping to web.xml file of Shibboleth Idp.

             

•  Add your custom exception that we have created in our Servlet in  opt\shibboleth-idp\conf\authn\authn-events-flow.xml.

                   

•  Add below snippet to opt\shibboleth-idp\conf\errors.xml

<entry key="CustomException" value-ref="shibboleth.SAML2Status.AuthnFailed" />

        <entry key="AnotherException" value-ref="shibboleth.SAML2Status.AuthnFailed" />

Note: Map your Exception to correct value-ref as incase of error Idp will send this error Response to Shibboleth SP.

• Register Custom Auth flow in conf/authn/external-authn-config.xml

                

• Set idp.authn.flows as Custom (idp.authn.flows=Custom)
• We can retrieve Principal at Shibboleth IdP side by adding below snipped in attribute-resolver.xml.

We are done here. Restart Shibboleth and hit target URL and you will see the SSO happening using your custom flow. Please feel free to comment or mail me for any queries.

Happy Coding!!!

Default and Static methods in Java8

Java 8 introduces a new concept of default and static method implementation in interfaces. Before Java 8, interfaces could have only abstract methods but now It allows the interfaces to have methods with implementation without affecting the classes that implement the interface and provides backward comparability so that existing interfaces can use the lambda expressions without implementing the methods in the implementation class.

Eg: Now List or Collection has forEach method declaration which is only possible because of default declaration. 

Default Method:

The default methods are also known as defender methods or virtual extension methods and are defined inside the interface and tagged with default. These methods are non-abstract methods.

What about Multiple Inheritance?

As we know adding method definitions in interfaces can add ambiguity in multiple Inheritance and if a java class implement multiple interfaces and each interface can define default method with same method signature, then the inherited methods can conflict with each other.

Let’s create another interface with same default method, in below image you can see that AnotherInterface also has default method multiply.

Java 8 handle this issue at Compile type as it will result in a compilation error and can be resolved by overriding the default method or by implementing class should explicitly specify which default method is to be used.

Static Method:

An interface can also have static helper methods from Java 8 onwards and it is similar to default method except that we can’t override them in the implementation classes.

Difference between default methods and abstract class

·         Abstract class can hold state of an object. It can have constructors and member variables.

·         interfaces with Java 8 default methods cannot hold state. It cannot have constructors and member variables.

·         You should still use Abstract class whenever you think your class can have state or you need to do something in a constructor.

·         Default method should be used for backward compatibility. Whenever you want to add additional functionality in an existing legacy interface you can use default methods without breaking any existing implementor classes. 

   
      You can download the source code from GitHub.

 
Happy Learning!!