Saturday, July 8, 2017

Database access with Spring boot

The simplest way of creating Spring boot with MySQL application is via Spring starter project using STS (Spring Tool Suite) IDE.

  • Create a new project by selecting spring starter project wizard
  • Select project type as Maven, provide project name, packaging, and Java version etc.

  • Select spring boot version and project dependencies

  • After finishing, It will create the project structure with all required dependency.
  • Configure MySQL configuration in file
  • Now, Create the @Entity model (User) which should be persisted in the database. Hibernate will automatically translate entity class into a table.

  • Create the repository ( The Repository interface will be automatically implemented by Spring in a bean with the same name with changing case. For UserRepository, the bean name will be userRepository.

  • To handle HTTP request, Create a Controller class ( having method POST and GET operations.

  • Now run the as a Java application. It will start the tomcat server on default port i.e. 8080
  • Open browser and hit url http://localhost:8080/users

  • As there is no user present into the database that is why we see empty list. Let's add few users using POSTMAN.
  • To add a user, Open Postman and run below http request

  • Congratulations! We've just developed a Spring application which is bound to a MySQL database, Ready for production! Source code can be downloaded from GITHUB.
Happy Coding...!!!

Friday, July 7, 2017

Spring Boot application Example

As we know that there are various ways for creating Spring Boot application. For this sample application, I am going to use STS (Spring Tool Suite) IDE.

  • Create a new project by selecting spring starter project wizard

  • Select project type as Maven, provide project name, packaging, and Java version etc.

  • Select spring boot version and project dependencies

  • After finishing, you can see the project structure as shown below

  • Spring boot generates a Java file in the src/main/java directory, pom.xml file with all required dependency. 

  • To handle HTTP request, Create a Controller class

  • Now run the as a Java application. It will start the tomcat server on default port i.e. 8080

  • Open browser and hit url http://localhost:8080/application

By Default, Application will start on port 8080 but can override by adding server.port to file.

Happy Coding..!!!

What is Spring Boot Initilizr?

Spring Boot Initilizr is a web tool which is provided by Spring on official site using which Spring Boot project can be created by providing project details. It simplifies Spring Applications Development by providing initial project structure and build scripts which reduces development time thus increase productivity.
Steps to create Spring Boot project via initilizr
·        Select Maven project and dependencies. Fill other details as shown below and click on generate project.

·        Download the project, extract and now import this project As Maven by using Import option from the STS (Spring Tool Suite) IDE.
·        After finishing, You can see the project structure as shown below:

·    Spring boot generates a Java file in the src/main/java directory, pom.xml file with all required dependency. The default created Java file is the below.

·    Now run this project by selecting Java Application from run options and you will see the following output.

 Happy Coding…!!!

Introduction to Spring Boot

Spring Boot is another module provided by Spring Framework which provides RAD (Rapid Application Development) feature to Spring framework. Using boot, we can create standalone Spring based application that you can “just run” in no time and Most Spring Boot applications need very little Spring configuration and it does not require any XML configuration. It uses convention over configuration software design paradigm that means it decrease the effort of developer.

Why Spring Boot?

As we know Spring framework provides flexibility to configure the beans in multiple ways such as XML, Annotations and JavaConfig. With the number of features increased the complexity also gets increased and configuring Spring applications becomes tedious and error-prone.
Spring Boot:
·         Ease the dependency Management, Java-based applications Development, Unit Test and Integration Test Process.
    • Eg: By adding springboot-starter-web dependency to pom.xml file will pull by default all the commonly used libraries such as spring-webmvc, jackson-json, validation-api and tomcat into your Spring MVC applications.
  • Do the Auto Configuration
    • Eg: By Adding above dependency will adds all these libraries but also configures the commonly registered beans like DispatcherServlet, ResourceHandlers, MessageSource etc beans with sensible defaults. Will see JDBC configuration blog in next blog.
  • Support for Embedded Servlet (Tomcat, Jetty )
    • It provides Embedded HTTP servers like Tomcat, Jetty etc. to develop and test our web applications very easily.
  • Easy to develop Spring Based applications with Java or Groovy and it reduces lots of development time and increases productivity. It also avoids writing lots of boilerplate Code, Annotations and XML Configuration.
  • Easy to integrate Spring Boot Application with its Spring Ecosystem like Spring-jdbc, Spring-orm, Spring-data-jpa, Spring security etc.

Spring Boot Components

·         Spring Boot Starter

    • Spring boot starter are just JAR Files or set of convenient dependency descriptors which we can include in our application to makes development easier and faster. It follows a naming pattern like: spring-boot-starter-*, where * is a particular type of application. This naming structure is intended to help when you need to find a starter. For example, if we want to get started using Spring and JPA for database access, just include the spring-boot-starter-data-jpa dependency in your project.

·        Spring Boot AutoConfigurator

·   It used by Spring Boot Framework to provide “Auto-Configuration. It attempts to automatically configure your Spring application based on the jar dependencies that you have added. For example, If HSQLDB is on your classpath, and you have not manually configured any database connection beans, then we will auto-configure an in-memory database.
·      You need to opt-in to auto-configuration by adding the @EnableAutoConfiguration or @SpringBootApplication annotations to one of your @Configurationclasses.

·        Spring Boot Actuator

·         It is used to expose different types of information about the running application – health, metrics, info, dump, env etc.
·         We can choose to manage and monitor our application using HTTP endpoints, with JMX or even by remote shell (SSH or Telnet). Auditing, health and metrics gathering can be automatically applied to your application.
·         To start using the existing actuators in Boot – we’ll just need to add the spring-boot-actuator dependency to the pom:

·        Spring Boot CLI

·         Tool to run and test Spring Boot applications from command prompt. When we run Spring Boot applications using CLI, then it internally uses Spring Boot Starter and Spring Boot AutoConfigurate components to resolve all dependencies and execute the application.
·         It internally contains Groovy and Grape (JAR Dependency Manager) to add Spring Boot Defaults and resolve all dependencies automatically.

·        Spring Boot Initilizr

·         It is a web tool which is provided by Spring on official site using which Spring Boot project can be created by providing project details. Check here in depth details.

That’s it all about Spring Boot Framework. Will add few more blogs for depth details.

Wednesday, April 12, 2017

Shibboleth Idp with External Authn Configuration

Shibboleth Idp comes with by default various flows like UsernamePassword, Mfa, X509, Kerberos, Spengo and various others flow but today I am going to discuss in details about one more flow which is also provided by Shibboleth Idp itself i.e External Flow

Use case:

Shibboleth Idp supports external Authn flow using which specific requirement can be fulfilled like your authentication database resides at some other location or some other servlet will do the authentication on the Idp’s behalf like authentication should be done at Facebook or Google side. All such scenario can be easily handled using External Authn flow.
Shibboleth team has already created document for the same which you can read it over here. I am writing this document to explain it in more details with example.

There are few predefined steps that we need to follow to add new custom flow in Shibboleth Idp as per Shibboleth guidelines. Let’s assume we have to create new flow named “Authn/Custom” in Shibboleth Idp. 

Here are the steps:

  • Copy opt\shibboleth-idp\conf\authn\ external-authn-config.xml and change it to custom-authn-config.xml and keep it under the same directory i.e. “opt\shibboleth-idp\conf\authn”.
  •  Replace all ‘External’ with ‘Custom’ in  custom-authn-config.xml file like 

<bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"
        c:_0="contextRelative:Authn/External" />                               
<bean id="shibboleth.authn.Custom.externalAuthnPath" class="java.lang.String"
        c:_0="contextRelative:Authn/Custom" />

  • Copy files from system to flow folder:

            cp system/flows/authn/external-authn-flow.xml flows/authn/Custom/Custom-flow.xml
            cp system/flows/authn/external-authn-beans.xml flows/authn/Custom/Custom-beans.xml

           Note: Make sure the name of the folder should be same as flow name. over here it is Custom  and Replace all ‘External’ with ‘Custom’ and edits the correct path too in both files.

  • Create a java project and create new Servlet CustomAuthnFlowServlet”. Servlet should contain final String key= ExternalAuthentication.startExternalAuthentication(httpRequest) and ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse) and the authentication logic should be added between this statement and If you are doing any redirect then make sure you should persist the key as startExternalAuthentication & finishExternalAuthentication require the same key.
One more point principal should be set as httpRequest.setAttribute(ExternalAuthentication.PRINCIPAL_NAME_KEY, username) if you want to retrieve at Shibboleth SP side and in case of error mapped it with AUTHENTICATION_ERROR_KEY. httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AUTHN_EXCEPTION);
  •  Add new Servlet mapping to web.xml file of Shibboleth Idp.

  •  Add your custom exception that we have created in our Servlet in  opt\shibboleth-idp\conf\authn\authn-events-flow.xml.
  •  Add below snippet to opt\shibboleth-idp\conf\errors.xml

<entry key="CustomException" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        <entry key="AnotherException" value-ref="shibboleth.SAML2Status.AuthnFailed" />

Note: Map your Exception to correct value-ref as incase of error Idp will send this error Response to Shibboleth SP.
  • Register Custom Auth flow in conf/authn/external-authn-config.xml

  • Set idp.authn.flows as Custom (idp.authn.flows=Custom)
  • We can retrieve Principal at Shibboleth IdP side by adding below snipped in attribute-resolver.xml.
We are done here. Restart Shibboleth and hit target URL and you will see the SSO happening using your custom flow. Please feel free to comment or mail me for any queries.

Happy Coding!!!

Wednesday, April 5, 2017

Default and Static methods in Java8

Java 8 introduces a new concept of default and static method implementation in interfaces. Before Java 8, interfaces could have only abstract methods but now It allows the interfaces to have methods with implementation without affecting the classes that implement the interface and provides backward comparability so that existing interfaces can use the lambda expressions without implementing the methods in the implementation class.

Eg: Now List or Collection has forEach method declaration which is only possible because of default declaration. 

Default Method:

The default methods are also known as defender methods or virtual extension methods and are defined inside the interface and tagged with default. These methods are non-abstract methods.

What about Multiple Inheritance?

As we know adding method definitions in interfaces can add ambiguity in multiple Inheritance and if a java class implement multiple interfaces and each interface can define default method with same method signature, then the inherited methods can conflict with each other.
Let’s create another interface with same default method, in below image you can see that AnotherInterface also has default method multiply.

Java 8 handle this issue at Compile type as it will result in a compilation error and can be resolved by overriding the default method or by implementing class should explicitly specify which default method is to be used.

Static Method:

An interface can also have static helper methods from Java 8 onwards and it is similar to default method except that we can’t override them in the implementation classes.

Difference between default methods and abstract class

·         Abstract class can hold state of an object. It can have constructors and member variables.
·         interfaces with Java 8 default methods cannot hold state. It cannot have constructors and member variables.
·         You should still use Abstract class whenever you think your class can have state or you need to do something in a constructor.
·         Default method should be used for backward compatibility. Whenever you want to add additional functionality in an existing legacy interface you can use default methods without breaking any existing implementor classes. 
      You can download the source code from GitHub.
Happy Learning!!

Monday, March 13, 2017

Mocking in Java using Mockito

Before talking about Mockito Framework. Let’s see why do we need it at the first place and how it can be helpful.

Last year, I was working on one project which talks to other third party services as well as with the database connection and to test the functionality of my application, third party application should be up and running. There can be a chance where all these services might not available during unit testing.

As you can see, your application is completely dependent on other application and what if:
  • Third party application is down
  •             You cannot connect to database to test your functionality

At such situation, mocking becomes a natural solution for unit testing. Using Mockito, you don’t really need a database connection. You just need a mock object that returns the expected result.

Mockito: Introduction

Mockito is a mocking framework, the JAVA-based library that is used for effective unit testing of JAVA applications. It lets you write beautiful tests with a clean & simple API and used to mock interfaces so that a dummy functionality can be added to a mock interface that can be used in unit testing like we don’t require a database connection or properties file read or file server read to test a functionality. A mock object returns a dummy data corresponding to some dummy input passed to it.

It facilitates creating mock objects seamlessly and uses Java Reflection in order to create mock objects for a given interface. Mock objects are nothing but the proxy for actual implementations.


You can download the JAR file and place it in your project class or If you are using Maven, then you need to add its dependency in the pom.xml file, as shown below.
                                    <version 1.9.5</version>

You can add it in gradle too:

repositories { jcenter() }
dependencies { testCompile "org.mockito:mockito-core:2.+" }


Mockito provides various Annotation/Class/Function using which we can integrate mock object into out JUNIT test cases.

I’ve uploaded one tutorial on GITHUB which we will refer it to here to understand the behavior/implementation of Mockito framework.

In EmployeeServiceTest_Annotation Class, I am invoking employeeServiceImpl.addEmployee(employee) to add the employee object and expecting long Id after the creation of object into the database. This API internally call employeeDao object to persist the data into the database and get the results.
Over here, employeeServiceImpl is the class in which we will inject the employeeDao mock object.

Let’s start implementing it:

Mockito supports the creation of mock objects using the static mock() method or using @Mock annotation and to use this annotation, we must invoke the static method MockitoAnnotations.initMocks(this) or use @RunWith(MockitoJUnitRunner.class) to populate the annotated fields.

@InjectMocks: it is used to create and inject the mock object.
@Mock: It is used to create the mock object to be injected

Adding behavior to mock object:

Mockito provides when(… .).thenReturn(… .) method to configure which values should be returned at a method call based on specific condition. It will return a value once it matches with a condition.

Eg: when(employeeDao.addEmployee(any(Employee.class))).thenReturn(1L);

It will return 1 whenever we invoke addEmployee(…) with any Employee object.
If you specify more than one value, then it will return in the order of specification until the last one is used.

Iterator it= mock(Iterator.class);

Verify the calls on the mock objects

Mockito provides another method called verify() which is similar to When() but does not check the result of a method but it checks that a method is called with the right parameters. 

Eg: verify call to employeeDao to make sure it get called and limit the method call to 1, no less and no more calls are allowed
            verify(employeeDao, times(1)).addEmployee(any(Employee.class));

Exception handling

Mockito provides the capability to a mock to throw exceptions so exception handling can be tested.

Eg: add the behavior to throw exception
                        doThrow(new Exception("Employee not found")).when(employeeDao).getEmployee(2);

Ordered Verification

Mockito provides Inorder class which takes care of the order of method calls that the mock is going to make in due course of its action.
Eg: Create an inOrder verifier for a single mock

                        InOrder inOrder = inOrder(employeeDao);

            // following will make sure that add is first called then subtract is called.


Mockito provides an option to create spy on real objects. When a spy is called, then the actual method of the real object is called.

Eg:  create a spy on actual object
                        employeeDao = spy(spyEmployeeDaoImpl);


Mockito provides a special Timeout option to test if a method is called within its stipulated time frame.

Eg: Verify call to add employee method to be completed within 100 ms
                        verify(employeeDao, timeout(100)).addEmployee(any(Employee.class));

You can download the source code from GITHUB.

Happy Coding..!!!

How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...