book

Modern API Development with Spring 6 and Spring Boot 3 - Second Edition

by Sourabh Sharma

September 2023

Intermediate to advanced

494 pages

11h 33m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Technical requirementsIntroducing REST APIsThe history of RESTREST fundamentalsHandling resources and URIsThe URI syntaxWhat is a URL?What is a URN?Exploring HTTP methods and status codesPOSTGETPUTDELETEPATCHHTTP status codesWhat is HATEOAS?Best practices for designing REST APIsUsing nouns and not verbs when naming a resource in the endpoint pathUsing the plural form for naming the collection resource in the endpoint pathUsing hypermedia (HATEOAS)Versioning your APIsNesting resourcesSecuring APIsMaintaining documentationComplying with recommended status codesEnsuring cachingMaintaining the rate limitIntroducing our e-commerce appSummaryQuestionsAnswersFurther reading
Technical requirementsUnderstanding the patterns and paradigms of SpringWhat is IoC?What is DI?What is AOP?Understanding the application of IoC containersDefining a bean and its scopeThe @ComponentScan annotationThe bean’s scopeConfiguring beans using JavaThe @Import annotationThe @DependsOn annotationHow to code DIUsing a constructor to define a dependencyUsing a setter method to define a dependencyUsing a class property to define a dependencyConfiguring a bean’s metadata using annotationsHow to use @Autowired?Matching by typeMatching by qualifierMatching by nameWhat is the purpose of @Primary?When can we use @Value?Writing code for AOPWhy use Spring Boot?Understanding the importance of servlet dispatcherSummaryQuestionsAnswersFurther reading
Technical requirementsDesigning APIs with OASUnderstanding the basic structure of OASThe metadata sections of OASThe servers and tags sections of OASThe components section of OASThe path section of OASConverting OAS to Spring codeImplementing the OAS code interfacesAdding a Global Exception HandlerTesting the implementation of the APISummaryQuestionsAnswersFurther reading
Technical requirementsOverview of the service designAdding a Repository componentThe @Repository annotationConfiguring the database and JPAThe database and seed data scriptAdding entitiesAdding repositoriesAdding a Service componentImplementing hypermediaEnhancing the controller with a service and HATEOASAdding ETags to API responsesTesting the APIsSummaryQuestionsAnswersFurther reading
Technical requirementsUnderstanding Reactive StreamsPublisherSubscriberSubscriptionProcessorExploring Spring WebFluxUnderstanding reactive APIsReactive CoreUnderstanding DispatcherHandlerControllersFunctional endpointsImplementing reactive APIs for our e-commerce appChanging OpenAPI Codegen for reactive APIsAdding Reactive dependencies to build.xmlHandling exceptionsHandling global exceptions for controllersAdding hypermedia links to an API responseDefining an entityAdding repositoriesAdding servicesAdding controller implementationsAdding H2 Console to an applicationAdding application configurationTesting reactive APIsSummaryQuestionsAnswersFurther reading
Technical requirementsImplementing authentication using Spring Security and JWTAdding the required Gradle dependenciesAuthentication using the OAuth 2.0 resource serverExploring the structure of JWTSecuring REST APIs with JWTAdding new APIsImplementing the JWT managerImplementing new APIsImplementing the REST controllersConfiguring web-based securityConfiguring CORS and CSRFUnderstanding authorizationRole and authorityTesting securitySummaryQuestionsAnswersFurther reading

Technical requirementsLearning React fundamentalsCreating a React appExploring the basic structures and filesUnderstanding the package.json fileBootstrapping a React appExploring React components and other featuresExploring JSXUnderstanding React hooksStyling components using TailwindDesigning the e-commerce app componentsConsuming APIs using FetchWriting the product API clientCoding the Product Listing pageWhy does the cart need to be fetched in ProductList?Configuring routingDeveloping the ProductCard componentDeveloping the ProductDetail componentImplementing authenticationCreating a custom useToken hookWriting the Login componentWriting the custom cart contextWriting the Cart componentWriting the Order componentWriting the root (App) componentRunning the applicationSummaryQuestionsAnswersFurther reading
Technical requirementsTesting APIs and code manuallyTesting automationUnit testingTesting exceptionsExecuting unit testsCode coverageIntegration testingSummaryQuestionsAnswersFurther reading
Technical requirementsWhat is containerization?Building a Docker imageWhat is Docker?Understanding Docker’s architectureDocker container life cycleCoding to build an image by adding the Actuator dependencyConfiguring the Spring Boot plugin taskConfiguring the Docker registryExecuting a Gradle task to build an imageDeploying an application in KubernetesSummaryQuestionsAnswersFurther reading
Technical requirementsHow does gRPC work?REST versus gRPCCan I call the gRPC server from web browsers and mobile apps?Getting to know the gRPC architectureHow gRPC uses ProtobufUnderstanding service definitionsExploring the RPC life cycleEvents that impact the life cycleUnderstanding the gRPC server and gRPC stubHandling errors and error status codesSummaryQuestionsAnswersFurther reading
Technical requirementsWriting an APISetting up the projectWriting the payment gateway functionalitiesDeveloping the gRPC serverImplementation of the gRPC serverImplementation of the gRPC server classTesting the gRPC serverCoding for handling errorsDeveloping the gRPC clientImplementing the gRPC clientTesting the gRPC serviceUnderstanding microservice conceptsTraditional monolithic designMonolithic design with servicesMicroservices designSummaryQuestionsAnswersFurther reading
Technical requirementsLogging and tracing using the ELK stackUnderstanding the ELK stackInstalling the ELK stackImplementing logging and tracing in the gRPC codeChanging the gRPC server codeChanging the gRPC client codeTesting the logging and tracing changesDistributed tracing with Zipkin and MicrometerSummaryQuestionsAnswersFurther reading
Technical requirementsGetting to know GraphQLA brief history of GraphQLComparing GraphQL with RESTLearning the fundamentals of GraphQLExploring the Query typeExploring the Mutation typeExploring the Subscription typeDesigning a GraphQL schemaUnderstanding scalar typesUnderstanding fragmentsUnderstanding interfacesUnderstanding Union typesUnderstanding input typesDesigning a schema with GraphQL toolsTesting GraphQL queries and mutationsSolving the N+1 problemWhat is the N+1 problem?How can we solve the N+1 problem?SummaryQuestionsAnswersFurther reading
Technical requirementsWorkflow and tooling for GraphQLImplementing the GraphQL serverCreating the gRPC server projectAdding the GraphQL DGS dependenciesAdding the GraphQL schemaAdding custom scalar typesDocumenting APIsImplementing GraphQL queriesWriting fetchers for GraphQL queriesWriting the data fetcher for productWriting the data fetcher for a collection of productsWriting the field resolver using the data fetcher methodWriting a data loader for solving the N+1 problemImplementing GraphQL mutationsImplementing and testing GraphQL subscriptionsUnderstanding the WebSocket sub-protocol for GraphQLTesting GraphQL subscriptions using Insomnia WebSocketInstrumenting the GraphQL APIsAdding a custom headerIntegration with MicrometerTest automationTesting GraphQL queriesTesting GraphQL mutationsTesting GraphQL subscriptions using automated test codeSummaryQuestionsAnswersFurther reading
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Modern API Development with Spring 6 and Spring Boot 3 - Second Edition

6 Securing REST Endpoints Using Authorization and Authentication

In previous chapters, we developed a RESTful web service using imperative and reactive coding styles. Now, you’ll learn how you can secure these REST endpoints using Spring Security. You’ll implement token-based authentication and authorization for REST endpoints. A successful authentication provides two types of tokens – a JavaScript Object Notation (JSON) Web Token (JWT) as an access token, and a refresh token in response. This JWT-based access token is then used to access the secured Uniform Resource Locators (URLs). A refresh token is used to request a new JWT if the existing JWT has expired, and a valid request token provides a new JWT to use.

You’ll associate users with roles ...