Java Security Spring Boot Spring Framework

Spring Boot and Security using Spring Data JPA for authentication

Recently one of my friends was working on a Spring Boot project and he was having trouble finding an example of how to configure user login for his site with Spring Boot using JPA. I had mentioned that there is some mention of configuring security in Greg Turnquist’s book Learning Spring Boot. He had just purchased Spring Boot in Action and I don’t think he was rushing to grab another book, but he hadn’t been able to find a good online tutorial.

Today I was browsing Twitter and I came across exactly what my friend was looking for. Priyadarshini B wrote a great online tutorial on doing just that on her blog. The post was so great I wanted to share it. So head over there and check it out, you won’t be disappointed as it will walk you through the whole process.

Java Spring Boot

JavaMug Spring Boot Discussion

I attended JavaMug last Wednesday as the speaker was Craig Walls author of Spring Boot in Action. When I heard about the book I had planned on purchasing it, but was disappointed there was no kindle version on Amazon. It does state if you purchase the print edition they will give you the kindle one for free, but I am trying to move away from paper books in general.

Overall the talk was pretty good. It is nice that there is a Pivotal employee local to the area so we can get a talk like this done. For most of the talk Craig just sort of demonstrated examples of what you can do with Spring Boot since there were people of varying degrees of experience with it. It was held at Improving in Addison which I had never been to, but they had some nice beer on tap (Kentucky Bourbon Barrel Ale). In a talk like this where you are just trying to introduce the concept to people it is hard to get as deep of a dive as I would like. But I did enjoy the part of the demo playing around with the metrics. That is something I haven’t really played around with, but of course got me immediately thinking about how much I would like to use that at work. I think maybe this year I will attempt to convert our legacy app to Spring Boot. It will be painful, but it just seems like more and more the benefits are so good that is what we should be doing. Hopefully I can find the time at work.

Then at the end of the talk they did a raffle and lo and behold I won the digital copy of Spring Boot in Action. I was pretty stoked about that given that I wanted that originally to begin with. When they get it to me and I get a chance to read it I will post a review up here.


IPv6 and Amazon EC2

I saw a bunch of people discussing this article. Basically it is saying that after 20 years IPv6 has only reached 10% deployment rate. I actually expect that number to start growing faster now since IPv4 addresses have been exhausted. At a certain point the cost of rolling out IPv6 will be less than horrible solutions like Carrier Grade NAT if the ISP doesn’t have enough IP Addresses. I always expected them to start rolling out IPv6 on Cell Phones given the number of devices and the growth rate, but I haven’t heard about anyone doing that yet.

This got me to thinking well this is an opportunity I have never played around with IPv6 networking. So I figured I could learn something by trying to configure a dual stack setup of this site. Unfortunately that isn’t going to be happening. I did a little research and it seems that Amazon doesn’t support IPv6 on EC2. It looks like for a time in 2011 they were supporting it on their Elastic Load Balancer (ELB) which would terminate IPv6 and then connect to your site behind it with IPv4. But for those of us with a small site with just a few readers the cost of ELB couldn’t be justified, and it isn’t even an option on a newer EC2 account.

So in the end my great idea for a post and something to learn (setting up a dual IP stack on the machine, configuring DNS to have an AAAA record and all of that) won’t be able to happen until Amazon decides they need to support IPv6. I spoke with a friend to see if he has his site on v6 and he has the same problem, he self hosts over a Comcast Business Account and they also don’t support IPv6. I would wager that part of the reason that deployment is so low is that many people who would be willing to play around with it and deploy it aren’t able to, due to the network providers.


Amazon EC2 Nano Instances

About a month ago I got an email from Amazon that they had introduced a nano instance. This was a very timely email as I was just nearing the end of my free year of AWS (your first year they give you enough of an EC2 budget to run a t2.micro instance for free). I had been running this site on the micro instance (as why not when you aren’t paying for it), but yesterday I got a bill for my EC2 usages. It was $11.46 for the month of December.

This site is mostly idle and only has a few readers so it is an ideal candidate to go to that new t2.nano instance. A few minutes ago I made the switch over it was fairly easy to make the switch. You just stop your instance and then in the EC2 console change the instance type and start it back up and you are good to go. Of course, since I was worried about something going wrong, I first backed up the blog using the UpdraftPlus plugin and stored it in my google drive. I then made a snapshot of the EBS Volume in EC2 just to be safe. But it was a super easy operation and I made the switch in about 1 minute. That will cut my hourly cost from $0.013 per hour to $0.0065 per hour, so half the price. Looking forward to a bill of around $5.50 next month, which it is hard to find hosting for less than that, especially with the level of control you get in EC2.

If you are running a low volume site look into it and see if you can save some money.


Themes for 2016

As my holiday vacation winds down I decided it is time to figure out what my themes are going to be for 2016. Last year I did a fairly good job at hitting the themes I laid out for the year, so I Am curious to see how it will turn out this year.

  • The first theme is going to be the same. Regular updates to the blog ideally once a week, though as I saw last year I Didn’t quite make the weekly thing but I did average it given 52 posts. Hopefully I can keep the content somewhat regular this year.
  • I want to continue with reading like last year, but that number will for sure drop as we are expecting a baby in February and I know depending on my sleep situation reading may go right out the window.
  • At work I would like to migrate to Spring Security 4. This is going to be a bit of an annoying upgrade for us based on some of the changes, but I think this year is the year to bite the bullet and figure it out before we are dealing with Spring 5 in 2017.
  • At home I would like to play around with Swift and write my first iOS app. I have been programming Java for 17 years now and I feel like mixing it up a little bit to keep things interesting. I was actually going to work on that over my vacation, but I ended up getting Fallout 4 on the Steam winter sale and messing around with that instead.
  • I would like to restructure our webapp at work from an EAR Structure to a WAR structure. If that is successful I would then like to move away from JBoss to Tomcat. And if I got really crazy I would like to end up converting our Spring App to a Spring Boot App which would be a massive restructuring our our application. I think if I could accomplish all of that we would be in a great place going forward, but this is pretty ambitious as a side project and not sure I will be able to find the hours to get us all the way there.
  • I think it would be cool to contribute some sort of patch or something into the openjdk or Spring just to say I have contributed there. It just depends if I find enough time to find a small issue and work it out and do so.

At the end of the day whether or not I do any of these things doesn’t matter too much to me. It is sort of just setting some sort of milestones to track how my year is going. The main purpose of this blog is just keeping myself accountable so that I am always sort of improving a little bit each day, so if I find that I have nothing to write about then I can see I am not pushing myself hard enough to learn something new. Here is to another great year.


Recap for 2015

At the start of the year I posted my Themes for 2015. I decided now is a good time to look at what I was thinking at the start of the year and see how my year turned out. I think it is sort of pointless to set out some ideas of things you want to accomplish if you never stop and assess what you actually did, so this is sort of an accountability post to myself to see how things played out for the year.

  • On the first idea of working on weekly updates. I didn’t accomplish that. On the other hand if we look at it from a post count standpoint I did average that, so I would call that a pretty successful year for my blog even if there were points that I went a whole month without putting some thoughts down.
  • The next theme was to do more reading. Overall I was pretty successful with this. I didn’t always meet the 10% of my kindle book a day, but I did actually read more books than the previous year. I would call that a success, I hope to keep the momentum going, but with another baby on the way this year, I will probably read fewer books this year. I find that when I am overtired I can’t read as it just puts me to sleep so depending on how soon my little one is sleeping will depend upon how much reading I end up doing.
  • The next thing on my list was spending more time doing stuff in Spring Boot. I did a little bit of work on the side playing with the framework. I am convinced that this is the only way to do development with Spring going forward, but migrating a very large legacy app in that direction is easier said that done. On the positive side though our organization did roll out a new microservice in spring boot this year, so we are beginning to bring it into production. The real key will be migrating the bulk of our code to the framework.
  • The next idea I had was to try to learn Angular and get more serious with that. I can say that did not come to pass. I did take Code School’s shaping up with Angular.js course, and I just recently noticed they have added the next level to the free plan. I may end up messing with that over the coming year, but I am not sure. I am sort of watching to see if I think people start moving over to Angular 2 or if the change in compatibility is going to hurt the popularity of the framework. Also I am hearing more buzz about react.js so that is always an option to look at as well. Either way 2015 was not a year of doing front end stuff for me.
  • For my architectural updates 2015 was a huge success. It started off slow with having issues aspectj-maven-plugin. I was forced to fork the project temporarily on github as the maintainer showed now interest in rolling a patch that someone contributed to solve the problem. Then codehaus shut down. After they moved the project into github one of the other maintainers rolled the fix in when I pointed out it was in the old Jira. So I was happy to be able to abandon my fork of the project and get back on the mainline branch. Then I ended up ripping the whole Hibernate Metamodel Generator out of the project anyway which probably wouldn’t have necessitated needing the aspectj plugin update, but that happened later in the year after we needed that upgrade. After getting the aspectj plugin situation resolved I was able to get us upgraded to Spring 4.1. Even better than that we closed the year running the 4.2 branch. So that was beyond what I was hoping to get done. JBoss finally released EAP 6.4 in April which is what I had been waiting on in order for us to upgrade to Java 8. We were able to get the container upgrade into production this fall. Then a few weeks later we switched our VM to Java 8 with that JBoss and ran successfully with that. Finally near the end of my work year in December I was able to switch our compiles to Java 8. So we are now at a point where we can use all the new lambdas and streams and I look forward to playing around with it in January.

All in all I was very happy with my year. I will spend some time in the near future to figure out my plan for 2016, I have some big ideas at work I want to deal with and I even have a few ideas for home projects to mess around with too. So here is to a great year that just ended and an even better one going forward.


I was thinking I should probably have noted anything big that actually happened that I didn’t predict.

  • I got to learn a bunch more Cassandra since I reworked our whole Cassandra Data layer as part of a big project to hide some of the complexity of what we are doing from the rest of the developers.
  • I took a team lead position so I now lead a group of 3 developers. I didn’t expect that at the start of last year, but it has actually been a great thing.
  • I started mentoring 2 other developers under a mentorship program at work. This started towards the end of the year, but I think it is going to be a great program. I think it will be a valuable part of onboarding new hires in the future when we hire people right out of university.