Dispatcher Servlet

1. Overview In our  previous tutorial  we have introduced an approach to authenticate a user when connecting to our websocket server using JWT authentication.  In this article, we will see how can we perform integration tests to check the behaviours of our security layers in different scenarios, as well as ensuring the correctness of our implementation for future updates. 2. Gradle dependencies Since this is a Gradle-based project, we add the required testing dependencies to the build.gradle: testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'com.github.tomakehurst:wiremock-jre8:2.34.0' testImplementation 'org.awaitility:awaitility-kotlin:4.2.0' testImplementation 'io.projectreactor:reactor-test' 3. Defining a Controller endpoint for testing In this example, we will write some integration tests to validate the requests to access a controller endpoint, as defined below: @Controller public class WebsocketCon...

1. Where is JRE ? If you haven't worked with Java for a long time and have just returned, you may be surprised to find that no JRE packages are included with Java 17. The reason for that is because Oracle no longer expects the general end user to have a Java runtime installed on their system, hence only JDK is provided (see  here ).  2. Does it means that I have to use JDK to dockerise my Spring application ? Well, you obviously can use JDK to dockerise your application. However, as JDK is generally large in size and consumes quite a lot of resources, it is not really a good idea to embed JDK inside your application to run in a microservices environment. There are two better choices to dockerise your Spring applications: Use a pre-built JRE from other providers, e.g.,  https://hub.docker.com/_/eclipse-temurin Build your own JRE with only the components that you need with  jlink and  jdeps For the first option, it can be seen that there are some pre-built JRE v...

1. Overview In this tutorial, we will talk about how to authenticate your Spring websocket server using JWT Spring Secutiry. Suppose that you already have a stateless microservice with an authorisation server up and running. Now you would want that all of your websocket service instances have to connect to the authorisation service to validate user's access token before allowing them to establish a websocket connection to your server. The official Spring document [1] has mentioned about this. However, they don't clarify how can we obtain the Authentication object. One can write a custom token validation mechanism and validate the user header token manually. But in our opinion, it is best to avoid doing this, as it may introduce some security vulnerabilities. In this tutorial, we will walk you though step-by-step of how to validate user's access token by reusing the JwtAuthentication provided by Spring Security framework. 2. Gradle Dependencies Since this is a Gradle-ba...