Forem: anand jaisy

Java Is Modern—So Why Does It Still Feel Verbose?

anand jaisy — Mon, 26 Jan 2026 00:40:33 +0000

Java’s six-month release cycle has significantly accelerated its evolution, transforming it into a more modern and capable platform. Java has long been recognized as the backbone of enterprise applications, valued for its stability, performance, and widespread adoption.

With recent advancements, Java has unquestionably modernized. However, developers still perceive certain aspects—particularly verbosity and boilerplate code—as excessive when compared to other programming languages.

A common example is entity modeling using Spring Data or Micronaut Data with JPA:

@Entity
public class Role extends EntityMetadata {
    private String name;
    private String description;

    // Create getter/setter constructor and other things
}

In such cases, developers are required to manually write getters, setters, constructors, and other boilerplate code.

Lombok as a Solution

Lombok addresses this issue effectively:

@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
@Entity
public class Role extends EntityMetadata {
    private String name;
    private String description;
}

By leveraging Lombok, developers can significantly reduce boilerplate, improving readability and productivity.

Trade-off:
The primary drawback is the reliance on a third-party library, which some teams prefer to avoid for long-term maintainability or tooling reasons.

Records and Their Limitations

In many Java conference talks and community discussions, architects often recommend using Java records. While records are a powerful addition, they come with limitations—especially in enterprise contexts.

For example:

@Entity
public record Role(String name, String description) extends EntityMetadata {
}

Records cannot extend other classes (they implicitly extend java.lang.Record), making them unsuitable where inheritance is a core part of object-oriented design. Additionally, records do not integrate well with JPA, which expects mutable entities and a no-argument constructor.

Quarkus Approach

The Quarkus team has introduced an interesting and developer-friendly alternative:

@Entity
public class Role extends EntityMetadata {
    public String name;
    public String description;
}

By allowing public fields, Quarkus generates the necessary accessors and other infrastructure behind the scenes. This approach reduces boilerplate without requiring additional libraries, offering a compelling balance between simplicity and productivity.

We all know there are lots of project going on with JAVA platform, however these small things make huge difference in developer adoption. That why JAVA is still famous for too much verbosity and boilaplate code.

The Java ecosystem continues to grow, with numerous frameworks and platforms actively evolving. However, seemingly small concerns—such as verbosity and boilerplate—have a significant impact on developer experience and adoption.

Micronaut vs Quarkus: Why I Switched After Two Years

anand jaisy — Thu, 22 Jan 2026 14:13:02 +0000

Micronaut is a modern, JVM-based, full-stack framework designed for building modular, highly testable microservices and serverless applications. After working with Micronaut for over two years, I decided to transition to Quarkus.

Both frameworks are well regarded in the microservices ecosystem, but after hands-on experience with each, I found Quarkus to offer several practical advantages that better align with my development workflow.

Common Ground

Both Micronaut and Quarkus provide excellent CLI support and can be easily installed using SDKMAN:

sdk install quarkus
sdk install micronaut

Both frameworks emphasize fast startup times, low memory usage, and cloud-native microservice design.

Why Switch to Quarkus?

1. Developer Mode (Dev Mode)

Quarkus Dev Mode is one of its most powerful features. You can start the application in development mode using a single command:

quarkus dev

In this mode, any change made anywhere in the codebase is automatically detected and hot-reloaded, providing near-instant feedback.

Micronaut offers a similar capability using Gradle:

./gradlew run --continuous

./gradlew run --t

2. Testcontainers Auto-Configuration

Quarkus provides seamless Testcontainers integration out of the box. When a project is created, test resources are automatically configured—no additional setup is required.

In Micronaut, Testcontainers support must be explicitly enabled by adding a plugin dependency:

id("io.micronaut.test-resources") version "4.6.1"

This additional configuration introduces extra overhead, especially during initial project setup.

3. No Lombok Required for Entities

Quarkus significantly reduces boilerplate code by allowing public fields in entities and providing powerful ORM tooling via Panache.

For example, with Quarkus:

@Entity
public class Billing extends Audit{
    public UUID jobId;
    public UUID subscriptionId;
    public Long amount;
    @Enumerated(EnumType.STRING)
    public Status status;
    public String receiptUrl;
    public Instant paidDate;
    public String paymentMethod;
    public String paymentProvider;
}

This is further enhanced by the Panache REST Data extension:

implementation("io.quarkus:quarkus-hibernate-orm-rest-data-panache")

In Micronaut, Lombok is typically required to avoid excessive boilerplate. Without Lombok, developers must manually write getters and setters:

@Introspected
@AllArgsConstructor
@Setter
@Getter
@Entity
public class Billing extends Audit{
    private UUID jobId;
    private UUID subscriptionId;
    private Long amount;
    @Enumerated(EnumType.STRING)
    private Status status;
    private String receiptUrl;
    private Instant paidDate;
    private String paymentMethod;
    private String paymentProvider;
}

While Lombok works well, it adds an additional dependency and build-time complexity.

4. Test-Driven Development (TDD) Experience

Quarkus offers an excellent TDD workflow. During test execution, developers can press R to re-run tests continuously. This allows instant feedback when code changes break existing functionality, enabling a true “test-first” development cycle.

Micronaut currently does not provide an equivalent built-in feature for continuous test reruns.

Documentation

In this area, Micronaut has an edge. Its documentation is more comprehensive, structured, and beginner-friendly compared to Quarkus.

Community

Although Quarkus is newer than Micronaut, its community has grown rapidly. Backed by Red Hat and widely adopted in the enterprise Java ecosystem, Quarkus benefits from strong community engagement, frequent updates, and extensive third-party integrations.

Micronaut

Conclusion

Both Micronaut and Quarkus are excellent frameworks for building microservices. However, Quarkus stands out in areas such as developer productivity, dev mode experience, test automation, and reduced boilerplate.

Micronaut remains a strong choice—particularly due to its documentation—but for my workflow and long-term maintainability goals, Quarkus has proven to be the better fit.

Data Oriented Rest Api in Java

anand jaisy — Mon, 19 Jan 2026 07:37:35 +0000

Data-oriented

Data-oriented programming promotes modeling information as immutable data and separating the business logic that operates on it. As the shift toward simpler, more focused programs has gained momentum, Java has introduced new features to better support this style—such as records for straightforward data modeling, sealed classes for representing fixed sets of alternatives, and pattern matching for flexible and expressive handling of polymorphic data.

Records, sealed classes, and pattern matching are complementary features in Java that collectively enhance support for data-oriented programming.

Records provide a concise way to model immutable data structures.
Sealed classes enable precise modeling of constrained hierarchies, allowing developers to define a fixed set of subclasses.
Pattern matching offers a type-safe and expressive mechanism for working with polymorphic data.
Java has introduced pattern matching in progressive stages:

Initially, only type-test patterns were supported in instanceof checks.
Subsequent enhancements extended support to switch statements, enabling more expressive control flow.
Most recently, deconstruction patterns for records were introduced in Java 19, allowing developers to extract and operate on the internal components of records in a streamlined, declarative manner.
These features together promote cleaner, more maintainable code by aligning data representation closely with the logic that operates on it.

Reference - https://www.infoq.com/articles/data-oriented-programming-java/

Building a REST Endpoint Using Java Sealed Interfaces and Records

In this article, we’ll build a REST endpoint using Java sealed interfaces and records to model success and failure outcomes in a clean, expressive, and type-safe way.

The same approach applies across popular Java frameworks such as Micronaut, Spring Boot, and Quarkus. For demonstration purposes, I’ll use Micronaut, but you can easily adapt the examples to the framework you’re most comfortable with.

Modeling Input and Output with Sealed Interfaces

We start by defining a common result type that represents either a successful outcome or a failure. Java’s sealed interfaces allow us to strictly control which implementations are permitted, while records provide concise, immutable data carriers.

public sealed interface IResult
        permits IResult.Success, IResult.Failure {

    record Success<T>(T value) implements IResult {}
    record Failure<T>(Exception error) implements IResult {}

    static <T> IResult success(T value) {
        return new Success<>(value);
    }

    static IResult failure(Exception ex) {
        return new Failure<>(ex);
    }
}

Success wraps a successful result
Failure wraps an exception
Static factory methods improve readability and remove the need for the new keyword at call sites

return IResult.failure(new ItemNotFoundException(ApplicationMessage.ValidationFieldMessage.RECORD_NOT_FOUND));

Alternative: Without Static Factory Methods

public sealed interface IResult
        permits IResult.Success, IResult.Failure {

    record Success<T>(T value) implements IResult {}
    record Failure<T>(Exception error) implements IResult {}
}

return new IResult.failure(new ItemNotFoundException(ApplicationMessage.ValidationFieldMessage.RECORD_NOT_FOUND));

The only difference is the explicit use of the new keyword. Functionally, both approaches are equivalent.

Controller Implementation

Next, let’s look at how this result abstraction simplifies controller logic. By leveraging pattern matching with switch, we can map domain results directly to HTTP responses.

@Controller("/privacyPreference")
public class PrivacyPreferenceController implements IHttpAction<PrivacyPreferenceRecord.PrivacyPreferenceRequest, PrivacyPreferenceRequest, PrivacyPreferenceResponse> {
    private final IPrivacyPreferenceRepo<PrivacyPreferenceResponse, PrivacyPreferenceRequest, FilterSortRequest> iPrivacyPreferenceRepo;

    public PrivacyPreferenceController(IPrivacyPreferenceRepo<PrivacyPreferenceResponse, PrivacyPreferenceRequest, FilterSortRequest> iPrivacyPreferenceRepo) {
        this.iPrivacyPreferenceRepo = iPrivacyPreferenceRepo;
    }

    @Override
    public HttpResponse<?> find() {
        var result = this.iPrivacyPreferenceRepo.find();
        return switch (result) {
            case Success success -> HttpResponse.ok(success.value());
            case Failure failure -> HttpResponse.notFound(failure.error().getMessage());
        };
    }

    @Override
    public HttpResponse<?> get(@Nonnull UUID id) {
        var result = this.iPrivacyPreferenceRepo.get(id);
        return switch (result) {
            case Success success -> HttpResponse.ok(success.value());
            case Failure failure -> HttpResponse.notFound(failure.error().getMessage());
        };
    }

    @Override
    public HttpResponse<?> post(PrivacyPreferenceRecord.@Valid PrivacyPreferenceRequest request) {
        var result = this.iPrivacyPreferenceRepo.create(request);
        return switch (result) {
            case Success success -> HttpResponse.ok(success.value());
            case Failure failure -> HttpResponse.badRequest(failure.error().getMessage());
        };
    }

    @Override
    public HttpResponse<?> patch(@NotNull UUID id, PrivacyPreferenceRecord.PrivacyPreferenceRequest request) {
        var result = this.iPrivacyPreferenceRepo.update(id, request);
        return switch (result) {
            case Success success -> HttpResponse.ok(success.value());
            case Failure failure -> switch (failure.error()) {
                case DuplicateNameException e -> HttpResponse.badRequest(e.getMessage());
                case ItemNotFoundException e -> HttpResponse.notFound(e.getMessage());
                default -> HttpResponse.serverError(failure.error().getMessage());
            };
        };
    }

    @Override
    public HttpResponse<?> delete(@NotNull UUID id) {
        var result = this.iPrivacyPreferenceRepo.delete(id);
        return switch (result) {
            case Success _ -> HttpResponse.noContent();
            case Failure failure -> HttpResponse.badRequest(failure.error().getMessage());
        };
    }
}

Why This Works Well

No exception-driven control flow in the controller
Compile-time safety via sealed types
Clear, readable HTTP mapping using pattern matching

Repository Contract

The repository interface consistently returns IResult, ensuring that all consumers handle success and failure explicitly.

public interface IPrivacyPreferenceRepo<R, T, C> {
    IResult find();
    IResult get(@NotNull UUID var1);
    IResult create(T var1);
    IResult update(@NotNull UUID var1, T var2);
    IResult delete(@NotNull UUID var1);
}

@Singleton
public class PrivacyPreferenceRepository implements IPrivacyPreferenceRepo<PrivacyPreferenceResponse, PrivacyPreferenceRequest, FilterSortRequest> {
    private final Map<UUID, PrivacyPreference> privacyPreferenceMap;
    private final PrivacyPreferenceEntityMapper privacyPreferenceEntityMapper;
    private final PrivacyPreferenceResponseMapper privacyPreferenceResponseMapper;

    public PrivacyPreferenceRepository(RootProvider<Root> rootProvider, PrivacyPreferenceEntityMapper privacyPreferenceEntityMapper,
                                       PrivacyPreferenceResponseMapper privacyPreferenceResponseMapper) {
        this.privacyPreferenceMap = rootProvider.root().getPrivacyPreference();
        this.privacyPreferenceEntityMapper = privacyPreferenceEntityMapper;
        this.privacyPreferenceResponseMapper = privacyPreferenceResponseMapper;
    }

    @Override
    public IResult find() {
        return IResult.success(privacyPreferenceMap.values().stream()
                .map(privacyPreferenceResponseMapper)
                .toList());
    }

    @Override
    public IResult get(@NotNull UUID id) {
        PrivacyPreference privacyPreference = privacyPreferenceMap.get(id);
        if (privacyPreference == null)
            return IResult.failure(new ItemNotFoundException(ApplicationMessage.ValidationFieldMessage.RECORD_NOT_FOUND));

        return IResult.success(this.privacyPreferenceResponseMapper.apply(privacyPreference));
    }

    @Override
    public IResult create(PrivacyPreferenceRequest request) {
        if (privacyPreferenceMap.values().stream().anyMatch(x -> x.userId().equals(request.userId())))
            return IResult.failure(new DuplicateNameException(ApplicationMessage.ApplicationError.RECORD_ALREADY_EXISTS));

        var privacyPreference = this.privacyPreferenceEntityMapper.apply(request, Optional.empty());
        this.save(this.privacyPreferenceMap, privacyPreference);
        return IResult.success(privacyPreferenceResponseMapper.apply(privacyPreference));
    }

    @Override
    public IResult update(@NotNull UUID id, PrivacyPreferenceRequest request) {
        PrivacyPreference privacyPreference = privacyPreferenceMap.get(id);
        if (privacyPreference == null)
            return IResult.failure(new ItemNotFoundException(ApplicationMessage.ValidationFieldMessage.RECORD_NOT_FOUND));

        var updatePrivacyPreference =  this.privacyPreferenceEntityMapper.apply(request, Optional.of(privacyPreference));
        save(this.privacyPreferenceMap, updatePrivacyPreference);
        return IResult.success(privacyPreferenceResponseMapper.apply(updatePrivacyPreference));
    }

    @Override
    public IResult delete(@NotNull UUID id) {
        try {
            deleteCourseById(this.privacyPreferenceMap, id);
        } catch (Exception e) {
            return IResult.failure(new ItemNotFoundException(ApplicationMessage.AdditionalRequirementMessage.ADDITIONAL_REQUIREMENT_NOTFOUND));
        }
        return IResult.success(true);
    }

    @StoreParams("additionalRequirement")
    protected void save(Map<UUID, PrivacyPreference> additionalRequirement, @NonNull PrivacyPreference request) {
        additionalRequirement.put(request.id(), request);
    }

    @StoreParams("additionalRequirement")
    protected void deleteCourseById(Map<UUID, PrivacyPreference> additionalRequirement,@NonNull UUID id) {
        if (additionalRequirement.get(id) == null)
            throw new ItemNotFoundException(ApplicationMessage.AdditionalRequirementMessage.ADDITIONAL_REQUIREMENT_NOTFOUND);
        additionalRequirement.remove(id);
    }
}

Alternative Functional style

@Serdeable
public class Result<T> {
    public final Exception exception;
    public final T value;
    private final ResultState state;

    public Result(T value) {
        this.exception = null;
        this.value = value;
        state = ResultState.SUCCESS;
    }

    public Result(Exception e) {
        this.exception = e;
        this.value = null;
        state = ResultState.FAULTED;
    }

    public static <T> Result<T> of(T value) {
        return new Result<>(value);
    }

    public static <T> Result<T> of(Exception e) {
        return new Result<>(e);
    }

    public boolean isFaulted() {
        return state == ResultState.FAULTED;
    }

    public boolean isSuccess() {
        return state == ResultState.SUCCESS;
    }
    public <R> R match(Function<T, R> successFn, Function<Exception, R> fail) {
        try {
            if (state == ResultState.FAULTED)
                return fail.apply(this.exception);
            else
                return successFn.apply(this.value);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public <R> R match(Supplier<R> successFn, Supplier<R> fail) {
        try {
            if (state == ResultState.FAULTED)
                return fail.get();
            else
                return successFn.get();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public <R> R match(Function<T, R> successFn, Supplier<R> fail) {
        try {
            if (state == ResultState.FAULTED)
                return fail.get();
            else
                return successFn.apply(this.value);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public <R> R match(Supplier<R> successFn, Function<Exception, R>  fail) {
        try {
            if (state == ResultState.FAULTED)
                return fail.apply(this.exception);
            else
                return successFn.get();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}

Usage

Repository

  @Override
    public Result<AdditionalRequirementResponse> create(AdditionalRequirementRequest tagRequest) {
        if (additionalRequirementData.values().stream().anyMatch(x -> x.name().equals(tagRequest.name())))
            return Result.of(new DuplicateNameException(ApplicationMessage.AdditionalRequirementMessage.ADDITIONAL_REQUIREMENT_NAME_DUPLICATE));

        var tag = additionalRequirementRequestMapper.apply(Optional.empty(),tagRequest);
        this.save(this.additionalRequirementData, tag);
        return Result.of(additionalRequirementResponseMapper.apply(tag));
    }

Controller

    public HttpResponse<?> post(AdditionalRequirementRequest perkRequest) {
        var result = this.iEclipseStoreRepository.create(perkRequest);
        return result.match(success-> HttpResponse.ok(result.value), ()->HttpResponse.badRequest(result.exception.getMessage()));
    }

Final Thoughts

Using sealed interfaces + records for API responses provides:

Strong domain modeling
Explicit success/failure handling
Cleaner controllers
Compile-time exhaustiveness checking

This pattern scales well and works consistently across Micronaut, Spring Boot, and Quarkus, making it a solid choice for modern Java REST APIs.

The JVM’s Greatest Irony: Brilliant Engineering, Painful Scripting

anand jaisy — Sat, 08 Nov 2025 03:05:53 +0000

The Java Virtual Machine (JVM) is one of the most remarkable pieces of engineering in the software world. Over the last three decades, it has evolved through countless optimizations, design refinements, and community contributions. With the recent release of Java 25, the platform continues to demonstrate its commitment to performance, stability, and innovation — not just in runtime efficiency but also in language design and developer experience.

That said, sometimes it’s the small things that matter most to developers. While Java is an industrial-grade powerhouse, scripting in Java can still feel like a nightmare compared to lightweight languages such as Python.

🧩 Example: Generating RSA Private and Public Keys

Here’s a simple Python script that generates a private RSA key and a public JWKS (JSON Web Key Set):

from jwcrypto import jwk
import json, uuid

key = jwk.JWK.generate(kty='RSA', size=2048)
key_id = str(uuid.uuid4())
key['kid'] = key_id
key['use'] = 'sig'
key['alg'] = 'RS256'

print("Private Key (keep secret):")
print(key.export_private())
print("\nPublic JWKS:")
print(json.dumps({"keys": [json.loads(key.export_public())]}, indent=2))

Running it is as simple as:

python generate_jwks.py

Clean, readable, and done.

☕ Doing the Same in Java

Let’s attempt the same thing in Java using the Nimbus JOSE + JWT library:

import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;
import net.minidev.json.JSONObject;
import java.util.UUID;

    void main() {
        RSAKey rsaJWK = new RSAKeyGenerator(2048)
                .keyID(UUID.randomUUID().toString())
                .algorithm(com.nimbusds.jose.JWSAlgorithm.RS256)
                .keyUse(KeyUse.SIGNATURE)
                .generate();


        IO.println("Private Key (keep secret):");
        IO.println(rsaJWK.toJSONString());


        RSAKey rsaPublicJWK = rsaJWK.toPublicJWK();
        JSONObject publicJWKS = new JSONObject();
        publicJWKS.put("keys", new Object[]{rsaPublicJWK.toJSONObject()});

        IO.println("\nPublic JWKS:");
        IO.println(publicJWKS.toJSONString());
    }

At first glance, the Java code looks fine — structured, type-safe, and easy to follow.
But the real challenge comes when you try to run it.

⚙️ The Developer Reality

Now the main pain comes when we try to run this piece of code. When we try to compile this we will get bunch of error due to dependency errors such as:

import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;
import net.minidev.json.JSONObject;
import java.util.UUID

To fix this, you’ll need to include external dependencies. For example, using Maven, you would add:

<dependency>
  <groupId>com.nimbusds</groupId>
  <artifactId>nimbus-jose-jwt</artifactId>
  <version>9.40</version>
</dependency>

Then compile and run:

mvn compile
mvn exec:java -Dexec.mainClass="com.example.App"

And just like that, what was a one-liner execution in Python becomes a mini build process in Java.

🚀 The Modern Way — Run Java Like a Script Using JBang

JBang a brilliant tool that lets you run Java files just like Python scripts, with zero project setup or Maven configuration.

Install using sdkman

sdk install jbang

///usr/bin/env jbang "$0" "$@" ; exit $?


//DEPS com.nimbusds:nimbus-jose-jwt:9.40
//DEPS org.json:json:20250517


import static com.nimbusds.jose.JWSAlgorithm.RS256;
import static com.nimbusds.jose.jwk.KeyUse.SIGNATURE;
import static java.lang.IO.println;
import static java.util.UUID.randomUUID;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import org.json.JSONObject;

void main() throws JOSEException {
        var key = new RSAKeyGenerator(2048)
                .keyID(randomUUID().toString())
                .keyUse(SIGNATURE)
                .algorithm(RS256)
                .generate();

        println("Private Key (keep secret):");
        println(key.toJSONString());

        println("\nPublic JWKS:");
        println(new JSONObject(Map.of("keys", new Object[]{key.toPublicJWK().toJSONObject()})).toString(2));

Save this file as GenerateJWK.java and run it directly — no pom.xml, no setup:

jbang GenerateJWK.java

JBang will automatically:

Download the required dependencies (nimbus-jose-jwt:9.40)
Compile your code
Run it in a single step

Just like Python or Node.js.

Pattern Matching in Java: The Modern Way to Write Cleaner Code

anand jaisy — Thu, 31 Jul 2025 22:03:05 +0000

Pattern matching streamlines your code by allowing you to check whether a value matches a specific structure or type—eliminating the need for repetitive if statements and manual type casting. It enables cleaner, more readable code by letting Java handle the complex checks for you.

Pattern matching in Java helps developers write more concise and efficient code. For instance, instead of manually checking whether an object is a String and then casting it, pattern matching allows you to perform both operations in a single, streamlined step.

Key Benefits of Pattern Matching:

Reduced Boilerplate: No need for repetitive instanceof checks followed by explicit casting. The code becomes shorter and more elegant.
Improved Readability: Type checks and variable declarations happen together, making the logic easier to understand at a glance.
Fewer Errors: Since Java handles the casting automatically, it reduces the risk of runtime exceptions like ClassCastException.

Naive Approach to Type Checking in Java

if (object instanceof String) {
    String s = (String) object;
    System.out.println(s.length());
}

Better approach

if (object instanceof String s) {
    System.out.println(s.length());
}

The benefits are clear:

No redundant casting: The variable s is immediately available as a String, with no need for manual type conversion.
Cleaner logic: Type checking and variable assignment are combined in a single, concise line.
Fewer bugs: Eliminates the risk of ClassCastException by letting Java safely handle the casting behind the scenes.

Modern Switch Pattern Matching (Java 21 and Beyond)

In earlier versions of Java, switch statements were limited to simple types like int, enum, or String. But starting with Java 21, pattern matching extends the power of switch by allowing you to match against an object's type directly. This results in cleaner, more expressive, and type-safe code.

Here’s how type checking used to look without pattern matching:

if (obj instanceof String) {
    String s = (String) obj;
    System.out.println("It's a String: " + s);
} else if (obj instanceof Integer) {
    Integer i = (Integer) obj;
    System.out.println("It's an Integer: " + i);
} else {
    System.out.println("Unknown type");
}

With switch and pattern matching, you can match types and extract variables in one step:

switch (obj) {  
    case String s  -> System.out.println("It's a String: " + s);  
    case Integer i -> System.out.println("It's an Integer: " + i);  
    default            -> System.out.println("Unknown type");  
}

This is a significant improvement over the old way, where switch could only match constants:

switch (number) {
    case 1 -> System.out.println("One");  // Old: only constants
    case 2 -> System.out.println("Two");
}

Going Beyond the Basics: Advanced Pattern Matching in Java

Java 16 introduced basic pattern matching using instanceof, but Java 21 brought more sophisticated features. In this section, you’ll learn how to work with record patterns, nested record patterns, and guarded patterns in your Java code.

Record Patterns

Record patterns enable you to access the components of a record in a single, streamlined operation. This adds powerful deconstruction capabilities to Java, akin to those in functional programming languages.

Using record patterns, you can deconstruct records—Java’s immutable data classes—directly within pattern-matching contexts such as instanceof checks and switch statements. Instead of manually extracting each field, you can retrieve all components at once.

For example, consider the following usage of record patterns with instanceof:

record Point(int x, int y) {}

// Without record patterns
if (p instanceof Point) {
    Point point = (Point) p;
    int x = point.x();
    int y = point.y();
    System.out.println(x + ", " + y);
}

// With record patterns
if (p instanceof Point(int x, int y)) {
    System.out.println(x + ", " + y);  // x and y are directly accessible
}

Record patterns become even more powerful when combined with switch statements:

Object obj = new Point(10, 20);

switch (obj) {
    case Point(int x, int y) when x > 0 && y > 0 -> 
        System.out.println("Point in first quadrant: " + x + ", " + y);
    case Point(int x, int y) -> 
        System.out.println("Point elsewhere: " + x + ", " + y);
    default -> 
        System.out.println("Not a point");
}

Mastering Nested Record Patterns in Java

Nested record patterns enable you to inspect records that include other records in a single, unified operation. This greatly simplifies handling complex, layered data.

With nested patterns, you can simultaneously match and extract values from multiple levels within a data structure, allowing direct access to inner components without having to traverse each level individually.

// Define two simple records
record Address(String city, String country) {}
record Person(String name, Address address) {}

// Create a person with an address
Person person = new Person("Rafael", new Address("Sao Paulo", "Brazil"));

For comparison, here’s how matching and extracting values looks without nested patterns:

// Multiple steps required
if (person instanceof Person) {
    String name = person.name();
    Address address = person.address();
    String city = address.city();
    String country = address.country();

    System.out.println(name + " lives in " + city + ", " + country);
}

And this is how you’d write it using nested patterns:

// One clean pattern
if (person instanceof Person(String name, Address(String city, String country))) {
    // All variables are immediately available
    System.out.println(name + " lives in " + city + ", " + country);
}

Similar to standard record patterns, nested record patterns can also be applied within switch statements. In the first case of the example below, the condition matches only when the person’s country is "Ireland"; if not, the switch moves on to evaluate the other case.

switch (person) {
    case Person(String name, Address(String city, "Ireland")) ->
        System.out.println(name + " lives in " + city + ", Ireland");
    case Person(String name, Address(String city, String country)) ->
        System.out.println(name + " lives in " + city + ", " + country);
}

The advantages are evident once more:

Reduced boilerplate: Nested record patterns enable extracting multiple components in one concise step.
Enhanced readability: The pattern explicitly reveals the data being extracted.
Type safety: The compiler guarantees that the extracted variables have the correct types.
Seamless nested deconstruction: Complex data structures are handled effortlessly within a single pattern.

By using nested patterns, your code becomes clearer and easier to maintain—especially when dealing with intricate data like configuration settings, domain models, or API responses.

Using Guarded Patterns (When Clauses) for Precise Matching

Guarded patterns extend pattern matching by allowing you to include additional conditions using the when keyword. This lets you match objects not only by their type or structure but also based on the specific values they hold.

As demonstrated below, a guarded pattern pairs a standard pattern with a Boolean expression to create more precise matches:

switch (obj) {
    case String s when s.length() > 5 -> 
        System.out.println("Long string: " + s);
    case String s -> 
        System.out.println("Short string: " + s);
    default -> 
        System.out.println("Not a string");
}

Here’s how this code operates:

Java first verifies whether the object fits the specified pattern (for example, whether it’s a String).
If it matches, Java assigns the matched value to the variable (s).
Then, Java evaluates the Boolean condition following the when clause.
If the condition is satisfied, that case is executed.

Let’s explore a couple of practical examples. In the first example, a guarded pattern is used to check the content of a String:

switch (input) {
    case String s when s.startsWith("http://") -> 
        System.out.println("HTTP URL");
    case String s when s.startsWith("https://") -> 
        System.out.println("Secure HTTPS URL");
    case String s ->     
        System.out.println("Not a URL");
}

And here, we’re using the pattern with numbers:

switch (num) {
    case Integer i when i < 0 -> System.out.println("Negative");
    case Integer i when i == 0 -> System.out.println("Zero");
    case Integer i when i > 0 -> System.out.println("Positive");
    default -> System.out.println("Not an integer");
}

The advantages of guarded patterns include:

More precise matching: Ability to target specific value-based conditions.
Less code: Merges type checks and value validations into a single step.
Improved readability: Expresses complex conditions clearly and succinctly.

Leveraging Pattern Matching with Sealed Classes

Using sealed classes together with pattern matching provides strong compile-time safety for your code. The examples in this section will demonstrate why this combination is truly transformative.

What are sealed classes?

Introduced in Java 17, sealed classes are classes that explicitly define which other classes can extend or implement them. Think of a sealed class as creating a “closed club” of related types:

sealed interface JavaMascot permits Duke, Juggy { }
record Duke(String color, int yearIntroduced) implements JavaMascot { }
record Juggy(String color, boolean isFlying) implements JavaMascot { }

At first glance, this code doesn’t seem to help much, but the real benefit starts when we try something like the following:

record Moby(String color, double tentacleLength) implements JavaMascot { } // Compilation error here

Since the sealed interface JavaMascot allows only Duke and Juggy to implement it, the code above will fail to compile. This restriction prevents unauthorized classes from implementing the JavaMascot interface, thereby reducing the risk of bugs. In general, tighter constraints in your code lead to fewer opportunities for errors.

Leveraging Sealed Classes within Switch Constructs

By combining sealed classes with switch in pattern matching, the compiler becomes fully aware of every possible subtype. This brings two key advantages: (1) the compiler can ensure that all subtypes are properly handled, and (2) because all cases are known upfront, there’s no need for a default case.

Let’s see how sealed classes and switch collaborate in the example below.

String describeMascot(JavaMascot mascot) {
    return switch (mascot) {
        case Duke(String color, int yearIntroduced) -> 
            "Duke (" + color + ") from " + yearIntroduced;
        case Juggy(String color, boolean isFlying) -> 
            "Juggy (" + color + ")" + (isFlying ? " flying high" : "");
        // No default needed! The compiler knows these are all possibilities
    };
}

Java 23+ Enhancements: Primitive Type Pattern Matching

Recent Java versions have introduced an exciting preview feature that allows pattern matching to work with primitive types, enabling compatibility checks directly in your code. We’ll explore this feature through several examples. Keep in mind, however, that since primitive type pattern matching is still in preview, it may be modified or removed in future Java releases. To run the examples below, make sure to enable preview features in your environment.

java --enable-preview YourClassNameHere

What You Need to Know About Primitive Type Pattern Matching

This feature allows us to check whether a value of one primitive type can be safely represented as another primitive type, and if so, bind that value to a new variable. The following example demonstrates this with integer compatibility in action:

int count = 98;
if (count instanceof byte smallCount) {
    // This executes only if count fits in a byte's range
    System.out.println("Small enough: " + smallCount);
} else {
    System.out.println("Number too large for byte storage");
}

Here, we’re checking if 98 can be stored in a byte. Since it’s between -128 and 127, the condition succeeds.

Consider another example, this one evaluating decimal precision:

double measurement = 17.5;
if (measurement instanceof float simpleMeasurement) {
    System.out.println("No precision loss: " + simpleMeasurement);
} else {
    System.out.println("Requires double precision");
}

This verifies if the double value can be represented as a float without precision loss.

Here’s an example using primitive type pattern matching with text characters:

int codePoint = 90;
if (codePoint instanceof char symbol) {
    System.out.println("This represents: '" + symbol + "'");
} else {
    System.out.println("Not a valid character code");
}

The output from this code would be: This represents: ‘Z’, because 90 is the ASCII/Unicode value for Z.

Finally, here’s a demonstration showing multiple type compatibility checks:

void examineNumber(long input) {
    System.out.println("Examining: " + input);

    if (input instanceof byte b)
        System.out.println("Fits in a byte variable: " + b);    
    if (input instanceof short s)
        System.out.println("Fits in a short variable: " + s);
    if (input >= 0 && input <= 65535 && input instanceof char c)
        System.out.println("Represents character: '" + c + "'");
    if (input instanceof int i)
        System.out.println("Fits in an int variable: " + i);
}

When called with examineNumber(77), this code would output all four messages, including that 77 represents the character ‘M’.

When to Use Primitive Type Pattern Matching

Primitive type pattern matching is especially useful in scenarios such as:

Validating user input to ensure it falls within acceptable ranges.
Safely converting between numeric types while minimizing data loss.
Handling character encoding during text processing.
Making numeric type conversions clearer and more reliable.

Angular 20 + Micronaut

anand jaisy — Mon, 30 Jun 2025 23:14:33 +0000

In certain scenarios—particularly with smaller applications—it can be beneficial to serve both the frontend and backend from a single service. Instead of deploying the frontend (e.g., an Angular application) and the backend (e.g., a REST API) on separate servers, a more efficient approach may be to consolidate them into a single, lightweight deployment. This strategy helps reduce infrastructure complexity and minimizes the application’s footprint.

Micronaut, with its fast startup time and minimal resource usage, pairs well with Angular for such use cases.

In this blog post, we’ll explore how to serve an Angular application directly from a Micronaut backend, creating a unified deployment that is simple, efficient, and well-suited for small to medium-sized projects.

Step 1: Setting Up the Micronaut app

Head over to Micronaut launch, just create a basic application

If we look into the dependency, its a basic minimal Micronaut app

plugins {
    id("io.micronaut.application") version "4.5.4"
    id("com.gradleup.shadow") version "8.3.7"
    id("io.micronaut.aot") version "4.5.4"
}

version = "0.1"
group = "micronaut.angular"

repositories {
    mavenCentral()
}

dependencies {
    annotationProcessor("io.micronaut:micronaut-http-validation")
    annotationProcessor("io.micronaut.serde:micronaut-serde-processor")
    implementation("io.micronaut.serde:micronaut-serde-jackson")
    compileOnly("io.micronaut:micronaut-http-client")
    runtimeOnly("ch.qos.logback:logback-classic")
    testImplementation("io.micronaut:micronaut-http-client")
}


application {
    mainClass = "micronaut.angular.Application"
}
java {
    sourceCompatibility = JavaVersion.toVersion("21")
    targetCompatibility = JavaVersion.toVersion("21")
}


graalvmNative.toolchainDetection = false

micronaut {
    runtime("netty")
    testRuntime("junit5")
    processing {
        incremental(true)
        annotations("micronaut.angular.*")
    }
    aot {
        // Please review carefully the optimizations enabled below
        // Check https://micronaut-projects.github.io/micronaut-aot/latest/guide/ for more details
        optimizeServiceLoading = false
        convertYamlToJava = false
        precomputeOperations = true
        cacheEnvironment = true
        optimizeClassLoading = true
        deduceEnvironment = true
        optimizeNetty = true
        replaceLogbackXml = true
    }
}

tasks.named<io.micronaut.gradle.docker.NativeImageDockerfile>("dockerfileNative") {
    jdkVersion = "21"
}

Now that our backend service is set up and ready, it's time to focus on the frontend. In this section, we'll set up an Angular application using the standard Angular CLI, which provides a streamlined and efficient way to scaffold and manage Angular projects.

Angular setup

Install the Angular CLI

npm install -g @angular/cli

Create a workspace and initial application

ng new ui

We can select select any choice, however we will stick to SCSS.

We don't want SSR, our choice will be N

The angular CLI will install few dependencies

Once the dependencies are install, we can see the below project structure

cd new ui

Run the application

ng serve --open

Enter the URL http://localhost:4200/ in the browser and we will the angular app is running

Development Workflow

During development, it's perfectly fine (and often preferable) to run Angular and Spring Boot as separate applications:

Angular CLI: Serves the frontend on http://localhost:4200 with hot-reload for fast development.

Micronaut: Runs the backend API on http://localhost:8080.

This separation allows for:
✔ Faster frontend iterations (thanks to Angular's live reload)
✔ Independent debugging of backend APIs
✔ Mock API responses during early development

The Production Challenge

In production, we typically want to serve both applications as a single unit for:
✔ Simplified deployment
✔ Reduced cross-origin issues (CORS)
✔ Better performance (serving static assets directly from the backend)

Configuring Angular to Deploy as Spring Boot Static Content for production

Understanding the Setup

By default, Angular builds to /dist/ui, but we need it to output directly to Spring Boot's static resources folder where it can be automatically served. Here's how to make this work seamlessly:

Step 1: Modify Angular's Output Path

"architect": {
  "build": {
    "builder": "@angular-devkit/build-angular:application",
    "options": {
      "outputPath": "dist/ui",
    },
}
}

Lets change the "outputPath": "dist/ui" to the Micronaut resource directory

"architect": {
  "build": {
    "builder": "@angular-devkit/build-angular:application",
    "options": {
      "outputPath": "../src/main/resources/static",  // Changed from "dist/ui"
      "index": "src/index.html",
      // ... rest of your config
    }
  }
}

"outputPath": "../src/main/resources/static"

Since now the outputPath is pointing to the Micronaut resources, we can run angular CLI command to build the files, we must point to the root directory of the angular app in our case ui

Step 2: Build and Verify

ng build --configuration production

We will see the below logs

 ng build --configuration production
Initial chunk files   | Names         |  Raw size | Estimated transfer size
main-3BERZHFR.js      | main          | 208.01 kB |                56.74 kB
polyfills-FFHMD2TL.js | polyfills     |  34.52 kB |                11.28 kB
styles-5INURTSO.css   | styles        |   0 bytes |                 0 bytes

                      | Initial total | 242.53 kB |                68.02 kB

Application bundle generation complete. [2.279 seconds]

Output location: /Users/san/project/Sample/AngularTest/src/main/resources/static

Notice the output location here Output location: /Users/san/project/Sample/AngularTest/src/main/resources/static. The files are been output the the Micronaut resources directory.

Run the Micronaut app, and head over to the browser http://localhost:8080 we will see there is no angular app.

If you have looked closely to the resources >> static directory, there is browser directory is created by angular build command, and if we look into that directory we can see the index.html and .js file. For angular to work that needs to be on outside of the browser directory, because spring doesn't know anything about browser directory.

Solution 1 - We can move those files outside of the browser Now, if we run our Micronaut app, and navigate to http://localhost:8080 we will see angular application

Well this works right, hmmmm not that effective

The problem with this solution is that we need to manually move the files, lets see how we can fix this.

Better Solution

 "outputPath": {
              "base": "../src/main/resources/static",
              "browser": ""
            },
            "deleteOutputPath": false

Include browser ="" to generate file inside the static directory and don't delete other files by including "deleteOutputPath": false,. Now if we run the command ng build --configuration production we can see all the files are generated within static

Add a new component

ng g c Home // This will generate new Home Component

Include this component in the router section

import { Routes } from '@angular/router';
import {HomeComponent} from './home/home.component';

export const routes: Routes = [{ path: 'home', component: HomeComponent },];

For local development we can reply on ng server. The routing will work on http://localhost:4200/home

For Micronaut to include the router we need to build again

ng build --configuration production

If we navigate to http://localhost:8080/home we will face an issue as 404 not found

To fix this we have to do configuration SPA routing

@Controller("/")
public class SpaController {
    @Inject
    ResourceResolver res;

    @Get("/{path:(?!.*\\.).*}")
    @Produces(MediaType.TEXT_HTML)
    public HttpResponse<?> refresh(@PathVariable String path) {
        StreamedFile indexFile = new StreamedFile(res.getResource("classpath:public/index.html").get());
        return HttpResponse.ok(indexFile);
    }
}

Application.properties

micronaut.router.static-resources.default.enabled=true
micronaut.router.static-resources.default.mapping=/**
micronaut.router.static-resources.default.paths=classpath:public

Development vs Production Workflow

Now if we run the spring boot app and navigate to http://localhost:8080/home we will see our home component.

For development, configure Angular's proxy to avoid CORS issues:

// src/proxy.conf.json
{
  "/api": {
    "target": "http://localhost:8080",
    "secure": false
  }
}

Conclusion

The Best of Both Worlds
By configuring Angular to build directly into Micronaut static resources folder, we've created a powerful full-stack solution that:

✔ Simplifies Deployment - A single JAR contains both frontend and backend
✔ Improves Performance - Static assets are served efficiently by the embedded Tomcat server
✔ Maintains Flexibility - Keep separate dev servers during development while unifying for production

How small can Java app on the container

anand jaisy — Tue, 24 Jun 2025 09:35:49 +0000

If you're looking to build lightning-fast Java applications with minimal container footprint, Micronaut + GraalVM is the perfect combination. In this post, we'll walk through creating a Micronaut app, containerizing it, and optimizing it with native images and distroless containers.

🛠️ Getting Started with Micronaut

You can quickly generate a Micronaut project using the Micronaut Launch tool:

Or via the CLI:

mn create-app --build=gradle_kotlin --jdk=21 --lang=java --test=junit --features=openapi,swagger-ui,management,gcp-logging fete.bird.container-demo

Run the application:

./gradlew run

 __  __ _                                  _   
|  \/  (_) ___ _ __ ___  _ __   __ _ _   _| |_ 
| |\/| | |/ __| '__/ _ \| '_ \ / _` | | | | __|
| |  | | | (__| | | (_) | | | | (_| | |_| | |_ 
|_|  |_|_|\___|_|  \___/|_| |_|\__,_|\__,_|\__|
08:22:52.715 [main] INFO  io.micronaut.runtime.Micronaut - Startup completed in 312ms. Server Running: http://localhost:8080
<==========---> 80% EXECUTING [13s]

🚀 Startup: ~312ms

🐳 Containerizing the App with Docker

Micronaut provides convenient Gradle tasks to build Docker artifacts. Let's generate the standard Dockerfile:

./gradlew dockerfile

You’ll find the Dockerfile at:

Build 👉🏻➔ docker 👉🏻➔ main 👉🏻➔ Dockerfile

Here’s what it looks like:

FROM eclipse-temurin:21-jre
WORKDIR /home/app
COPY --link layers/libs /home/app/libs
COPY --link layers/app /home/app/
COPY --link layers/resources /home/app/resources
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "/home/app/application.jar"]

If we have notice in the Dockerfile, we can see a COPY command with --link layers. This mean we need to create layers directory. OHHH how can I created, don't worry micronaut gradle has all plugin. Lets run another Gradle task to build those directory

Now, generate the necessary layer files:

./gradlew buildLayers

Build the Docker image:

Navigate to the Dockerfile

~/project/Sample/container-demo/build/docker/main 

docker buildx build -f Dockerfile -t micronuat-temurin.21 .

Lets check the docker image in docker

docker image ls

🧱 Image: eclipse-temurin:21-jre
🚀 Startup: ~340ms
📦 Container size: 337MB

docker run --rm -p 8080:8080 micronuat-temurin.21
 __  __ _                                  _   
|  \/  (_) ___ _ __ ___  _ __   __ _ _   _| |_ 
| |\/| | |/ __| '__/ _ \| '_ \ / _` | | | | __|
| |  | | | (__| | | (_) | | | | (_| | |_| | |_ 
|_|  |_|_|\___|_|  \___/|_| |_|\__,_|\__,_|\__|
22:44:36.206 [main] INFO  io.micronaut.runtime.Micronaut - Startup completed in 340ms. Server Running: http://5a2c1732c6ad:8080

Can we make it better, can Java be better for container ?? Hell yeah, let explore native with GRAALVM

⚡ Going Native with GraalVM

Lets run the gradle task ./gradlew dockerfileNative. This will create a DockerfileNative file under

Build 👉🏻➔ docker 👉🏻➔ native-main 👉🏻➔ DockerfileNative

FROM ghcr.io/graalvm/native-image-community:21-ol9 AS graalvm
WORKDIR /home/app
COPY --link layers/libs /home/app/libs
COPY --link layers/app /home/app/
COPY --link layers/resources /home/app/resources
RUN mkdir /home/app/config-dirs
RUN mkdir -p /home/app/config-dirs/generateResourcesConfigFile
RUN mkdir -p /home/app/config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5
RUN mkdir -p /home/app/config-dirs/ch.qos.logback/logback-classic/1.4.9
RUN mkdir -p /home/app/config-dirs/org.apache.httpcomponents/httpclient/4.5.14
RUN mkdir -p /home/app/config-dirs/com.google.protobuf/protobuf-java-util/3.21.12
RUN mkdir -p /home/app/config-dirs/io.netty/netty-common/4.1.115.Final
RUN mkdir -p /home/app/config-dirs/io.netty/netty-transport/4.1.115.Final
COPY --link config-dirs/generateResourcesConfigFile /home/app/config-dirs/generateResourcesConfigFile
COPY --link config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5 /home/app/config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5
COPY --link config-dirs/ch.qos.logback/logback-classic/1.4.9 /home/app/config-dirs/ch.qos.logback/logback-classic/1.4.9
COPY --link config-dirs/org.apache.httpcomponents/httpclient/4.5.14 /home/app/config-dirs/org.apache.httpcomponents/httpclient/4.5.14
COPY --link config-dirs/com.google.protobuf/protobuf-java-util/3.21.12 /home/app/config-dirs/com.google.protobuf/protobuf-java-util/3.21.12
COPY --link config-dirs/io.netty/netty-common/4.1.115.Final /home/app/config-dirs/io.netty/netty-common/4.1.115.Final
COPY --link config-dirs/io.netty/netty-transport/4.1.115.Final /home/app/config-dirs/io.netty/netty-transport/4.1.115.Final
RUN native-image --exclude-config .*/libs/netty-buffer-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-common-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-codec-http-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-transport-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-codec-http2-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-handler-4.1.119.Final.jar ^/META-INF/native-image/.* -cp /home/app/libs/*.jar:/home/app/resources:/home/app/application.jar --no-fallback -o application -H:ConfigurationFileDirectories=/home/app/config-dirs/generateResourcesConfigFile,/home/app/config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5,/home/app/config-dirs/ch.qos.logback/logback-classic/1.4.9,/home/app/config-dirs/org.apache.httpcomponents/httpclient/4.5.14,/home/app/config-dirs/com.google.protobuf/protobuf-java-util/3.21.12,/home/app/config-dirs/io.netty/netty-codec-http/4.1.80.Final,/home/app/config-dirs/io.netty/netty-common/4.1.115.Final,/home/app/config-dirs/io.netty/netty-buffer/4.1.80.Final,/home/app/config-dirs/io.netty/netty-transport/4.1.115.Final,/home/app/config-dirs/io.netty/netty-handler/4.1.80.Final,/home/app/config-dirs/io.netty/netty-codec-http2/4.1.80.Final fete.bird.Application
FROM cgr.dev/chainguard/wolfi-base:latest
EXPOSE 8080
COPY --link --from=graalvm /home/app/application /app/application
ENTRYPOINT ["/app/application"]

Lets run few task to generate the directory with files

./gradlew buildNativeLayers
./gradlew dockerPrepareContext

Lets build the docker image

docker buildx build -f DockerfileNative -t micronuat-native-graal .

Lets check the image

docker image ls

docker run --rm -p 8080:8080 micronuat-native-graal
 __  __ _                                  _   
|  \/  (_) ___ _ __ ___  _ __   __ _ _   _| |_ 
| |\/| | |/ __| '__/ _ \| '_ \ / _` | | | | __|
| |  | | | (__| | | (_) | | | | (_| | |_| | |_ 
|_|  |_|_|\___|_|  \___/|_| |_|\__,_|\__,_|\__|
22:57:32.389 [main] INFO  io.micronaut.runtime.Micronaut - Startup completed in 12ms. Server Running: http://388dc34c3d3d:8080

🧱 Image: ghcr.io/graalvm/native-image-community:21-ol9
🚀 Startup: ~12ms
📦 Container size: 82.5MB

📦 Optimizing Further with Distroless Containers

tasks.named<io.micronaut.gradle.docker.NativeImageDockerfile>("dockerfileNative") {
    jdkVersion = "21"
    baseImage("gcr.io/distroless/static-debian12")
}

Create again NativeImageDockerfile

./gradlew dockerfileNative
./gradlew buildNativeLayers
./gradlew dockerPrepareContext

FROM ghcr.io/graalvm/native-image-community:21-ol9 AS graalvm
WORKDIR /home/app
COPY --link layers/libs /home/app/libs
COPY --link layers/app /home/app/
COPY --link layers/resources /home/app/resources
RUN mkdir /home/app/config-dirs
RUN mkdir -p /home/app/config-dirs/generateResourcesConfigFile
RUN mkdir -p /home/app/config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5
RUN mkdir -p /home/app/config-dirs/ch.qos.logback/logback-classic/1.4.9
RUN mkdir -p /home/app/config-dirs/org.apache.httpcomponents/httpclient/4.5.14
RUN mkdir -p /home/app/config-dirs/com.google.protobuf/protobuf-java-util/3.21.12
RUN mkdir -p /home/app/config-dirs/io.netty/netty-common/4.1.115.Final
RUN mkdir -p /home/app/config-dirs/io.netty/netty-transport/4.1.115.Final
COPY --link config-dirs/generateResourcesConfigFile /home/app/config-dirs/generateResourcesConfigFile
COPY --link config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5 /home/app/config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5
COPY --link config-dirs/ch.qos.logback/logback-classic/1.4.9 /home/app/config-dirs/ch.qos.logback/logback-classic/1.4.9
COPY --link config-dirs/org.apache.httpcomponents/httpclient/4.5.14 /home/app/config-dirs/org.apache.httpcomponents/httpclient/4.5.14
COPY --link config-dirs/com.google.protobuf/protobuf-java-util/3.21.12 /home/app/config-dirs/com.google.protobuf/protobuf-java-util/3.21.12
COPY --link config-dirs/io.netty/netty-common/4.1.115.Final /home/app/config-dirs/io.netty/netty-common/4.1.115.Final
COPY --link config-dirs/io.netty/netty-transport/4.1.115.Final /home/app/config-dirs/io.netty/netty-transport/4.1.115.Final
RUN native-image --exclude-config .*/libs/netty-buffer-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-common-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-codec-http-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-transport-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-codec-http2-4.1.119.Final.jar ^/META-INF/native-image/.* --exclude-config .*/libs/netty-handler-4.1.119.Final.jar ^/META-INF/native-image/.* -cp /home/app/libs/*.jar:/home/app/resources:/home/app/application.jar --no-fallback -o application -H:ConfigurationFileDirectories=/home/app/config-dirs/generateResourcesConfigFile,/home/app/config-dirs/ch.qos.logback.contrib/logback-json-classic/0.1.5,/home/app/config-dirs/ch.qos.logback/logback-classic/1.4.9,/home/app/config-dirs/org.apache.httpcomponents/httpclient/4.5.14,/home/app/config-dirs/com.google.protobuf/protobuf-java-util/3.21.12,/home/app/config-dirs/io.netty/netty-codec-http/4.1.80.Final,/home/app/config-dirs/io.netty/netty-common/4.1.115.Final,/home/app/config-dirs/io.netty/netty-buffer/4.1.80.Final,/home/app/config-dirs/io.netty/netty-transport/4.1.115.Final,/home/app/config-dirs/io.netty/netty-handler/4.1.80.Final,/home/app/config-dirs/io.netty/netty-codec-http2/4.1.80.Final fete.bird.Application -H:+StaticExecutableWithDynamicLibC
FROM gcr.io/distroless/static-debian12
EXPOSE 8080
COPY --link --from=graalvm /home/app/application /app/application
ENTRYPOINT ["/app/application"]

Lets build the docker image

docker buildx build -f DockerfileNative -t micronuat-native-graal .

Lets check the image

docker image ls

docker run --rm -p 8080:8080 micronuat-native-graal
 __  __ _                                  _   
|  \/  (_) ___ _ __ ___  _ __   __ _ _   _| |_ 
| |\/| | |/ __| '__/ _ \| '_ \ / _` | | | | __|
| |  | | | (__| | | (_) | | | | (_| | |_| | |_ 
|_|  |_|_|\___|_|  \___/|_| |_|\__,_|\__,_|\__|
22:57:32.389 [main] INFO  io.micronaut.runtime.Micronaut - Startup completed in 10ms. Server Running: http://388dc34c3d3d:8080

🧱 Image: ghcr.io/graalvm/native-image-community:21-ol9
🚀 Startup: ~10ms
📦 Container size: 70.6MB

Can you go further - YES

Running a Fully Static Application — In an Empty Container

🧱 Image: scratch
🚀 Startup: ~8ms
📦 Container size: 69.2MB

Going Extreme — UPX Compression

🧱 Image: scratch
🚀 Startup: ~6ms
📦 Container size: 22.3MB

🧵 Conclusion

Micronaut combined with GraalVM unlocks blazing-fast Java apps with minimal startup time and memory usage—ideal for cloud-native and serverless deployments. With the help of native compilation and container optimizations, Java is now a top-tier choice for microservices at scale.

More details here - https://medium.com/graalvm/from-jit-to-native-path-to-efficient-java-containers-d81221418c39

Exploring Firestore with Micronaut and Java 21: A Scalable NoSQL Solution for Modern Applications

anand jaisy — Tue, 17 Jun 2025 21:50:28 +0000

As we continue to develop and deploy a growing number of microservices, one critical consideration is the choice of data storage. While traditional relational databases such as PostgreSQL, MS SQL Server, and MySQL offer robust capabilities, they can become expensive and complex to scale in serverless environments like Google Cloud Run, AWS Lambda, or Azure Functions.

Serverless architectures offer inherent scalability, and managing relational database scaling in such environments often introduces additional operational overhead and cost. That said, the decision to use a relational database (RDBMS) versus a NoSQL solution should always be driven by the specific business and data requirements.

In this blog post, we explore Google Cloud Firestore, a fully managed, serverless NoSQL document database built for automatic scaling, high performance, and ease of application development. Firestore is particularly well-suited for modern applications, especially those involving AI and ML workloads.

Firestore integrates seamlessly with tools like LangChain and LlamaIndex, supporting patterns such as:

Document loaders for managing and storing structured content,

Vector stores for similarity and semantic search,

Memory modules for use cases like chat history retention.

Additionally, Firestore provides out-of-the-box extensions that simplify integration with popular AI services, enabling features such as automated embedding generation, language translation, and image classification with minimal configuration.

In this article, we'll walk through how to use Firestore on the server side, using Micronaut and Java 21 as our development stack. Let’s dive into how Firestore can help you build scalable, AI-powered applications with ease.

OOPS, we’ve had enough theory—let’s dive into some code and see how Micronaut can help us integrate with Firestore and build a robust document storage solution.

Prerequisites

Google Cloud project with Firestore enabled.
Micronaut CLI or a Micronaut project setup.
Google Cloud SDK and credentials for Firestore access.
Java 21 and Maven/Gradle for dependency management.

Getting Started with Firestore in Micronaut (Java 21)

Micronaut is a modern, lightweight framework optimized for building microservices and serverless applications with fast startup time and low memory usage—ideal for cloud-native deployments.

Step 1: Bootstrap the Project

Head over to the Micronaut Launch site or use the Micronaut CLI to generate your project:

mn create-app \
  --build=gradle_kotlin \
  --jdk=21 \
  --lang=java \
  --test=junit \
  --features=micronaut-aot,graalvm,management,gcp-logging \
  san.jaisy.firestore

Let’s break down the features we’ve included:

micronaut-aot: Enables ahead-of-time (AOT) compilation for faster startup and smaller footprint—great for serverless.
graalvm: Adds support for native image generation with GraalVM.
management: Provides production-ready features such as health checks and metrics.
gcp-logging: Integrates with Google Cloud Logging for easy observability in GCP environments.

Congratulations! You’ve just generated a project that’s cloud-native, AI-friendly, and 100% cooler than other framwork.

Now let’s put that shiny new app to work and get Firestore talking to it—like two old friends reconnecting over JSON.

Step 2: Client libraries

Set up Application Default Credentials (ADC) in your local environment:

gcloud init

If you're using a local shell, then create local authentication credentials for your user account:

gcloud auth application-default login

NOTE: You don't need to do this if you're using Cloud Shell.

Step 3: Exploring the build.gradle.kts File
Once you've generated your Micronaut project, the next stop is your build.gradle.kts file. Here's what it should look like by default:

plugins {
    id("io.micronaut.application") version "4.5.3"
    id("com.gradleup.shadow") version "8.3.6"
    id("io.micronaut.aot") version "4.5.3"
}
version = "0.1"
group = "san.jaisy"
repositories {
    mavenCentral()
}
dependencies {
    annotationProcessor("io.micronaut:micronaut-http-validation")
    annotationProcessor("io.micronaut.serde:micronaut-serde-processor")
    implementation("io.micronaut:micronaut-management")
    implementation("io.micronaut.gcp:micronaut-gcp-logging")
    implementation("io.micronaut.serde:micronaut-serde-jackson")
    compileOnly("io.micronaut:micronaut-http-client")
    runtimeOnly("ch.qos.logback:logback-classic")
    testImplementation("io.micronaut:micronaut-http-client")
}
application {
    mainClass = "san.jaisy.Application"
}
java {
    sourceCompatibility = JavaVersion.toVersion("21")
    targetCompatibility = JavaVersion.toVersion("21")
}
graalvmNative.toolchainDetection = false
micronaut {
    runtime("netty")
    testRuntime("junit5")
    processing {
        incremental(true)
        annotations("san.jaisy.*")
    }
    aot {
        // Please review carefully the optimizations enabled below
        // Check https://micronaut-projects.github.io/micronaut-aot/latest/guide/ for more details
        optimizeServiceLoading = false
        convertYamlToJava = false
        precomputeOperations = true
        cacheEnvironment = true
        optimizeClassLoading = true
        deduceEnvironment = true
        optimizeNetty = true
        replaceLogbackXml = true
    }
}
tasks.named<io.micronaut.gradle.docker.NativeImageDockerfile>("dockerfileNative") {
    jdkVersion = "21"
}

Step 4: Wait a Minute… Where’s Firestore?
If you’ve been following along, you might have noticed that while we've set up a solid foundation, we haven’t actually added Firestore yet. 😅

Let’s fix that.

implementation("com.google.cloud:google-cloud-firestore:3.31.6")

🎉 And just like that, your app is Firestore-ready... or is it?
Well, not quite. While the library is in place, we still need to configure the Firestore client, authenticate with GCP, and write some actual code to make it do something meaningful.

Step 5: Coding time 👨‍💻👩‍💻 👨‍💻👩‍💻 🔥🔥 🎉🎉

📡 Controller: Exposing the Feedback API

@Controller("v1/firestore")
@ExecuteOn(TaskExecutors.BLOCKING)
public class FirestoreController {
    private final IFirestoreService firestoreService;

    public OutlookController(IFirestoreService firestoreService) {
        this.firestoreService = firestoreService;
    }

    @Post("/feedback")
    public HttpResponse<?> feedback(@Valid @Body UserFeedbackRequest request) {
        var result = firestoreService.create(request,httpRequest);
        return result.match(success -> HttpResponse.ok(result.value), () -> HttpResponse.serverError());
    }
}

📝 This controller exposes a POST /v1/firestore/feedback endpoint to accept user feedback.

🧾 DTO: Validating Feedback Requests

@Serdeable
public record UserFeedbackRequest(@NotNull String requestId,
                                  @NotNull String itemId,
                                  @Size(min = 10)  String feedback,
                                  FeedbackType feedbackType) {
}

🎯 This record handles incoming feedback. We apply validation annotations (@NotNull, @Size) so invalid data is caught before hitting the database.

🏭 Factory: Configuring Firestore Client

@Factory
public class FirestoreFactory {
    @Singleton
    public Firestore firestore(GcpConfig gcpConfig) throws IOException {
        return FirestoreOptions.getDefaultInstance().toBuilder()
                .setProjectId(gcpConfig.project())
                .setCredentials(GoogleCredentials.getApplicationDefault())
                .build()
                .getService();
    }
}

🔧 This factory sets up a singleton Firestore client using the FirestoreOptions builder.

🧩 Interface: Contract for the Firestore Service

public sealed interface IFirestoreService permits FirestoreService {
    Result<Response<UserFeedbackRequest>> create(UserFeedbackRequest userFeedbackRequest, HttpRequest<?> httpRequest);
}

💾 Service: Writing Data to Firestore

@Singleton
public record FirestoreService(Firestore firestore) implements IFirestoreService {
    private static final Logger LOG = Logger.getLogger(FirestoreService.class.getName());
    @Override
    public Result<Response<UserFeedbackRequest>> create(UserFeedbackRequest request) {
        // Store all feedback in the same top-level collection
        DocumentReference docRef = firestore.collection("firestore").document("feedback");

        Map<String, Object> data = new HashMap<>();
        data.put("RequestId", requestId);
        data.put("ItemId", request.itemId());
        data.put("Comments", request.feedback());
        data.put("CreatedDate", Instant.now().toString());
        data.put("Type", request.feedbackType().name);

        try {
            var result = docRef.set(data);
            var writtenResponse = result.get();
            LOG.info("Write result updated time : " + writtenResponse.getUpdateTime());
        } catch (InterruptedException | ExecutionException e) {
            LOG.severe(e.getMessage());
            return Result.of(new Exception(e));
        }
        return Result.of(new Response<>(request, MetaResponse.Of(httpRequest)));
    }
}

🧠 This is where the real magic happens. We take the incoming request, transform it into a Firestore document, and save it under the "firestore/feedback" path. Logging ensures we know when the document was successfully written.

💡 Pro tip: You can dynamically generate document IDs with .document() or let Firestore auto-generate them using .add().

🎭
At this point, Firestore and Micronaut are basically best friends—trading JSON over a coffee and laughing at how easy it was to build this.
If bugs show up now, they’re probably just jealous they didn’t get invited to the architecture meeting.

✅ Conclusion: Build Smart, Build Serverless
Firestore proves to be an excellent choice when building scalable, event-driven, and AI-powered microservices in a serverless environment. With its seamless integration with Micronaut, automatic scaling, and native support for real-time data and AI tooling, you can focus on delivering business value instead of wrestling with infrastructure.

So the next time someone asks, “SQL or NoSQL?” — you can confidently say:

“It depends... but if you're building serverless and smart, Firestore’s got your back.” 🚀👨‍💻👩‍💻✨

Data Oriented vs Object Oriented Programming in Java

anand jaisy — Sun, 01 Jun 2025 08:20:09 +0000

Oops

Object-Oriented Programming (OOP) promotes modeling complex entities and processes through objects that encapsulate both state and behavior. It emphasizes principles like encapsulation—where an object's behavior controls access to its internal state—and polymorphism, which allows different types of entities to be handled through a shared interface or common set of operations. The specific ways these principles are implemented can differ across object-oriented languages.

Although some developers are quick to proclaim that object-oriented programming is a failed approach, the reality is more nuanced. Like any tool, OOP excels in certain contexts and falls short in others. Poorly applied OOP can lead to frustrating and overly complex designs, and many have encountered exaggerated or misguided implementations of its principles. However, by understanding where OOP shines and where it doesn't, we can make informed decisions—leveraging it when it adds value and opting for alternative approaches when it doesn't.

Modeling a Factory Method Using Switch Expressions, Interfaces, and Classes with oops

we'll explore a simple and effective way to implement the Factory Method design pattern in Java using language features such as switch expressions, interfaces, and class-based polymorphism.

We’ll start by defining an enum to represent different types of email events:

public enum EmailType {
    VERIFICATION,
    PASSWORD_RECOVERY,
    TENANT_WELCOME
}

public interface IEmailEventService {
    void send(String messageBrokerQueue);
}

Next, we define a common interface that all email event services will implement. This allows us to encapsulate behavior behind a unified contract—an essential aspect of object-oriented polymorphism:

public class EmailEventService implements IEmailEventService{

    @Override
    public void send(String messageBrokerQueue) {

    }
}

public class PasswordRecoveryEventService implements IEmailEventService{

    @Override
    public void send(String messageBrokerQueue) {

    }
}

public class TenantMessagingService implements IEmailEventService{

    @Override
    public void send(String messageBrokerQueue) {

    }
}

Lets build a factory method that uses a switch expression on the EmailType enum to dynamically instantiate the appropriate service class.

By combining encapsulation, polymorphism, we can build clean and maintainable code that adheres to solid design principles.

public class EmailEventFactory {
    private final IEmailEventService verifyEmailEventService;
    private final IEmailEventService passwordRecoveryEmailEventService;
    private final IEmailEventService tenantWelcomeEmailEventService;

    public EmailEventFactory() {
        this.verifyEmailEventService = new EmailEventService();
        this.passwordRecoveryEmailEventService = new PasswordRecoveryEventService();
        this.tenantWelcomeEmailEventService = new TenantMessagingService();
    }
    public void getEmailEventService(EmailType type) {
        switch (type){
            case VERIFICATION: this.verifyEmailEventService.send("verify");
            case PASSWORD_RECOVERY:this.passwordRecoveryEmailEventService.send("passwordRecovery");
            case TENANT_WELCOME: this.tenantWelcomeEmailEventService.send("tenantWelcome");
                break;
        }
    }
}

At first glance, this implementation appears clean and effective—and in many contexts, it is. However, it comes with some limitations that can lead to runtime issues if not carefully handled.

Potential Issues with This Approach

Lack of Exhaustiveness Checking
If you add a new constant to the EmailType enum, the compiler won’t warn you that your switch expression is missing a corresponding case. This can silently introduce bugs.
Risk of Runtime Exceptions
If an unhandled EmailType is passed to the method, it will simply be ignored, or worse—lead to unexpected behavior. To mitigate this, it's common to add a default case:

switch (type) {
    case VERIFICATION -> verifyEmailEventService.send("verify");
    case PASSWORD_RECOVERY -> passwordRecoveryEmailEventService.send("passwordRecovery");
    case TENANT_WELCOME -> tenantWelcomeEmailEventService.send("tenantWelcome");
    default -> throw new IllegalArgumentException("Unsupported email type: " + type);
}

No Compile-Time Guarantee Even with a default case, the compiler still cannot ensure all enum values are covered. This shifts the responsibility to the developer to handle all possible cases correctly.

Note - While modeling a factory using switch expressions is straightforward and often sufficient for small-scale applications, it has limitations in scalability and safety.

Data-oriented

Records, sealed classes, and pattern matching are complementary features in Java that collectively enhance support for data-oriented programming.

Records provide a concise way to model immutable data structures.
Sealed classes enable precise modeling of constrained hierarchies, allowing developers to define a fixed set of subclasses.
Pattern matching offers a type-safe and expressive mechanism for working with polymorphic data.

Java has introduced pattern matching in progressive stages:

Initially, only type-test patterns were supported in instanceof checks.
Subsequent enhancements extended support to switch statements, enabling more expressive control flow.
Most recently, deconstruction patterns for records were introduced in Java 19, allowing developers to extract and operate on the internal components of records in a streamlined, declarative manner.

These features together promote cleaner, more maintainable code by aligning data representation closely with the logic that operates on it.

Refactoring with a Data-Oriented Approach
Let’s now revisit the factory method from an earlier example and refactor it using data-oriented principles. By leveraging records, sealed interfaces, and switch expressions, we achieve improved readability, stronger compile-time safety, and better separation of concerns.

@Component
public record EmailEventFactory(VerifyEmailEventService verifyEmailEventService,
                                PasswordRecoveryEventService passwordRecoveryEventService,
                                TenantMessagingService tenantMessagingService
                                ) {
    public IEmailEventService getEmailEventService(EmailType type) {
        return switch (type) {
            case VERIFICATION , TENANT_EMAIL_VERIFICATION-> verifyEmailEventService;
            case PASSWORD_RECOVERY -> passwordRecoveryEventService;
            case TENANT_WELCOME -> tenantMessagingService;
        };
    }
}

public sealed interface IEmailEventService permits EmailEventService, PasswordRecoveryEventService, TenantMessagingService, UserMessagingService {
     void send(String messageBrokerQueue);
}

The sealed interface ensures that all possible implementations are known and controlled, enhancing safety and discoverability.

@Service
public record EmailEventService() implements IEmailEventService {
    @Override
    public void send(String messageBrokerQueue) {
     // Do the things   
}

Each service is implemented as a record, aligning with the principles of immutability and clear separation of concerns:

@Service
public record PasswordRecoveryEventService() implements IEmailEventService {
    @Override
    public void send(String messageBrokerQueue) {
            // Do the things 
}

@Service
public record UserMessagingService() implements IEmailEventService {
    @Override
    public void send(String messageBrokerQueue) {
    // Do the things 
}

Benefits of This Refactoring

Compile-time safety: Thanks to sealed interfaces and exhaustive switch expressions.
Immutability: Record types make the data model inherently immutable.
Clean separation of logic: Each service handles a distinct responsibility, adhering to the Single Responsibility Principle.

Conclusion
The integration of records, sealed types, and pattern matching simplifies adherence to data-oriented principles, resulting in code that is more concise, readable, and reliable. While treating data as data may feel unfamiliar within Java’s object-oriented foundation, these modern features offer powerful tools that are well worth incorporating into our development practices.

Angular 19 and Spring authorization server as a single application

anand jaisy — Mon, 31 Mar 2025 22:38:25 +0000

Welcome, fellow developers! 🚀 If you're looking to integrate Spring Boot with Spring Security and set up an OAuth2 Authorization Server, you're in the right place. In this guide, we'll walk through the process step by step, ensuring a smooth and secure implementation.

Step 1: Setting Up the Spring Boot Project

First, let’s create a new Spring Boot project with the necessary dependencies. Head over to Spring Initializr and generate a project with:

Spring Web (for REST APIs)

plugins {
  java
  id("org.springframework.boot") version "3.4.4"
  id("io.spring.dependency-management") version "1.1.7"
}

group = "spring.angular"
version = "0.0.1-SNAPSHOT"

java {
  toolchain {
    languageVersion = JavaLanguageVersion.of(21)
  }
}

repositories {
  mavenCentral()
}

dependencies {
  implementation("org.springframework.boot:spring-boot-starter-web")
  testImplementation("org.springframework.boot:spring-boot-starter-test")
  testRuntimeOnly("org.junit.platform:junit-platform-launcher")
}

tasks.withType<Test> {
  useJUnitPlatform()
}

Once generated, open the project in your favorite IDE (IntelliJ, Eclipse, or VS Code) and run the app.

Verifying the Spring Boot Application Startup

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/

 :: Spring Boot ::                (v3.4.4)

2025-03-31T08:37:22.524+11:00  INFO 31772 --- [SpringAngularApp] [           main] s.a.S.SpringAngularAppApplication        : No active profile set, falling back to 1 default profile: "default"
2025-03-31T08:37:22.878+11:00  INFO 31772 --- [SpringAngularApp] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 8080 (http)
2025-03-31T08:37:23.054+11:00  INFO 31772 --- [SpringAngularApp] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port 8080 (http) with context path '/'

As from the logs we can see that our app is running on port 8080. Navigate to the browser and hit enter on the url http://localhost:8080/ we should the screen something like below, which mean our spring boot application is running fine. If everything is configured correctly, you should see a landing page as below

Its time to add Angular app

Install the Angular CLI

npm install -g @angular/cli

Create a workspace and initial application

ng new ui

We can select select any choice, however we will stick to SCSS.

We don't want SSR, our choice will be N

The angular CLI will install few dependecies

Onces the dependecies are install, we can see the below project structure

cd new ui

Run the application

ng serve --open

Enter the URL http://localhost:4200/ in the browser and we will the angular app is running

Development Workflow

During development, it's perfectly fine (and often preferable) to run Angular and Spring Boot as separate applications:

Angular CLI: Serves the frontend on http://localhost:4200 with hot-reload for fast development.

Spring Boot: Runs the backend API on http://localhost:8080.

This separation allows for:
✔ Faster frontend iterations (thanks to Angular's live reload)
✔ Independent debugging of backend APIs
✔ Mock API responses during early development

The Production Challenge

Configuring Angular to Deploy as Spring Boot Static Content for production

Understanding the Setup

By default, Angular builds to /dist/ui, but we need it to output directly to Spring Boot's static resources folder where it can be automatically served. Here's how to make this work seamlessly:

Step 1: Modify Angular's Output Path

"architect": {
  "build": {
    "builder": "@angular-devkit/build-angular:application",
    "options": {
      "outputPath": "dist/ui",
    },
}
}

Lets change the "outputPath": "dist/ui" to the spring boot resource directory

"architect": {
  "build": {
    "builder": "@angular-devkit/build-angular:application",
    "options": {
      "outputPath": "../src/main/resources/static",  // Changed from "dist/ui"
      "index": "src/index.html",
      // ... rest of your config
    }
  }
}

"outputPath": "../src/main/resources/static"

Since now the outputPath is pointing to the spring boot resources, we can run angular CLI command to build the files, we must point to the root dictory of the angular app in our case ui

Step 2: Build and Verify

ng build --configuration production

We will see the below logs

❯ ng build --configuration production
Initial chunk files   | Names         |  Raw size | Estimated transfer size
main-3BERZHFR.js      | main          | 208.01 kB |                56.74 kB
polyfills-FFHMD2TL.js | polyfills     |  34.52 kB |                11.28 kB
styles-5INURTSO.css   | styles        |   0 bytes |                 0 bytes

                      | Initial total | 242.53 kB |                68.02 kB

Application bundle generation complete. [2.279 seconds]

Output location: /Users/san/project/Sample/AngularTest/src/main/resources/static

Notice the output location here Output location: /Users/san/project/Sample/AngularTest/src/main/resources/static. The files are been output the the spring boot resources directory.

Run the spring boot app, and head over to the browser http://localhost:8080 we will see there is no angular app.

If you have looked closely to the resources >> static directory, there is browser directory is created by angular build command, and if we look into that directory we can see the index.html and .js file. For angular to work that needs to be on outside of the browser directory, because spring doesn't know anything about browser directory.

Solution 1

We can move those files outside of the browser as below

Now, if we run our spring boot app, and navigate to http://localhost:8080 we will see angular application

Well this works right, hmmmm not that effective

The problem with this solution is that we need to manually move the files, lets see how we can fix this.

Better Solution

            "outputPath": {
              "base": "../src/main/resources/static",
              "browser": ""
            },
            "deleteOutputPath": false

Include browser ="" to generate file inside the static directory and don't delete other files by including "deleteOutputPath": false,. Now if we run the command ng build --configuration production we can see all the files are generated within static

Add a new component

ng g c Home // This will generate new Home Component

Include this component in the router section

import { Routes } from '@angular/router';
import {HomeComponent} from './home/home.component';

export const routes: Routes = [{ path: 'home', component: HomeComponent },];

For local development we can reply on ng server. The routing will work on http://localhost:4200/home

For spring boot to include the router we need to build again

ng build --configuration production

If we navigate to http://localhost:8080/home we will face an issue as below

To fix this we have to do configuration for WebMvcConfigurer

@Configuration
public class WebConfig implements WebMvcConfigurer {
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/**")
                .addResourceLocations("classpath:/static/")
                .resourceChain(true)
                .addResolver(new PathResourceResolver() {
                    @Override
                    protected Resource getResource(String resourcePath, Resource location) throws IOException {
                        Resource requestedResource = location.createRelative(resourcePath);
                        return requestedResource.exists() && requestedResource.isReadable()
                                ? requestedResource
                                : new ClassPathResource("/static/index.html");
                    }
                });
    }
}

Development vs Production Workflow

Now if we run the spring boot app and navigate to http://localhost:8080/home we will see our home component.

For development, configure Angular's proxy to avoid CORS issues:

// src/proxy.conf.json
{
  "/api": {
    "target": "http://localhost:8080",
    "secure": false
  }
}

Spring authorization server

Update the dependency to include spring authorization server

dependencies {
    implementation("org.springframework.boot:spring-boot-starter-oauth2-authorization-server")
    implementation("org.springframework.boot:spring-boot-starter-validation")
    implementation("org.springframework.boot:spring-boot-starter-webflux")
    developmentOnly("org.springframework.boot:spring-boot-devtools")
    testImplementation("org.springframework.boot:spring-boot-starter-test")
    testImplementation("io.projectreactor:reactor-test")
    testRuntimeOnly("org.junit.platform:junit-platform-launcher")
}

Now if we try to access http://localhost:8080/ the basic login page of spring security displayed.

We need to configure the basic setup for spring authorization server

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
            throws Exception {
        OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
                OAuth2AuthorizationServerConfigurer.authorizationServer();

        http
                .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
                .with(authorizationServerConfigurer, (authorizationServer) ->
                        authorizationServer
                                .oidc(Customizer.withDefaults())    // Enable OpenID Connect 1.0
                )
                .authorizeHttpRequests((authorize) ->
                        authorize
                                .anyRequest().authenticated()
                )
                // Redirect to the login page when not authenticated from the
                // authorization endpoint
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        )
                );

        return http.build();
    }

    @Bean
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
            throws Exception {
        http
                .authorizeHttpRequests((authorize) -> authorize
                        .anyRequest().authenticated()
                )
                // Form login handles the redirect to the login page from the
                // authorization server filter chain
                .formLogin(Customizer.withDefaults());

        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails userDetails = User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(userDetails);
    }

    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("oidc-client")
                .clientSecret("{noop}secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .redirectUri("http://127.0.0.1:8080/login/oauth2/code/oidc-client")
                .postLogoutRedirectUri("http://127.0.0.1:8080/")
                .scope(OidcScopes.OPENID)
                .scope(OidcScopes.PROFILE)
                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                .build();

        return new InMemoryRegisteredClientRepository(oidcClient);
    }

    @Bean
    public JWKSource<SecurityContext> jwkSource() {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        RSAKey rsaKey = new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return new ImmutableJWKSet<>(jwkSet);
    }

    private static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        }
        catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }

    @Bean
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
    }

    @Bean
    public AuthorizationServerSettings authorizationServerSettings() {
        return AuthorizationServerSettings.builder().build();
    }

}

Since the basic setup is using in-memory user. So using with those credential if we use login the angular app works.

Conclusion

The Best of Both Worlds
By configuring Angular to build directly into Spring Boot's static resources folder, we've created a powerful full-stack solution that:

✔ Simplifies Deployment - A single Spring Boot JAR contains both frontend and backend
✔ Improves Performance - Static assets are served efficiently by the embedded Tomcat server
✔ Maintains Flexibility - Keep separate dev servers during development while unifying for production

Tailwind v4 + Java Template Engine and spring boot

anand jaisy — Thu, 20 Mar 2025 09:21:17 +0000

As a Spring Boot developer, you’ve likely faced the challenge of adding sleek, modern styling to your web application. Enter Tailwind CSS—a utility-first CSS framework that has taken the development world by storm. Known for its flexibility and efficiency, Tailwind CSS allows you to build custom designs directly in your markup, without ever leaving your HTML. But how do you seamlessly integrate Tailwind CSS into your Spring Boot project while keeping your production build lean and optimized? In this article, we’ll walk you through the steps to set up Tailwind CSS in your Spring Boot application, ensuring that only the styles you actually use make it into your final build. Let’s dive in!

Getting Started & Prerequisites

You will need to have Node and NPM installed. To verify that they are installed you can run the following commands.

node -v # v20.2.0
npm -v # 9.8.1

Setting Up a Spring Boot Project with Tailwind CSS

Create a new Spring Boot project using the Spring Initializr. We'll choose the following options:

Project: Gradle Project
Language: Java
Spring Boot: Latest version
Dependencies: Web, Java Template Engine, and Spring Boot DevTools

Once we have our project set up, we'll need to create a new folder called node in the src/main directory. This is where we'll be doing our Tailwind CSS setup and development.

Inside the node folder, we'll need to initialize a new npm project by running the following command in the terminal:

npm init

package.json file should get created as below

{
  "name": "node",
  "version": "1.0.0",
  "description": "Spring Authorization server UI ",
  "main": "index.js",
  "scripts": {},
  "author": "SanJaisy",
  "license": "ISC",
}

Installing and Configuring Tailwind CSS CLI in a Node Project

To begin, we need to install the Tailwind CSS CLI in the node directory. Run the following command:

npm install tailwindcss @tailwindcss/cli

The dependencies should get updated as below

  "dependencies": {
    "@tailwindcss/cli": "^4.0.7",
    "tailwindcss": "^4.0.7"
  }

Configuring the Build Script

Once the dependencies are installed, add the following scripts to package.json to generate a minified CSS file from all the JTE templates:

{
  "name": "node",
  "version": "1.0.0",
  "description": "Spring Authorization server UI ",
  "main": "index.js",
  "scripts": {
    "build": "npx @tailwindcss/cli -i ./style.css -o ../resources/static/main.css --minify",
    "watch": "npx @tailwindcss/cli --watch -i ./style.css -o ../resources/static/main.css --minify"
  },
  "author": "SanJaisy",
  "license": "ISC",
  "dependencies": {
    "@tailwindcss/cli": "^4.0.14",
    "tailwindcss": "^4.0.14"
  }
}

If we now run the npm run build command we can see the main.css file is created with all the JTE css.

With version 4 we don't need tailwind.config file, just we need to make sure we include below in our style files

@import "tailwindcss";
@source "../jte/**";

@source "../jte/**"; this is the directory where all my JTE templates are present.

Make sure to include main.css file in the index.jte

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="./main.css">
</head>
<body class="bg-gray-100">
${content}
</body>
</html>

Spring Authorization server + spring security with custom user details service for flexible data-driven authentication

anand jaisy — Thu, 23 Jan 2025 01:36:11 +0000

Spring Authorization Server

The Spring Authorization Server is a framework designed to implement the OAuth 2.1 and OpenID Connect 1.0 specifications, along with other related standards. Built on Spring Security, it offers a secure, lightweight, and customizable foundation for creating Identity Providers compliant with OpenID Connect 1.0 and OAuth2 Authorization Server solutions.

Feature List

What is Spring Security and how does it work?

short answer
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.

At its heart, Spring Security is essentially a collection of servlet filters designed to enhance your web application with robust authentication and authorization features.

Spring Security also meshes well with frameworks like Spring Web MVC or Spring Boot, supporting standards such as OAuth2 and SAML. It automatically generates login and logout interfaces and safeguards your application from common security vulnerabilities like CSRF.

Well, that's not very helpful, is it?

Let's delve into web security to grasp the essentials of its security workflow.

To become a Spring Security expert, you must first grasp these three core concepts:

Authentication
Authorization
Servlet Filters

Note - Don't bypass this section; it lays the groundwork for all Spring Security functionalities.

Authentication

You need to access your bank account online to check your balance or make a transaction. Typically this is done using UserName and Password

User: "I'm John Doe. My username is: johndoe1985."
Bank's System: "Please verify your identity. What's your password?"
User: "My password is: secureB@nk2023."
Bank's System: "Welcome, John Doe. Here's your account overview."

Authorization

For basic applications, authentication alone might suffice: Once a user logs in, they're granted access to all areas of the application.

However, in most applications, there are permissions or roles in play.

User: "Let me play with that transaction …."
Bank's System: "One second, I need to check your permissions first…..yes Mr. John Doe, you have the right clearance level. Enjoy."
User: "I'll transfer 1M ha ha ha … Kidding kidding"

Servlet Filters

Now, let's explore Servlet Filters. How do they relate to authentication and authorization?

Why use Servlet Filters?
Every Spring web application revolves around a single servlet: the trusty DispatcherServlet. Its primary role is to route incoming HTTP requests (such as those from a browser) to the appropriate @Controller or @RestController for handling.

Here’s the deal: the DispatcherServlet itself doesn’t have any built-in security features, and you probably don’t want to handle raw HTTP Basic Auth headers directly in your @Controllers. Ideally, authentication and authorization should be taken care of before a request even reaches your @Controllers

Fortunately, in the Java web environment, you can achieve this by placing filters before servlets. This means you could consider creating a SecurityFilter and setting it up in your Tomcat (servlet container/application server) to intercept and process every incoming HTTP request before it reaches your servlet.

A SecurityFilter has roughly 4 tasks

First, the filter needs to extract a username/password from the request. It could be via a Basic Auth HTTP Header, or form fields, or a cookie, etc.
Then the filter needs to validate that username/password combination against something, like a database.
The filter needs to check, after successful authentication, that the user is authorized to access the requested URI.
If the request survives all these checks, then the filter can l et the request go through to your DispatcherServlet, i.e. your @Controllers.

FilterChains

In practice, we'd break a single filter down into several, which you would then link together.

Here's how an incoming HTTP request would travel:

First, it passes through a LoginMethodFilter...
Next, it goes through an AuthenticationFilter...
Then, it moves to an AuthorizationFilter...
And finally, it reaches your servlet.

This setup is known as a FilterChain.

By using a filter (or a chain of filters), you can effectively manage all authentication and authorization challenges in your application without altering the core implementation of your @RestControllers or @Controllers.

Spring’s DefaultSecurityFilterChain

Imagine you’ve configured Spring Security properly and started your web application. You’ll notice a log message that looks like this:

2020-02-25 10:24:27.875  INFO 11116 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@46320c9a, org.springframework.security.web.context.SecurityContextPersistenceFilter@4d98e41b, org.springframework.security.web.header.HeaderWriterFilter@52bd9a27, org.springframework.security.web.csrf.CsrfFilter@51c65a43, org.springframework.security.web.authentication.logout.LogoutFilter@124d26ba, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@61e86192, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@10980560, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@32256e68, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@52d0f583, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5696c927, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5f025000, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5e7abaf7, org.springframework.security.web.session.SessionManagementFilter@681c0ae6, org.springframework.security.web.access.ExceptionTranslationFilter@15639d09, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4f7be6c8]|

Expanding that single line reveals that Spring Security doesn’t just add one filter—it sets up an entire filter chain with 15 (!) different filters.

When an HTTP request arrives, it passes through each of these 15 filters in sequence before finally reaching your @RestControllers. The order of these filters is crucial, as the request is processed from the top of the chain to the bottom.

Analyzing Spring’s FilterChain

Diving into the details of every filter in the chain would take us too far, but here are explanations for a few key filters. For a deeper understanding of the others, you can explore Spring Security’s source code.

BasicAuthenticationFilter: Tries to find a Basic Auth HTTP Header on the request and if found, tries to authenticate the user with the header’s username and password.
UsernamePasswordAuthenticationFilter: Tries to find a username/password request parameter/POST body and if found, tries to authenticate the user with those values.
DefaultLoginPageGeneratingFilter: Generates a login page for you, if you don’t explicitly disable that feature. THIS filter is why you get a default login page when enabling Spring Security.
DefaultLogoutPageGeneratingFilter: Generates a logout page for you, if you don’t explicitly disable that feature.
FilterSecurityInterceptor: Does your authorization.

Joke

Question - Why did the HTTP request break up with the Spring Security filter?
Answer - Because every time it tried to get closer, the filter said, "Hold on! Let me check you out first!" 😄

Yeah break ........ Whoa, hold up... that was way too much security talk for one go!

Setup Spring Authorization server

The easiest way to begin using Spring Authorization Server is by creating a Spring Boot-based application. You can use start.spring.io to generate a basic project.

The only dependency required is implementation("org.springframework.boot:spring-boot-starter-oauth2-authorization-server")

We will add two more to do more action

dependencies {
    implementation("org.springframework.boot:spring-boot-starter-oauth2-authorization-server")
    implementation("org.springframework.boot:spring-boot-starter-webflux")
    implementation("org.springframework.boot:spring-boot-starter-validation")
}

How to configure Spring Security

With the latest Spring Security and/or Spring Boot versions, the way to configure Spring Security is by having a class that: Is annotated with @EnableWebSecurity.

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    private static final String[] ALLOW_LIST = {"/oauth2/token", "/userinfo"};
    //This is primarily configured to handle OAuth2 and OpenID Connect specific endpoints. It sets up the security for the authorization server, handling token endpoints, client authentication, etc.
    @Bean (1)
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer.authorizationServer();
        http
                .cors(Customizer.withDefaults())
                .authorizeHttpRequests(authz -> authz
                        .requestMatchers(ALLOW_LIST).permitAll()
                        .requestMatchers("/**", "/oauth2/jwks/").hasAuthority("SCOPE_keys.write")
                        .anyRequest()
                        .authenticated())
                .securityMatchers(matchers ->
                        matchers.requestMatchers(antMatcher("/oauth2/**"), authorizationServerConfigurer.getEndpointsMatcher()))
                .with(authorizationServerConfigurer, (authorizationServer) ->
                        authorizationServer
                        .oidc(Customizer.withDefaults()))    // Enable OpenID Connect 1.0

                // Redirect to the login page when not authenticated from the
                // authorization endpoint
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        ))
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()));
        return http.build();
    }

    // This configuration is set up for general application security, handling standard web security features like form login for paths not specifically managed by the OAuth2 configuration.
    @Bean (2)
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
            throws Exception {
        http
                .authorizeHttpRequests((authorize) -> authorize
                        .requestMatchers("/login", "/error", "/main.css")
                        .permitAll()
                        .anyRequest()
                        .authenticated()
                )
                // Form login handles the redirect to the login page from the
                // authorization server filter chain
                .formLogin((login) -> login.loginPage("/login"));

        return http.build();
    }

    @Bean (3)
    public JWKSource<SecurityContext> jwkSource() {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        RSAKey rsaKey = new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return new ImmutableJWKSet<>(jwkSet);
    }

    private static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }


    @Bean (4)
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
    }

    @Bean (5)
    public AuthorizationServerSettings authorizationServerSettings() {
        return AuthorizationServerSettings
                .builder()
                .build();
    }

}

(1) : A Spring Security filter chain for the Protocol Endpoints.
(2) : A Spring Security filter chain for authentication.
(3) : An instance of com.nimbusds.jose.jwk.source.JWKSource for signing access tokens.
(4) : An instance of JwtDecoder for decoding signed access tokens.
(5) : An instance of AuthorizationServerSettings to configure Spring Authorization Server.

Lets configure CORS to allow certain URLs to our application

@Configuration
public class CorsConfig {

    @Bean
    public UrlBasedCorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOrigin("http://localhost:3000/"); // Change to specific domains in production
        configuration.addAllowedMethod("*");
        configuration.addAllowedHeader("*");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

CorsConfiguration
This class is used to define the CORS rules. In this case:

addAllowedOrigin("http://localhost:3000/"): Allows requests from http://localhost:3000. This is useful for local development when your frontend is running on a different port. In production, replace this with your actual domains.
addAllowedMethod("*"): Allows all HTTP methods (e.g., GET, POST, PUT, DELETE, etc.).
addAllowedHeader("*"): Allows all HTTP headers in requests.

UrlBasedCorsConfigurationSource

A class that maps URL patterns (like /**) to specific CORS configurations.
registerCorsConfiguration("/", configuration): Applies the defined CORS rules (configuration) to all endpoints (/) in the application.

Wow, that’s a lot of configuration! But that’s the magic of the Spring Framework—it handles all the heavy lifting behind the scenes.

It is time to configure the Clients

@Configuration
public class Clients {
    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("stomble")
                .clientAuthenticationMethod(ClientAuthenticationMethod.NONE)
                .authorizationGrantTypes(types -> {
                    types.add(AuthorizationGrantType.AUTHORIZATION_CODE);
                    types.add(AuthorizationGrantType.REFRESH_TOKEN);
                })
                .redirectUris(redirectUri -> {
                    redirectUri.add("http://localhost:3000");
                    redirectUri.add("https://oauth.pstmn.io/v1/callback");
                    redirectUri.add("http://localhost:3000/signin-callback");
                })
                .postLogoutRedirectUri("http://localhost:3000")
                .scopes(score -> {
                    score.add(OidcScopes.OPENID);
                    score.add(OidcScopes.PROFILE);
                    score.add(OidcScopes.EMAIL);
                })
                .clientSettings(ClientSettings.builder()
                        .requireAuthorizationConsent(false)
                        .requireProofKey(true)
                        .build())
                .build();
        return new InMemoryRegisteredClientRepository(oidcClient);
    }
}

Few things we have done above

clientId: A unique Identifier to allow access
clientAuthenticationMethod : Defining Authentication method
redirectUris Allowing only the defined URLs
authorizationGrantTypes authorization_code

UserDetailsService

UserDetailsService is used by DaoAuthenticationProvider for retrieving a username, a password, and other attributes for authenticating with a username and password. Spring Security provides in-memory, JDBC, and caching implementations of UserDetailsService.

You can define custom authentication by exposing a custom UserDetailsService as a bean.

InMemoryUserDetailsManager

@Configuration
public class UserConfig {

    @Bean
    public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
        UserDetails userDetailFirst = User.builder()
                .username("user1")
                .password(passwordEncoder.encode("password"))
                .roles("USER")
                .build();
        UserDetails userDetailSecond = User.builder()
                .username("user2")
                .password(passwordEncoder.encode("password"))
                .roles("USER")
                .build();
        return new InMemoryUserDetailsManager(List.of(userDetailFirst, userDetailSecond));
    }
}

@Bean
public PasswordEncoder passwordEncoder() {
   return new BCryptPasswordEncoder();
}

Once we launch the application, our OIDC and OAuth2 setup with Spring Authorization Server should function correctly. However, you'll notice we've employed InMemoryUserDetailsManager, which is fine for demos or prototyping. But for a production environment, it's not advisable because all data vanishes upon application restart.

JdbcUserDetailsManager in Spring Security

JdbcUserDetailsManager is a feature within Spring Security that uses JDBC to handle user credentials and roles by connecting to a relational database. It's ideal when your application can work with the standard schema for user tables that Spring Security expects.

The schema that is available from Spring security org/springframework/security/core/userdetails/jdbc/users.ddl

-- Create users and authorities tables for JdbcUserDetailsManager
CREATE TABLE users (
    username VARCHAR(50) NOT NULL PRIMARY KEY,
    password VARCHAR(500) NOT NULL,
    enabled BOOLEAN NOT NULL
);

CREATE TABLE authorities (
    username VARCHAR(50) NOT NULL,
    authority VARCHAR(50) NOT NULL,
    CONSTRAINT fk_authorities_users FOREIGN KEY (username) REFERENCES users (username)
);

CREATE UNIQUE INDEX ix_auth_username ON authorities (username, authority);

The sole adjustment needed to transition from InMemoryUserDetailsManager to JdbcUserDetailsManager

    @Bean
    public UserDetailsService userDetailsService(DataSource dataSource) {
        return new JdbcUserDetailsManager(dataSource);
    }

This configuration is effective for applications that stick to Spring Security's standard table schema. But, if you need to customize (like using an email for login instead of a username), implementing a custom UserDetailsService offers the necessary adaptability.

Custom UserDetailsService with a Customer Entity

Lets add custom CustomUserDetailsService to the provider. In the AuthenticationProvider set the custom service using setUserDetailsService

@Configuration
public class UserConfig {
    private final CustomUserDetailsService userDetailsService;

    public UserConfig(CustomUserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }


    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

Custom service

@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
    private final IUserRepository userRepository;

    public UserDetailsService(IUserRepository userRepository) {
        this.userRepository = userRepository;
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        var user = this.userRepository.findByUsername(username);
        if (user.isEmpty())
            throw new UsernameNotFoundException("User not found");
        return user.get();
    }
}

Repository

@Repository
public interface IUserRepository extends CrudRepository<UserProfile, UUID> {
    Optional<UserProfile> findByUsername(String username);
}

Entity

@Entity
@Table(name = "userprofile")
public class UserProfile extends AuditTrail implements UserDetails, CredentialsContainer {
    private String firstName;
    private String lastName;
    private String username;
    private String email;
    private String password;

    @OneToMany(mappedBy = "userProfile", fetch = FetchType.LAZY, cascade = CascadeType.ALL, orphanRemoval = true)
    private Collection<UserRole> userRoles;

    @OneToOne
    @JoinColumn(name = "tenant_id")
    private Tenant tenant;


    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        // You can write custom logic here to return roles/permissions
        return null;
    }

    @Override
    public String getPassword() {
        return this.password;
    }

    @Override
    public String getUsername() {
        return getEmail();
    }

    @Override
    public boolean isAccountNonExpired() {
        return UserDetails.super.isAccountNonExpired();
    }

    @Override
    public boolean isAccountNonLocked() {
        return UserDetails.super.isAccountNonLocked();
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return UserDetails.super.isCredentialsNonExpired();
    }

    @Override
    public boolean isEnabled() {
        return UserDetails.super.isEnabled();
    }

    @Override
    public void eraseCredentials() {
        this.password = null;
    }
}

In the security filter we have to tell spring security to use this service

.clientAuthentication(clientAuth -> clientAuth.authenticationProvider(authenticationProvider))

    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer.authorizationServer();
        http
                .cors(Customizer.withDefaults())
                .authorizeHttpRequests(authz -> authz
                        .requestMatchers(ALLOW_LIST).permitAll()
                        .requestMatchers("/**", "/oauth2/jwks/").hasAuthority("SCOPE_keys.write")
                        .anyRequest()
                        .authenticated())
                .securityMatchers(matchers ->
                        matchers.requestMatchers(antMatcher("/oauth2/**"), authorizationServerConfigurer.getEndpointsMatcher()))
                .with(authorizationServerConfigurer, (authorizationServer) ->
                        authorizationServer
                        .oidc(Customizer.withDefaults())
                        .clientAuthentication(clientAuth -> clientAuth.authenticationProvider(authenticationProvider)))    // Enable OpenID Connect 1.0
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        ))
                .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()));
        return http.build();
    }

Conclusion

Here, you have two robust choices for handling authentication:

JdbcUserDetailsManager: A straightforward option if your application aligns with Spring's default schema.
Custom UserDetailsService: Provides the flexibility to manage special fields and roles.

No matter if you choose JdbcUserDetailsManager or decide to implement a custom UserDetailsService, both will equip your application with a scalable, database-supported authentication system.