• Simpler version without KeyCloak and multi-modules is on separate project https://github.com/gtiwari333/spring-boot-blog-app
• Microservice example that uses Spring Cloud features(discovery, gateway, config server etc) is on separate project https://github.com/gtiwari333/spring-boot-microservice-example-java

MicroService:

• Exposing and implementing Open Feign clients
• Spring Cloud Contract (WIP)

Spring MVC:

• Public and internal pages
• MVC with thymeleaf templating
• Live update of thymeleaf templates for local development
• HTML fragments, reusable pagination component using Thymeleaf parameterized fragments
• webjar - bootstrap4 + jquery
• Custom Error page
• Request logger filter
• Swagger API Docs with UI ( http://localhost:8081/swagger-ui.html)
• @RestControllerAdvice, @ControllerAdvice demo
• CRUD UI + File upload/download
• favicon handler

Security:

• Account management with KeyCloak
• Spring Security
• User/User_Authority entity and repository/services
  • login, logout, home pages based on user role
• Domain object Access security check on update/delete using custom PermissionEvaluator
• private pages based on user roles
• public home page -- view all notes by all
• Limit max number of record in a paged request

Persistence/Search:

• Data JPA with User/Authority/Note/ReceivedFile entities, example of EntityGraph
• MySQL or any other SQL db can be configured for prod/docker etc profiles
• (in old code) H2 db for local, Console enabled for local ( http://localhost:8081/h2-console/, db url: jdbc:h2:mem:testdb, username: sa)
• jOOQ integration with code generation based on JPA entity
• Liquibase database migration

Test:

• Unit/integration with JUnit 5, Mockito and Spring Test
• Tests with Spock Framework (Groovy 4, Spock 2)
• e2e with Selenide, fixtures. default data generated using Spring
• Load test with Gatling/Scala
• Architecture tests using ArchUnit
• file upload/download e2e test with Selenide
• TestContainers to perform realistic integration test
• Reset DB and Cache between test
• Assert expected query count during integration test

Misc:

• Code Generation: lombok, mapstruct
• Message Queue using ActiveMQ Artemis
• Approval/flagging api - message based
• Nested comment
• Cache implemented
• Zipkin tracing
• Websocket implemented to show article/comment review status/notifications..

Future: do more stuff

• CQRS with event store/streaming
• Spring Cloud Contract integration (WIP)
• Docker-compose deploy/kubernetes
• Visitors log - IP, browser, etc
• Centralized error reporting
• Geo-Spatial query for visitors
• Grafana Dashboard, @Timed and more ...
• logback LevelChangePropagator integration
• logback error email
• logback rolling policy
• Integrate Markdown editor for writing notes
• rate limit by IP on public API ( article api )
• Fetch user's avatar
• UI improvement
• S3 file upload, test with localstack TestContainers
• nested comment query/performance fix
• Signup UI
• vendor neutral security with OIDC
• JfrUnit ( WIP )

• JDK 17+
• Lombok configured on IDE
  • http://ganeshtiwaridotcomdotnp.blogspot.com/2016/03/configuring-lombok-on-intellij.html
  • For eclipse, download the lombok jar, run it, and point to eclipse installation
• Maven
• Docker
  • Make sure docker is started and running
  • Run $ sudo chmod 666 /var/run/docker.sock if you get error like this "Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (Details: [13] Permission denied)"

It contains following applications:

• main-app
• email-service (optional)
• report-service (optional)
• trend-service (optional)
• content-checker (optional)

Option 1 - run with manually started KeyCloak, ActiveMQ and MySQL servers

• Run mvn clean install at root
• Run docker-compose -f config/docker-compose.yml up at root to start docker containers
• Go to main-app folder and run mvn to start the application

Option 2 - automatically start KeyCloak, ActiveMQ and MySQL using TestContainer while application is starting

• Run mvn clean install at root
• Go to main-app folder and run mvn -Pdev,withTestContainer to start the application

Option 3 - run from IDE

• import into your IDE and compile the full project and run the Application.java on main-app module
• Update run configuration to run maven goal wro4j:run Before Launch. It should be after 'Build'

mvn clean verify

mvn compiler:testCompile resources:testResources surefire:test

mvn compiler:testCompile resources:testResources failsafe:integration-test

Run sonarqube server using docker docker run -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest

Perform scan: mvn sonar:sonar mvn sonar:sonar -Dsonar.login=admin -Dsonar.password=admin

View Reports in SonarQube web ui:

• visit http://localhost:9000
• default login and password are admin, you will be asked to change password after logging in with default username/password
• (optional) change sonarqube admin password without logging in: curl -u admin:admin -X POST "http://localhost:9000/api/users/change_password?login=admin&previousPassword=admin&password=NEW_PASSWORD"
• if you change the password, make sure the update -Dsonar.password=admin when you run sonarqube next time

Owasp dependency check plugin is configured. Run mvn dependency-check:check to run scan and open dependency-check-report.html from target to see the report.

mvn -T 5 clean package

Once the application starts, open http://localhost:8081 on your browser. The default username/passwords are listed on : gt.app.Application.initData, which are:

• system/pass
• user1/pass
• user2/pass

• mvn versions:display-dependency-updates
• mvn versions:display-plugin-updates