pull-vert/demo-kotlin

Kotlin web example app for Spring boot 2.X, Webflux and 2 variations : MongoDB and R2DBC. With HTTP/2, RestDoc, Spring Security with JWT and bean validation for received DTOs. Each branch is a new Step. In progress (but waiting for spring-fu releases) : Kofu functional bean registration.

demo-kotlin

This is an example of a Spring boot reactive (Webflux) app in Kotlin, made at first for a live coding and completed since then with new steps. Every step adds new features.

Master contains the most recent finished feature.

Kotlin with Spring annotations (@Service, @Repository...)

step 1 : project skeleton

Empty files for the demo

step 2 : mongo reactive

MongoDB app is complete (end of live coding) :

• classic Spring annotations (@Service, @Repository...)
• Cow entity (data class entity)
• CowRepository Spring Data Interface
• CowHandler provide Functional functions (= take ServerRequest as parameter and returns Mono)
• ApiRoutes provides all Http REST Endpoints of the App
• DatabaseInitializer initializes the embedded MongoDB with test datas
• CowRepositoryTest provides JUnit tests for CowRepository
• ApiTest uses WebTestClient to call real Http REST API

step 3 : HTTP/2

• Generate a self signed Keystore

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass secret -dname CN=localhost -validity 360 -keysize 2048

• stored it in src/main/resources
• add HTTP/2 and SSL configuration in application.yml
• change ApiTest (InsecureTrustManagerFactory.INSTANCE) to communicate with self signed server keystore
• netty-tcnative-boringssl-static dependency is only required for Java 8, since java 9 ALPN is natively supported
• For production : make a POST and a GET endpoint for let's encrypt HTTP challenge, or use a real well signed Certificate

step 4 : Spring Restdocs

• Modify build.gradle to add asciidoc and Spring Restdocs
• Modify ApiTest to generate doc
• add index.adoc to expose all API documentation

step 5 : Spring security with JWT

• New package demo.kotlin.security
• Security and Roles for endpoints is configured in SecurityConfig class
• New User entity, with UserRepository, UserService and UserHandler
• New AuthenticationHandler for POST /auth
• Followed these tutorials : jwt-on-spring-webflux
• https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#reactive-applications
• https://spring.io/guides/topicals/spring-security-architecture

step 6 : DTOs + bean validation

• now webservice endpoints consume and return DTOs
• mapping between POJOs is made by Extension Functions
• Bean validation with annotations
• Note : all fields for Request DTO must be nullable to prevent Jackson deserialize error if param is null. Bean validation will take care of returning a nice error to API client
• Add constraints documentation in Spring Restdocs based on Bean validation annotations

step 7 : R2DBC + Kotysa

• inspired by : spring with r2dbc
• uses Kotysa SqlClient

Kotlin with Functional bean registration

step 2.1 : functional bean registration

inspired by : kofu-reactive-mongodb-sample

• No more Spring annotations
• Configuration.kt : declare functional bean registration

Java with Spring annotations (@Service, @Repository...)

step 2 in java

Allows to compare Java vs Kotlin code