Spring I/O 2023

Spring I/O 2023 - 18-19 May Juergen Hoeller, Sébastien Deleuze, Alina Yurenko, Josh Long

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://github.com/andifalk/api-security/blob/main/presentations/spring_io_2023/All_your_APIs_are_mine_springio_2023.pdf GitHub Repo: https://github.com/andifalk/api-security With Spring, it is very easy to implement APIs. Making them robust against a variety of attack types is much harder. Developers will learn about several real-world attack scenarios. Live demos will show how these can be mitigated with the help of Spring Security and appropriate design patterns. With the increasing popularity of APIs, attacks on them are also steadily increasing. Often, design flaws such as weak authentication, lack of authorization, or unnecessarily exposing confidential data make it far too easy for attackers to reach their target. In this talk, I will discuss the most prevalent threats to modern APIs and outline recommended strategies for developers to secure their own APIs. In doing so, I will cover the most commonly used standards and architectural styles these days, such as Rest, GraphQL, and gRPC. Using a sample Spring Boot application, I will show practical examples of (in)secure APIs. The talk is aimed at software developers, architects, and security enthusiasts alike. Knowledge of the Java programming language and Spring Boot is helpful.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.slideshare.net/StevePember/anatomy-of-a-spring-boot-app-with-clean-architecture-spring-io-2023 GitHub repo: https://github.com/spember/spring-shoestore In my years of experience, Clean Architecture and its inspirations have been the easiest way to create readable, flexible codebases that can be worked on by large teams. This will be a good introductory talk with example code that attendees can reference at a later date. We as an industry often talk quite a bit about the design of platform: the high-level architectures involving microservices, distributed systems, etc. But what about the internal architecture of a given application? How can one prevent their individual codebases from becoming the muddiest of mud balls? Over the years we have found great success in keeping our codebases coherent and straightforward by following many of the principles of Clean Architecture - which itself can be considered an evolution of “Ports and Adapters”, and “Hexagonal Architecture”. Its main concept is that a given system must be imagined as Layers of ‘circles’ with a Dependency Rule which states that code dependencies many only point inwards; outer layers may call inner layers, but inner layers know nothing of the outer layers. These layers and their relationship rules give clear guidelines on where different code should live. This keeps your core business logic independent of and agnostic to the Details. Which database are we using to store “User” entity records? Which third-party service are we using for Authorization? While important, these Details are not the concern of your core business logic. They can be swapped in and out by implementing an interface; these concerns do not and can not pollute the rest of your core business logic. If followed correctly, the end result is a clearly structured, easily testable application, that is quick to react when external details need to change. In this presentation we will present the general philosophy of Clean Architecture, Hexagonal Architecture, and Ports & Adapters: discussing why these approaches are useful and general guidelines for introducing them to your code. Chiefly, we will show how to implement these patterns within your Spring (Boot) Applications. Through a publicly available reference app, we will demonstrate what these concepts can look like within Spring and walkthrough a handful of scenarios: isolating core business logic, ease of testing, and adding a new feature or two.

Spring I/O 2023 - Barcelona, 18-19 May Of course we all love the Spring ecosystem and its technologies. Of couse it is important to understand your tech stack as a developer. Of course you become a great developer or architect by understanding modern patterns and architectures. But isn’t it a bit boring to just churn out code just for codes sake? In this talk I want to motivate you to leave your comfort zone and to take a step back. This talks aims at motivating you as a developer or an architect to dig deep into the domain of your business and your product. I firmly believe that this will make you a great and especially a more valuable developer. If we understand the business we can make better design choices as developers / architects. We can highlight misalignments in our organization. We will be able to come up with better tests. This talk will not just be limited to the motivating side of this topic. I will also give you tons of hints and tips how you can get started in this journey, who your allies may be and how to tackle this difficult task. This talk will also come with many examples of success and failure from the real world. I guess we will laugh a lot during this session but sometimes we’ll also shake our heads in utter disbelieve in those 50 minutes.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://2023.springio.net/docs/slides/going-native-fast-and-lightweight-spring-boot-applications-with-graalvm-alina-yurenko-springio23.pdf Spring Boot 3.0 has introduced GA of GraalVM Native Image support, previously incubated in the Spring Native project. Now you can easily compile your Spring Boot application ahead of time with GraalVM to produce a native executable that starts fast, needs less memory, and doesn’t require a JVM. In this session we’ll take a look at building native Spring Boot apps from scratch, leveraging latest GraalVM features, and using popular libraries.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/bnasslahsen/o-2023-barcelona GitHub Repo: https://github.com/bnasslahsen/conjur-spring-boot-demos/tree/spring-io-23 Many applications require some sort of secret, such as a database password, a certificate. The growing popularity of Kubernetes and cloud adoption has gotten the attention of attackers and raised the stakes for developers. There are many challenges of secrets management in spring-boot applications. This session will summarise the different available patterns for securing cloud native application secrets. It will demo open-source secrets management solutions like Conjur for securing access, enforcing policy, and authenticating access requests. Now, developers and DevOps engineers search for the capabilities to properly secure secrets in DevOps Pipelines. To do their job, developers need to write applications that require secure access to resources via secrets, and security teams need to mitigate risk. This can lead to contention between developers and security teams. The Talk will cover the following topics: - Increase the awareness of the vulnerabilities and risks. Remove No hard-coded credentials - Simplify secrets management - Introduction to the secret zero problem - Secure all application types, everywhere with JWT and Cert Based Authentication - Strong authentication and authorization - ABAC – apply least privilege - When to use Sidecar and init container patterns to improve applications security in Kubernetes ? - What is the Secretless pattern? - How to get full auditing and control by security team ?

Spring I/O 2023 - Barcelona, 18-19 May After the major baseline upgrade in Spring Framework 6.0, we prepare to embrace upcoming platform innovation in OpenJDK, e.g. Loom (virtual threads) and CRaC (snapshot+restore). This talk provides an up-to-date perspective on the upcoming 6.1 release and alignment with the latest JVM infrastructure.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://github.com/abelsromero/gateway-with-style/raw/main/2023-05-18%20-%20SpringIO%20-%20SCG%20with%20style.pdf GitHub repo: https://github.com/abelsromero/gateway-with-style Spring Cloud Gateway is easy to configure and comes out of the box with plenty of tools. It’s a high-performant proven solution used by many developers and companies in big deployments. Most common scenarios are covered by the provided Filters and Predicates. However, not all cases are covered and there are those pesky corporate integrations… In this session we’ll show practical examples based on real life scenarios of SCG customizations. Including actual code, tips and practices to avoid common pitfalls.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://docs.google.com/presentation/d/171PB-61F_LnPXPeQpQVC11z_KyJ4j9e-knx1mfJeIWE/edit#slide=id.p GitHub Repo: https://github.com/rwinch/spring-enterprise-authorization-server There are commercial OAuth Authorization Server options available, but none of them can be customized to meet your requirements. Settling is not an option. Fortunately, the newly released Spring Authorization Server makes it easy to build a fully customizable OAuth Authorization Server. Building on the time tested foundation of Spring Security, Spring Authorization Server allows you to create your own Authorization Server with the full power of Spring and Spring Security at your fingertips. In this talk you will learn how to create your own Authorization Server using Spring Authorization Server. You will also learn how to customize your authorization server using common extension points while following best practices that ensure your Authorization Server is Enterprise ready.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://raw.githubusercontent.com/tschuehly/rapid-fullstack-demo/master/spring-io-rapid-server-side-fullstack.pdf GitHub repo: https://github.com/tschuehly/rapid-fullstack-demo When thinking about rapid full stack web development, your first thought doesn’t go to Spring but instead you think about full stack JavaScript frameworks like Next.js. With the power of Spring ViewComponent, htmx, and supabase, full stack development with Spring can be as productive as JavaScript. Full stack web development with Spring normally assumes that you are developing a SPA client-side JavaScript application and a Spring Boot based JSON API. This paradigm will presumably shift with the advancements, made by the growing full stack Spring web developer community. This talk will show you how you can rapidly develop full stack web applications with Spring ViewComponents, htmx, and supabase. Whilst not using JavaScript, htmx gives you client-side interactivity with just a few simple HTML attributes. Server-rendered Spring ViewComponents enable you to create type safe templates, reuse them more efficiently and solve structural problems when developing. The supabase-security-spring-boot-starter simplifies the setup of your Spring Security and supercharges your authentication and authorization, while also setting up a hosted Postgres database for you.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://people.apache.org/~markt/presentations/2023-05-18-loom-web-applications.pdf The initial implementation of the Servlet specification used blocking I/O. Over time, and to increase scalability, containers switched to non-blocking I/O internally and later the Servlet specification introduced the asynchronous API with associated access to non-blocking I/O for applications. The latest development that aims to provide further scalability improvements is Project Loom from the OpenJDK project. Loom aims to deliver features that support, amongst other things, easy-to-use, high-throughput, lightweight concurrency. Using Apache Tomcat as a basis, this session will start with a brief review of the history of the key scalability improvements that have taken place over the life of the Servlet specification before going on to examine what Loom has to offer for web applications built on the Servlet specification. The possibilities for Loom will be examined both at the container level and at the application level. This will be supported with data generated by a range of experiments undertaken using Loom and Apache Tomcat. While benchmarks can only ever provide guides to what you might expect for the performance of a real application, this session will provide you with the basis of what you need to determine what Loom might be able to offer for your applications and where to start with your own performance testing so you can quantify those benefits.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.slideshare.net/ilopmar/spring-io-2023-dynamic-openapis-with-spring-cloud-gatewaypdf Imagine this scenario. You follow an OpenAPI-first approach when designing your services. You have a distributed architecture with multiple services and all of them expose a RESTful API and have their OpenAPI Specification. Now you use Spring Cloud Gateway in front of them so you can route the requests to the appropriate service and apply cross-cutting concerns. But, what happens with the OpenAPI of every service? It would be great if you could generate a unique OpenAPI for the whole system in the Gateway. You could also expose and transform only selected endpoints when defining them as public. And what about the routes? You would like to reconfigure them dynamically and on-the-fly in the Gateway when there is a change in a service, right? Stop imagining. In this talk, I will show you how we have done that in our product and how we are leveraging the programmatic Spring Cloud Gateway API to reconfigure the routes on the fly. You will also see it in action during the demo!

Spring I/O 2023 - Barcelona, 18-19 May Panelists: DaShaun Carter / Josh Long / Marit van Dijk / Ronald Dehuysser / Heiko Scherrer / Raquel Pau With millions of developers contributing to open source projects, it has become a powerful force driving innovation and collaboration. This panel will discuss the impact of open source on the software industry and how it is shaping the future of software development. Our panelists, who are experts in the field, will share their insights and perspectives on the advantages and challenges of open source software development. They will also discuss how open source is transforming traditional software development practices and the benefits it offers to both developers and businesses.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/fmbenhassine/whats-new-in-spring-batch-5 Spring Batch 5 is the culmination of two years of work, including dozens of improvements, features, and bug fixes by more than 50 contributors! In this talk, I will share with you the major changes in this new generation of the framework. I will also walk through some ideas and guidelines about how to migrate from a previous version to this major release. If you use Spring Batch or are just curious about what is included in this new release, this talk is definitely for you!

Spring I/O 2023 - Barcelona, 18-19 May Presenters: Melina Schweizer / Kevin Azijn Slides: https://2023.springio.net/docs/slides/aws-lambda-snapstart-dramatically-reduce-cold-starts-for-your-java-functions-springio23.pdf In this session, learn about a recent feature added to AWS Lambda which dramatically increases performance for Spring applications running on this serverless platform. With new innovations, AWS SnapStart makes your Java-based function cold starts up to 10x faster, typically with no changes to your function code. You will learn how to enable and use the feature, as well as some tips and tricks to initialize your Java applications running on AWS Lambda faster.

Spring I/O 2023 - Barcelona, 18-19 May Learn IntelliJ IDEA tips & tricks for debugging your applications. It’s a deep dive! We are going to explore the advanced debugger features and how to use them efficiently. Historically, debuggers are used to help locate and fix bugs. Nowadays, the debugger in IntelliJ IDEA can help you do much more than that. We’ll show how the debugger helps make the development process more productive. We’ll explain how some debugger features like lambdas debugging, smart step into, and async stack traces work and how it is possible only because of the tight integration with other IDE features. You will also learn new ways to use the IntelliJ IDEA debugger in your everyday work. Discover various features for debugging Java applications, including not-so-standard ones, like: -lambda breakpoints -stream chain tracing -dropping the frame -emulated method breakpoint -evaluate and log -non-suspending breakpoints and some others 100% live “coding” session

Spring I/O 2023 - Barcelona, 18-19 May Speakers: Jacek Kaczmarek / Fabio Pezzoni Slides: https://2023.springio.net/docs/slides/building-spring-boot-based-modular-libraries-for-120-teams-our-findings-springio23.pdf Modular libraries developed collaboratively with the Ocado Technology developer community to help build unified, coherent, safe, and scalable microservices are currently used by more than 120 teams and 400 production applications (and growing). As the team who has overall ownership of the libraries we would like to share our experience of building such software, including topics like: -Why they exist and how we avoided building “a framework on top of Spring Boot”, so that developers still feel that they write Spring apps, not “vendor” apps -Design practices like: what makes a good module, how we balance architecture characteristics, how we structure @Conditions etc. -Engineering practices and routines: releasing 200+ times a year, making upgrades to new Spring releases easier for users by taking “small steps” (Renovate automation practice sharing, Full CD etc.) -Community building including how we balance contribution, communication and engagement/user-happiness while retaining ownership by the custodian team -Leveraging platform engineering knowledge and creating an expert network (including appsecs, application & library engineers, cloud teams) -Active lifecycle of modules including data-driven decisions (detailed feature usage metrics), alternative plans of introduction/removal of features,supportive mechanisms (validators, runtime advisories) and good collaborative upgrade guides.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.slideshare.net/saratry/the-aggregate-is-dead-long-live-the-aggregate-springiopdf DDD’s definition of Aggregate may seem somewhat confusing - “An aggregate is a cluster of associated objects that we treat as a unit for the purpose of data changes.” Okay, let’s try to clarify - “You should consider your aggregate as a unit of consistency in your Domain.”. That doesn’t help either. As a matter of fact, while modeling our systems, we tend to group together events related to the same domain concept; we tend to define groups based on the nouns we find inside our events’ name: saying “this is our aggregate!”. According to the aggregate definition, we should instead ignore these nouns, and put together the data that change together. Easier said than done: in the modeling phase it is easy to make mistakes trying to identify the boundaries of our aggregates based on this rule. If we opt for saving the state of our aggregate as a series of events, we are in big trouble - any (serious) refactoring of the aggregate structure becomes close to impossible. The reason for this trouble is that we have to make a decision in the design phase for which we cannot be lenient. We are basically married to this decision forever. Due to the aforementioned reasons (and many others), people struggle with the Aggregate pattern. Some even say it is unnecessary, we are one of those. Let’s see whether we can model our business constraints without aggregates. Could we be more relaxed when consistency is in question? Join us to discover how!

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.slideshare.net/RickOssendrijver1/eps-in-practice-spring-iopdf GitHub repo: https://github.com/rickie/error-prone-demo Are you tired of constantly fixing the same bugs and anti-patterns in your codebase? At Picnic, we’ve found a solution that not only resolves bugs once and for all, but also leads to a more consistent and high-quality codebase. Enter Error Prone: a tool that automates large-scale refactorings in your Java codebase. As a compiler plugin, it is capable of automatically suggesting and applying fixes at scale. For years, Picnic has been using Error Prone to streamline our development process. In this talk, we will provide a comprehensive demonstration of Error Prone’s capabilities, as well as offer practical guidance on how to set it up for your own team. Additionally, we will share our experiences and learnings, including creating and enabling our own set of custom rules. These are now open-sourced in Picnic’s Error Prone Support repository. Come and learn how you can use Error Prone to streamline your development process as well!

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://docs.google.com/presentation/d/1jAotuyPxwn6QRf0jJ3uTUPFUyOD5ToD72tEGnq5aJ3o/edit?usp=sharing See a live attack and defence of typical Kubernetes utilizing cloud architecture. Spring applications are configured and observed like many our customers do. We’ll compromise them and leak data. One speaker attacks, one speaker defends. Let’s see who’ll win this time. As more organizations are moving to the cloud, cloud architectures are getting more sophisticated by having a kind of technology diversity. This includes for example container orchestrators, database services, event meshes, networking components and virtual machines. When it comes to security, observability on this diversity is paramount. The main question here is, do you really perceive when your app landscape is under attack? In this session, you will have the opportunity to see various attack vectors and ways to mitigate and observe them. Many technologies will be used such as Kubernetes, eBPF, Cillium, Falco and much more! Come and watch a live attack on a real-world based cloud architecture and see the attacker scan web applications and start lateral movement with the goal of exfiltrating data. Furthermore, become a part of the blue-team, defending and securing the architecture with modern open source tools.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.ginnieandfifounet.com/jpb/slides/Mastering%20GC_%20tame%20the%20beast%20and%20make%20it%20your%20best%20ally.pdf This talk discuss advantages and limits of each GC (G1, Serial, Parallel, Z & Shenandoah) to choose the one that fits according to the type of applications We discuss in detail how to tune GC depending on the case: Which GC to use for a batch oriented application? How to tune GC to maximise time to process data and optimize resources? Which GC for user request/response applications more latency sensitive? What is the difference between Z and Shenandoah? How to size to take best advantage of them? G1: What are the issues (RememberSet, Humongous, Young gen resize, …)? How to tune it correctly depending on your resources?

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://docs.google.com/presentation/d/1osp1WQilAmnSZtZ_ZSL2rSRLM5BTjKrVH-ge-VcW_Qs/edit#slide=id.g253640fe83_0_202 GitHub repo: https://github.com/jonatan-ivanov/teahouse Imagine that you’re receiving a support ticket that your application is not working. You read the attached stack trace and now it’s time to solve the mystery. What did the user do that led to the throwing of this exception? Is it possible to find all the logs from all the applications that correspond to this user’s business operation? What if the user is complaining that the system is slow? How can you decide which concrete operation is the culprit? Is there any way to visualize the latency? Let’s answer these questions by taking a deep dive into application observability using distributed tracing, metrics, and correlated logs with Spring, VMware Aria Operations for Applications (formerly Tanzu Observability by Wavefront), OpenZipkin, OpenTelemetry, and more!

Spring I/O 2023 - Barcelona, 18-19 May A single request arriving at a service can spawn many requests to downstream services. Securing the service-to-service call chain is a critical but challenging problem. This talk covers the key patterns for securing the service-to-service call chain and the technologies required to implement them. We explore patterns for using API Gateways, Service Mesh, SPIFFE, mTLS, JWT, and OpenID Connect using Spring-based demo apps. By the end of the talk, you’ll be familiar with all the key patterns along with technical and security tradeoffs for each of the patterns, allowing you to choose the patterns that will best fit your specific requirements. We’ll provide a GitHub repo containing implementations of all the patterns discussed in the talk, so you can apply what you learn on your projects.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.slideshare.net/jkuipers/action-jackson-effective-json-processing-in-spring-boot-applications GitLab repo: https://gitlab.trifork.nl/jorisk/action-jackson-demos JSON processing plays an important role in nearly all applications nowadays, and Jackson is the de-facto standard library for that. Most developers are therefore familiar with using it for simple (un)marshalling purposes, but never go beyond the basics. In this session Joris will show how to effectively configure and use Jackson, focusing on Spring Boot applications. Boot provides a lot of support for configuring ObjectMappers, which you can use directly but are also used internally by the framework for e.g. handling HTTP requests/responses or message conversion. Topics will include tuning mappings, using modules, applying views and using alternative parsing options like JSON Pointer and JsonPath, all illustrated through live demos. Don’t miss out on this presentation and become an Action Jackson yourself!

Spring I/O 2023 - Barcelona, 18-19 May Spring Framework 6 and Spring Boot 3 are here, which means new baselines and possibilities. Spring Framework implies a Java 17 and Jakarta EE baseline and offers new support for building GraalVM-native images and a compile-time component model in the new Spring AOT engine. It also features a new observability layer, declarative HTTP and RSocket clients, preliminary Project Loom and CRaC support, ProblemDetail support, and much more. Join Spring Developer Advocate Josh Long, to explore next-gen Spring.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/thomasvitale/developer-experience-with-spring-boot-on-kubernetes GitHub repo: https://github.com/ThomasVitale/developer-experience-java-kubernetes As a developer, working with Kubernetes too often leads to too much cognitive load, inefficient inner development loop, and friction in the path to production. This session is structured as a series of iterations on the developer experience to improve those three aspects and boost productivity. In the cloud-native world, being a developer might be challenging. The number of technologies and patterns to know can be overwhelming. This session presents an approach based on open-source technologies and focuses on improving the inner development loop and continuous delivery on Kubernetes. The end goal is to deliver value continuously, quickly, and reliably. First, I’ll present several techniques for working locally effectively and productively. Should you run Kubernetes in your development environment? I’ll cover a few different options. Using Spring Boot, we’ll build a cloud-native application following the principles of test-driven development. The inner development loop will be enhanced with Cloud Native Buildpacks, Tilt, Knative, and Telepresence. Continuous integration is a crucial practice for continuous delivery. We’ll check in code regularly, triggering an automated process to build, test, and package the application. Do you use pull requests? Relying on ArgoCD and the GitOps principles, I’ll show you how to work with temporary environments created dynamically when a new pull request is opened. Finally, we’ll use Cartographer to glue together all these different tools and design a golden path to production on Kubernetes, providing a clear separation of concerns and letting developers focus on delivering value.

Spring I/O 2023 - Barcelona, 18-19 May Moritz and Sébastien will tell you the story behind the support of compiling Spring Boot application to native executable, how the support evolved from the Spring Native beta announcement to the builtin support provided in Spring Boot 3 GA and how the Spring team grew the collaboration with the GraalVM team to improve the native support for the whole JVM ecosystem. It will also be the opportunity to provide a detailed overview of the brand new native support provided by Spring Boot 3 based on Spring Framework 6 and related portfolio projects like Spring Data or Spring Security : Developer Experience, instant startup time, reduced memory footprint, Ahead Of Time transformations, scope of the compatibility. We will cover all those topics and more!

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://github.com/lspil/spring_io_2023_prez/raw/master/Spring%20Security.pptx GitHub repo: https://github.com/lspil/spring_io_2023_prez If you use Spring in your applications (and especially Spring Boot) you are definitely excited about the new version releases in the fall of 2022. But upgrading your projects will most likely not be smooth. You will need to change more or fewer configurations depending on how your project is designed and how what dependencies it use. In this session we’ll focus on what changes need to be done in configurations related to Spring Security and how this Spring project evolved throughout the past year. Our session will include live coding and you will see the changes applied. This will help you upgrade smoothier your projects and know what to expect.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://wkorando.github.io/presentations/to-java-n-and-beyond/ Java 17 has come and gone, but development on Java continues on! What has changed since Java 11? And what changes are being added in Java 21? Come find out! In this presentation we will look at the key changes that have been added to Java post-8, focusing primarily on Java post-11. The large changes; the Module System and Records, quality of life improvements; var, text blocks, pattern matching, and the many performance and runtime improvements. A lot has changed in the JDK in recent releases, take this opportunity to get caught up!

Spring I/O 2023 - Barcelona, 18-19 May World is full of RESTful services. Many of them are written using hugely popular Spring Web @Controller programming model. Yet a lot of them still run on managed infrastructure. But it is changing and it is finally possible to deploy and run these services without application code changes in a scale to zero fashion using platforms such as AWS Lambda, Azure Functions etc, benefiting also from an attractive “pay as you use” billing model and without having to manage servers or even containers. In this hands on session Oleg will discuss and demonstrate how an existing Spring Web application can be deployed and execute on these serverless platforms.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/ancaghenade/springio-19-05-2023 GitHub repo: https://github.com/tinyg210/shipment-list-demo You run your Spring Boot application on AWS for production. But where do you test it? Probably on AWS as well; however, there are good reasons for reconsidering: development speed and cost. Let’s see how you can do that with the help of LocalStack. Let’s say you run your Spring Boot application on AWS and provision the infrastructure with Terraform, which is almost the default by now. You can switch it to run for development and testing to a local installation in three easy steps: -onfigure your dev environment variables -start LocalStack on Docker -run your IaC (infrastructure as code) configuration files Allow me to elaborate: in this presentation, we leverage one of the core features of the Spring framework that allows us to bind our beans to different profiles and configure our environments. This also gives you the opportunity to test your IaC and make sure it’s consistent across all environments. While production will continue to run on AWS resources, dev will use high-fidelity emulations that run directly on your machine. Our application preserves the behavior we see on AWS. That means faster and cheaper dependencies.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://github.com/shinyay/spring-io-2023-kotlin-for-fun/blob/main/pdf/230519_SpringIO_Kotlin_for_Fun_for_Spring_Fans_PDF.pdf GitHub repo: https://github.com/shinyay/spring-io-2023-kotlin-for-fun It has already been 7 years since the first version of Kotlin was released. When it was first released, I didn’t use Kotlin much because I thought it was only for mobile development, and it wasn’t until about a year later that I realized that Kotlin could also be used for server-side development, which is where I started using it. Now, it’s 2023, and no one thinks Kotlin is only for Android development, right? You still think it is a language for mobile development? I myself have been enjoying the productivity of Kotlin itself since I started using it for server-side development. It is truly the developer experience that a programming language provides. And Kotlin is supported by your favorite Spring, which you have seen on start.spring.io. In this session, I would like to share with you the joy of Spring development with Kotlin.

Spring I/O 2023 - Barcelona, 18-19 May - Slides: https://speakerdeck.com/thomasvitale/multitenant-mystery-only-rockers-in-the-building - GitHub repo: https://github.com/ThomasVitale/spring-boot-multitenancy Multitenancy is one of the pillars of modern SaaS solutions. Cloud native technologies provide scalability, resilience and cost efficiency. But we also need to ensure the proper level of isolation, security and data control among tenants. This talk will show how to do that in Java and Spring. Every bean has a secret. To uncover the truth, we must dive into the mysterious world of multitenancy in Spring Boot. The plot thickens as a precious guitar goes missing from a residential building housing only rockers. But something doesn’t quite add up - why is there a deafening silence? Join us on a thrilling journey as we explore the intricacies of multitenant applications. Together, we’ll embark on a detective mission to uncover what really happened to the stolen guitar. As we investigate, we’ll reveal the secrets of storing data safely and securely, configuring authentication and authorization, and enabling observability - all using Java, Hibernate, Keycloak, and Spring. Put on your detective hat and join us in solving this mystery. We need your expertise to interrogate tenants, analyze facility staff routines, and review surveillance footage. With your help, we will solve the case and bring music back to the building. Get ready to unravel the plot and learn how to implement multitenancy in modern Java applications. Will you join us on this thrilling adventure?

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://2023.springio.net/docs/slides/vector-similarity-search-in-spring-with-redis-stack-springio23.pdf Vector Similarity Search (VSS) search allows developers to retrieve information based on audio, natural language, images, video clips, voice recordings, and many more data types. Searching over unstructured data makes VSS a foundational technology for building advanced similarity search experiences. With advances in AI, data scientists can build models that can transform almost any data “entity” into its vector representation. An entity here could be a transaction, a user profile, an image, a sound, a long piece of text (sentence or paragraph), a time series, or a graph. Any of these can be turned into its “feature vector,” also known as “embedding.” AI/ML practitioners are familiar with generating “dense” feature representations (a.k.a embeddings) for their data entities. They can now store these feature vectors in Redis and perform similarity searches. From a visual search on an e-commerce website to automated chatbots / Q&A systems and multiple types of recommendation systems. VSS is generally helpful on any app where spotting similarity in real-time is essential to unlocking value. Common applications are E-commerce recommendations, Semantic similarity, Similarity in user profiles or products, Similarity in time-series data, graph data, and transactions. In this talk, we’ll learn how to implement VSS in Spring applications using Redis Stack enhanced search capabilities. We’ll learn about creating embeddings for your data, learn about Vector databases, Vectorization of your data, similarity metrics, and more.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/maeddes/whats-going-on-in-my-cluster One of the biggest challenges in the context of observing Spring Boot apps in Kubernetes is to find the right technology for the desired level of introspection. This talk will give an overview of what is currently available, what it gives you and which overhead you need to expect. Spring Boot is designed to be particularly developer friendly and intuitive, understanding Kubernetes however can be hard. Not only in the initial learning and understanding of the concepts, but also the aspect of keeping an overview of what is happening inside at the workloads of the cluster can be challenging. How can you quickly and easily tell if your apps are healthy, well utilised and running fine? This talk intends to look at the various aspects of Kubernetes observability and to introduce and compares multiple Open Source tools to achieve that. The range of tools covers different observability levels and requirements of different user groups. It starts with tools simply querying the Kubernetes API and delivering the outputs in an easy-to-understand UI, goes over the possibilities of services meshes and ends with application-side logging and monitoring. For each level of observability the user has to pay a certain price in terms of configuration and runtime overhead. In turn the quality and depth of the information is different. The Spring ecosystem provides the Spring Cloud Kubernetes extension. This talk will also highlight how this improves the Kubernetes experience and how it integrates with other solutions. The intended take-away is to get a feeling which type of tooling is the right one for a given purpose. Most options will be shown in a live demonstration. Some of the technologies have a polyglot aspect and can be applied independent of the framework. This talk however has a dominant focus on Spring Boot applications.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/martinahrer/bootiful-workload-orchestration-with-hashicorp-nomad GitHub repo: https://github.com/MartinAhrer/continuousdelivery What if we had a workload orchestrator that allows to run (legacy) Java applications, container and native workload without having to convert everything into a container? K8s has become standard for running container workload. It is popular for its flexibility, power and wide industry support but it comes with some costs. This is where Hashicorp Nomad steps in as an alternative when you don’t want to containerize your existing applications. In this talk attendees get a short intro to Nomad and learn to schedule Java, container, GraalVM native Spring Boot workloads running side by side.

Spring I/O 2023 - Barcelona, 18-19 May Have you heard of Event-Sourcing pattern? In these days of scalable, distributed applications, we will introduce a few practical considerations on Why, when and how to use Event-Sourcing. Some traps and benefits and how to easily do Event-Sourcing right with SpringBoot and AxonFramework. Very likely you would have heard many related concepts about Event-Driven Architectures so popular these days. In this session we will to focus on Event-Sourcing: and we will put it in its context and compare it with other event-based communication mechanisms. Specifically, we will answer three very specific questions: - The what: What exactly is Event-Sourcing? And how does it differ from other techniques related to Event-Driven Architectures? - The Why: what does Event Sourcing bring you in your case? - The how: What should you take into account and how should you implement Event-Sourcing to get the most out of its benefits? But we will also mention things to keep in mind if you want to avoid some uncomfortable pains and problems. We will finish by showing three practical examples where applied Event-Sourcing provides us with real benefits.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://github.com/bclozel/graphql-music/blob/main/observing-spring-for-graphql-in-action.pdf GitHub repo: https://github.com/bclozel/graphql-music On the heels of its first 1.0 release last May, six short months later Spring for GraphQL released 1.1 bringing it up to a Spring Framework 6 and Boot 3 baseline on Java 17+ with AOT/Native support, built-in Micrometer observability, Micrometer Context Propagation, improved argument binding, and much more lined up for the 1.2 release in May 2023. In this talk, Rossen and Brian will use a sample application to demo new features as well as to illustrate how GraphQL requests are handled through the built-in, Micrometer observability support in order to get insight into GraphQL request processing by visualizing data fetching operations. The sample uses a CLI application to consume GraphQL data through the Spring for GraphQL client. This talk is not intended as a comprehensive intro to GraphQL, but it is intended to allow developers without hands-on experience with GraphQL to understand more about GraphQL applications.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://slides.com/julientopcu/rest-next-level-crafting-business-oriented-web-apis GitHub repo: https://gitlab.com/crafts-records/columbiad-express You have just coded your business logic by applying the principles of Domain-Driven Design! But when comes the time to write your API, you are facing a serious issue! All the intention and the expression of your domain go up in smoke to fit the blankness methods GET, POST, etc. Denatured by the REST layer, the business workflow is then deported on the consumer side to compensate for the limited vocabulary of this well-known CRUD protocol… During this talk, we will see how to bring the business intent back inside the REST API by finally being able to expose our domain services and aggregates’ methods. The business workflow will also be encapsulated in the REST API in order to have the power to guide our consumers through the workflow of our domain.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/salaboy/o-2023-spring-boot-in-a-cloud-native-polyglot-world GitHub repo: https://github.com/salaboy/dapr-testcontainers Forget about adding libraries to connect with your database or message brokers. Dapr provides a set of Cloud-Native interfaces and components that allow developers to focus on coding their features instead of worrying about the infrastructure that is needed to run their applications. Have you ever realized that the database driver version used in your production environment differs from the one you use for development? Have you ever suffered the pain of another team using a different programming language that doesn’t allow you to expose metrics in the same way that you do in your spring boot applications? In this session, we will be looking at Dapr, a Cloud Native set of interfaces that enable developers to build distributed applications quickly, no matter the programming language that they are using. By using Dapr and its provided interfaces, you decouple the infrastructure your applications need to run from their implementations, enabling developers to quickly iterate and build features without worrying about language-specific drivers or libraries that need to be included and maintained inside their applications. This session will focus on the Dapr Spring Boot integrations and show how developers can quickly get started by showing a live demo (running on Kubernetes) that uses a wide range of Dapr Components.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://docs.google.com/presentation/d/1SwBPSuBH9MTYiJCLNKFmCDK8NJ3E4sbVVwrtpNt1QFY/edit Production is the place where all applications should live. Even though you are using continuous integration and delivery, you might wonder every time you release a new version to production if it will work or there will be some breakage on the latest version, eventually making production unavailable to the customers. Progressive delivery is the next step after Continuous Delivery to test your application in production before it becomes fully available to all your user bases. Embrace progressive delivery with techniques like the blue-green, canary release, shadowing traffic, or dark launches to validate the application in production using Kubernetes and tools like Istio, Prometheus, ArgoCD, or Argo Rollouts. Come to this session to learn progressive delivery in action using Kubernetes.

Spring I/O 2023 - Barcelona, 18-19 May Getting started with Spring Boot and its auto-configuration mechanism can be a hurdle for new developers. Once you get your first Spring Boot application up- and running, writing tests for it is the last thing you care about. You’re happy that your code does its job. However, as soon as you try to integrate your changes, you face a pull request rejection because your lead developer reminds you that tests are missing. Testing is an integral part of software development, and unfortunately, some teams treat this topic neglectfully. That’s bad for the future maintenance and overall health of their project. Fortunately, both Spring Test and Spring Boot offer excellent support for testing your application. This talk will give you an overview of best practices, pitfalls, and recipes for testing Spring Boot applications. Simply put, with this talk, I’ll share the things that I wish I had known when I started testing Spring Boot applications.

Spring I/O 2023 - Barcelona, 18-19 May Speakers: Olga Maciaszek-Sharma / Oleg Šelajev GitHub repo: https://github.com/olgamaciaszek/coffee Verifying behaviors of the cloud-native applications and ensuring that all of the services in the system work correctly together is both crucial and challenging. Manually maintaining environments to test the correctness of the entire system is undevops-like and fragile. Luckily, modern tools can help you to build automated, reliable test pipelines, and in this session, we explore how using Spring Cloud Contract and Testcontainers together can improve your testing and deployment processes. Spring Cloud Contract is an implementation of Consumer-Driven Contracts, an approach that provides a way to easily describe and verify APIs, at the same time allowing building API backward compatibility verification into the deployment process. Testcontainers lets developers programmatically build test environments consisting of real services running in lightweight and disposable containers. It turns the process of integration testing into a seamless, unit-test-like experience. In this presentation, we’ll show how contract and integration tests complement each other and explore one of the most natural and reliable approaches to service evolution with contract testing. We’ll discuss why in Spring Cloud Contract, we’ve decided to switch to using Testcontainers as the solution for Kafka and AMQP messaging verification and demonstrate practical use-cases and code examples of how to set up both types of tests in your applications and deployment pipelines.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/simas/do-you-really-need-hibernate GitHub repo: https://github.com/simasch/jooq-examples Hibernate is often used without thinking twice. But is that the best solution in all cases? This talk shows another possibility that can lead to better performance in many cases. Projects often use Java Persistence API (JPA) by default and, thus, mostly Hibernate. But do all applications need a comprehensive object/relational mapping (ORM) with all conceivable functions? This talk examines the architecture of database-centric applications and discusses whether you always need an object graph for persistence. Using an example application, it is shown how pure SQL, with the help of jOOQ and (nested) Java Records simplifies data access and how common ORM problems, such as the n+1 select problem, can be avoided. Finally, the possibility of combining jOOQ and JPA/Hibernate and thus using the best of both worlds is discussed.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://docs.google.com/presentation/d/1ygm-SMWWnxHB7Dip6PEE0xCCCgUtGbHPY72vp0_maUQ/edit#slide=id.g245c20d6060_0_178 GitHub repo: https://github.com/cbornet/intro-spring-pulsar-demo With Spring’s flexible design as a development framework, we’ll take a look and see how we can leverage on its features such as auto-configuration, templates, listeners, and so on, to build a production-ready application that would interoperate very well with Apache Pulsar, and utilize Pulsar’s powerful capabilities to work with distributed messages and data streams in a cloud-native environment. We will build a sample application using the “Spring for Apache Pulsar” toolkit to bring the joy of development to developers.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://2023.springio.net/docs/slides/architecturally-evident-spring-applications-with-jmolecules-springio23.pdf Spring applications are usually written using a certain framework or at least based on a particular platform. Some of them provide means to express architectural concepts, but usually, there’s a gap between architectural and design patterns and the actual code. Closing that gap is a challenge, and it’s hard to separate code from technology. jMolecules is a framework independent library to express well-known architectural patterns in Java code and let technical integration with frameworks like Spring, compliance with implementation heuristics and documentation of the system’s current arrangement be derived from that. The talk gives an overview of the fundamental idea and the way jMolecules allows developers to make use of it. We then discuss a variety of optional technology integration into Spring, Jackson, JPA, and MongoDB as well as how to generate, high-level, structural documentation from that.

Spring I/O 2023 - Barcelona, 18-19 May GitHub repo: https://github.com/EXXETA/springio-2023 GraalVM is mainly known for its native image-compiler. But it provides a second feature: Running languages like Python and JavaScript side-by-side with JVM-languages in a single program. So we can mix Java and Python in our Spring Boot-application like we’re mixing Java and Kotlin! In this session we will have a deepdive into GraalVM to understand how those different languages are working together. I will demonstrate how to implement a service using Data Science-packages in Python and inject it as Bean in Spring Boot. We will also discover how to set up a suitable Dockerfile and write test for our code. Finally I will discuss possible use cases for so called “polyglot” applications and next steps in their development.

Spring I/O 2023 - Barcelona, 18-19 May Azure Spring Apps is a fully managed service from Microsoft and VMware. It solves the challenges of running Spring apps at a cloud scale by removing the need to worry about infrastructure, application lifecycle, monitoring, container intricacies, and Kubernetes. This session is for developers looking to learn what Azure Spring Apps is about. We’ll start the session with a technical overview and demos so you can see how it works, and what capabilities it has. Join us to learn the best way to run Spring apps on Azure!

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.slideshare.net/sbrannen/testing-with-spring-aot-graalvm-and-junit-5-spring-io-2023 This talk will focus on the latest testing features in Spring Framework 6.0.x as well as JUnit Jupiter 5.9.x and the upcoming JUnit Jupiter 5.10. In addition, this talk will provide attendees tips on how to test a Spring application in AOT mode as well as within a GraalVM native image.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://2023.springio.net/docs/slides/why-spring-belongs-in-your-data-stream-from-edge-to-multi-cloud-springio23.pdf Let’s build data streaming apps anywhere with Spring at any scale. With modern applications spanning from edge to any and all clouds to support data collection, real-time streaming, sensor ingest, edge computing, IoT use cases, and edge AI, we need to be able to run our Spring microservices anywhere. Apache Kafka allows us to build computing at the edge and produce and consume messages at scale in any IoT, hybrid, or cloud environment. We will also send messages via MQTT protocol to be used for high-speed messaging. We will have a demo that shows coding, running, and deploying Spring-based Edge applications to Raspberry Pis and NVIDIA Jetson devices. Spring is often forgotten in real-time data processing and replaced with Python or Scala. Java and Spring are perfect for real-time data processing. Spring belongs in your real-time data pipeline, and I’ll show you how to incorporate it into streaming applications as part of a FLaNK-Spring application. Kafka, Flink, Spark, NiFi, and Spring work together to build fast, safe streaming applications to deploy in bare metal, VMs, containers, pods, VMware Tanzu, or any cloud.

Spring I/O 2023 - Barcelona, 18-19 May This was Spring I/O 2023!