Value objects

Dans la littérature DDD, les value objects sont de simple classes dont l'égalité est défini par les valeurs des champs, ce qui permet de les identifier dans la mémoire contrairement au entité (par la valeur de l'identifiant), Une bonne pratique est de garder ces classes immuable si on a besoin d'une nouvelle instance on la crée, parmi les avantages aussi l'amélioration des performances et la facilité de création et destruction avec le Garbage collector lorsqu'ils ne sont plus référence .

L'utilisation des entités peut avoir aussi un impact sur les performances de l'application.

https://stackoverflow.com/questions/679005/how-are-value-objects-stored-in-the-database/681106#681106

Angular : Tips to How To Proxy To Backend Server

 Instead of hard coding http://localhost:8080/api to call the backend.

Here's a tips to how to proxy to backend server only for developement, I don't know if there an alternative for production environement:

First you create a file : proxy.conf.json
when you specify your endpoint,

{ "/api/*": { "target": "http://localhost:8080", "secure": false, "logLevel": "debug", "changeOrigin": true }}

Then you launch you server like ng serve --proxy-config proxy.conf.json
or you can speficy that on your package.json in "start" then npm start.

[Maven] Maven - How to remove module-info.class warning for shaded .jar?

 <build> 

    <plugins>        <plugin>          <artifactId>maven-shade-plugin</artifactId>          <version>3.2.1</version>          <executions>            <execution>              <phase>package</phase>              <goals>                <goal>shade</goal>              </goals>            </execution>          </executions>          <configuration>            <finalName>chapter4</finalName>            <!-- Using filtering in order to get rid of nasty warnings generated by shading module-info-->            <filters>              <filter>                <artifact>*:*</artifact>                <excludes>                  <exclude>module-info.class</exclude>                </excludes>              </filter>            </filters>          </configuration>        </plugin>      </plugins>    </build> 

The key line is the <exclude>module-info.class</exclude>. The filter excludes that file whenever it sees it, in any artifact (*:* = any artifact). (The other three excludes I use to get rid of bugs with signature files in dependencies)

https://stackoverflow.com/questions/56063566/maven-how-to-remove-module-info-class-warning-for-shaded-jar

Jackson with Feign can't deserialized Spring's org.springframework.data.domain.Sort

  return new ObjectMapper()

        .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
        .setPropertyNamingStrategy(SnakeCaseStrategy.SNAKE_CASE)
        .registerModule(new PageJacksonModule())
        .registerModule(new SortJacksonModule());

https://stackoverflow.com/questions/63924863/jackson-with-feign-cant-deserialized-springs-org-springframework-data-domain-s

Spring Boot Security Firewall org.springframework.security.web.firewall.RequestRejectedException:

 When adding a gateway like zuul in front of legacy application, you may encounter some errors thrown by Spring security like :

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String ";"

Check if your server tomcat add jsessionid into the url with ";", to disable it add:<session-config>

    <tracking-mode>COOKIE</tracking-mode>
</session-config>

or in context.xml 

add coockies true to <context>

Since  Spring Boot Security gives us a fully functional HTTP Firewall out of the box, 

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

HttpFirewall | Black List

We end off with the URL black list which rejects http requests which contain the following …

• semicolons. You can override this with setAllowSemicolon(boolean)
• URL encoded forward slash. (represented as %2f)  You can override this with setAllowUrlEncodedSlash(boolean)
• Backslash. You can override this with setAllowBackSlash(boolean)
• URL encoded percent sign (represented as %25). You can override this with setAllowUrlEncodedPercent(boolean)
• URL encoded period (represented as %2e). You can override this with setAllowUrlEncodedPeriod(boolean)

You can customise HttpFirewall like that : 

/*@Bean
public HttpFirewall firewall(){
    StrictHttpFirewall firewall = new StrictHttpFirewall();
    firewall.setAllowSemicolon(true);
    return firewall;
}*/

RFC 8693 - OAuth 2 How to exchange a JWT to new one with STS?

Token exchange is a responsability of the STS.

In order to exchange a token from Domain A to Domain B,

We need to send a POST request with the original JWT in the form data, you need to specify:

grant_type : token_exchange

subject_token : put your Original JWT token

subject_token_type : jwt 

some private key value like audience

From RFC 8693 : 

  grant_type
      
REQUIRED.  The value "urn:ietf:params:oauth:grant-type:token-
      exchange" indicates that a token exchange is being performed.

 subject_token
      
REQUIRED.  A security token that represents the identity of the
      party on behalf of whom the request is being made.  Typically, the
      subject of this token will be the subject of the security token
      issued in response to the request.

   subject_token_type
      
REQUIRED.  An identifier, as described in Section 3, that
      indicates the type of the security token in the "subject_token"
      parameter.

more details https://tools.ietf.org/html/rfc8693

Also chapter 7.6 of Microservices Security In Action