Secure Spring Boot REST API using Basic Authentication

This is the third post of my Spring Boot Blog post series. In the very first post, I talked about my experience with creating RESTFul Services using Spring Boot. Then I have expanded the sample to integrate with Swagger documentation. In this post, I am going to expand above sample with security aspect.

What is API Security

API Security is a wide area with many different definitions, meanings, and solutions. The main key terms in API security are Authorization, Authentication, Encryption, Federation, and Delegation. However, I am not going to talk about each of them here.

What is Authentication

Authentication is used to reliably determine the identity of an end user and give access to the resources based on the correctly identified user.

What is Basic Authentication

Basic Authentication is the simplest way to enforce access controling to resources. Here, the HTTP user agent provides the username and the password when making a request. The string containing the username and password separ…

Introduction to WSO2 Registry Mounting

This post is based on the common questions raised about registry mounting and how it works etc. Below are the main questions people ask:

1). How mounting works?
2). What is the difference between Config Registry and Governance Registry?
3). Can I use databases other than H2 for Local Registry?
4). What is meant by mount path and target path?
5). Do I need to configure “remoteInstance” URL?
6). What should I use as the cacheId?

So let's start with how to configure a registry mount. When you are configuring the registry mount, you have to add the relevant data source to the master-datasources.xml file. In addition to that, you have to add mounting related configuration into the registry.xml file as well.

In the master-datasources.xml file you have to just configure a JDBC data source by providing JDBC URL, username, password, validation queries, connection optimization parameters, etc. An example data source entry will look like below.


Integrating Swagger with Spring Boot REST API

In the last post, I talked about my experience with creating RESTFul Services using Spring Boot. When creating a REST API, proper documentation is a mandatory part of it.

What is Swagger?

Swagger(Swagger 2) is a specification for describing and documenting a REST API. It specifies the format of the REST web services including URL, Resources, methods, etc. Swagger will generate documentation from the application code and handle the rendering part as well.

In this post, I am going to integrate Swagger 2 documentation into a Spring Boot based REST web service. So I am going to use Springfox implementation to generate the swagger documentation. If you want to know how to run/build Spring Boot project, please refer my previous post.

Springfox provides two dependencies to generate API Doc and Swagger UI. If you are not expecting to integrate Swagger UI into your API level, no need to add  Swagger UI dependency.


Building a RESTFul Service using Spring Boot

Everyone is talking about Microservices such as WSO2 Microservice Framework, Spring Boot, etc. Since I haven't worked on any Spring related project since a very long time, I thought to implement a simple RESTFul service using Spring Boot.

So I started with Spring documentation. It is straightforward.  You can create the structure of your project using "Spring Initializr". This is an online tool where you can add all the desired dependencies to your project POM file. Since I am a big fan of Maven, I am generating a maven project.

In the Spring Initializr UI, you can choose the Language, Spring Boot Version, Project Group ID, artifact name, etc. Please refer below screenshot for information I have provided while generating the project.

When clicking on "Generate Project", it will download zipped maven project into your computer. Unzip it and import into an IDE. The initial project structure is like below.

In my HelloWorld REST service implementation, it accepts u…

Java 8 lambda expression for list/array conversion

1). Convert List to List ( List of Strings to List of Integers)

List<Integer>  integerList =; 

// the longer full lambda version:  List<Integer>  integerList  = -> Integer.parseInt(s)).collect(Collectors.toList());

2). Convert List to int[](List of Strings to int array)
int[] intArray =;

3). Convert String[] to List ( String array to List of Integers)
List<Integer>  integerList = Stream.of(array).map(Integer::parseInt).collect(Collectors.toList());

4). Convert String[] to int[] (String array to int array)
int[] intArray = Stream.of(stringArray).mapToInt(Integer::parseInt).toArray();
5). Convert String[] to List (String array to Double List)
List<Double> doubleList = Stream.of(stringArray).map(Double::parseDouble).collect(Collectors.toList());
6). Convert int[] to String[] (int array to String array)

Manage Solr Data in WSO2 Server

Recently I was checking an issue faced by one of my colleague while automating WSO2 API Manager deployment. There, once the new pack is deployed by pointing to the existing databases, APIM Store didn't show existing APIs at once. It took some time to display all the existing APIs in the Store.

The APIs are retrieved using the Solr based indexing in APIM. Therefore, the main reason for this behavior is that a fresh pack doesn't have existing Solr data and it takes some time to complete the indexing. Until that indexing process is completed, it will not show API in the Store instantly.

To address this, you can follow one of the below approaches:

1). Backup existing Solr data (APIM_HOME/solr/data) from the existing deployment and added it to newly created pack.

2). Externalize Solr data directory. Solr data stored location can be configured via file located in the APIM_HOME/repository/conf/solr/registry-indexing directory. So you can update to stor…

Lifecycle Managment with Governance Publisher

WSO2 Governance Registry (WSO2 G-Reg) is a fully open source product for SOA governance. In G-Reg 5.0.0 release, we have introduced a revolutionary enterprise publisher and store for asset management. As I explained in my previous post, the Lifecycle of an asset is one of the critical requirements of enterprise asset management.

G-Reg Publisher Lifecycle Management: 

With WSO2 Governance Registry 5.3.0, we have introduced a new Lifecycle management feature for publisher application as well. After enabling lifecycle management in the publisher, you will be able to see new lifecycle management UI as below.

This lifecycle management can be enabled for one asset type or all the generic asset types(RXT based). If you are enabling this for all the assets, you have to change 'lifecycleMgtViewEnabled' value as true in the asset js file located in the GREG_HOME/repository/deployment/server/jaggeryapps/publisher/extensions/assets/default directory. By default, this publisher based lifecy…