Nuwana - Software Development

Fixes to Overcome Circular Dependency in Authorization Flow We are building a Spring Boot microservices project with multiple services like: user-service (manages user info) merchant-service (manages merchant info) Other services...  Security Setup All services share a common library that:              Validates tokens              Loads user and  merchant  info by calling other services (user-service,  merchant -service) The Problem: Circular Calls Here’s what’s going wrong: The common library in a service (e.g., merchant-service) calls the user-service to get user info. But user-service also uses the same common library, and it needs merchant info → so it calls back the merchant-service. This creates a circular REST call between services: merchant→ user → merchant→ user...  This can lead to failures or stuck calls.   Options You Proposed   Option 1: Exclude endpoints from secu...

  @Transactional When You Use @Transactional at the Class Level: All public methods of the class are automatically transactional, as if you had added @Transactional on each method. Public method  ==> Runs within a transaction                                            Private / protected method  ==>  Not transactional (no proxy interception)                         Internal method call  ==>  Not transactional (e.g., calling one method from another within same class)  Spring AOP-based proxy  ==> Only public methods are proxied and eligible for transaction management   With Proxy (via @Transactional): Spring creates this proxy automatically when you use @Transactional. userService.updateUser();  Goes through proxy first:    ...

  Thread part 1: Thread for client handing request 01. Request → Thread Mapping When a request arrives, Spring Boot (via an embedded servlet container like Tomcat) assigns it to a thread from a thread pool (like the Tomcat thread pool).  Each thread handles one request at a time.  This thread is often called a worker thread. 02. ThreadLocal for Request-Specific Data ThreadLocal is used to store data that should be accessible throughout the request without passing it explicitly.  Spring Security and frameworks like Sleuth (for logging) use this under the hood.  However, ThreadLocal should be cleared manually or with proper filters/interceptors to avoid memory leaks in thread pools (since threads are reused). 03. ThreadLocal Automatically Not Cleared (Reasons have been explain at the end) If you use ThreadLocal, you must call .remove() after the request is done (or in a filter/interceptor). Spring Security and others manage their own cleanup. java threadLocal.remo...

JAVA features from 8 to 21 JAVA 8 1. Lambda Expressions 2. Functional Interfaces - Interfaces with a single abstract method. Example: Runnable, Comparable 3. Streams API 4. Default and Static Methods in Interfaces 5. Method References - list.forEach(System.out::println); 6. Optional Class 7. New Date and Time API (java.time) JAVA 9 01. Private Methods in Interfaces - Interfaces can now have private methods to share code between default methods. interface MyInterface {     private void log(String msg) {         System.out.println("Log: " + msg);     } } 02. Factory Methods for Collections New List.of(), Set.of(), and Map.of() methods for creating immutable collections. 03. Stream API Enhancements New methods: takeWhile(), dropWhile(), and ofNullable() JAVA 10 Not very important JAVA 11 1. var in Lambda Parameters list.forEach((var item) -> System.out.println(item)); 2. New String Methods isBlank(), lines(), strip(), repeat(), etc. JAVA 16 Record...

Popular Identity Brokers / Identity Providers 1. Auth0 (now part of Okta) Easy to set up and very developer-friendly. Supports social logins, enterprise identity providers, and custom databases.  Offers built-in multi-tenancy, rules, hooks, and extensibility. Free tier available; widely used in startups and enterprises. 2. Okta Enterprise-focused identity platform. Strong integration with SAML, OAuth, OpenID Connect, and SCIM. Supports workforce and customer identity. Very powerful for large-scale enterprise SSO needs.  3. Azure Active Directory (Azure AD) / Entra ID Microsoft's identity platform. Ideal for organizations already using Microsoft 365 or Azure. Supports OAuth, OIDC, and SAML. Common in enterprise environments.  4. Google Identity Platform Allows federated identity through Google accounts. Can be used directly or as part of Firebase Authentication. Good for consumer-facing apps with Google users. 5. Firebase Authentication Developer-friendly from Google. Supp...

JWT Signature Verification Flow (RS256) This document explains how JWT (JSON Web Token) signature verification works using asymmetric encryption (e.g., RS256 ), where the issuer signs with a private key and the verifier checks it using a public key . Example Input JWT Header (before encoding): { "alg" : "RS256" , "typ" : "JWT" } JWT Payload (before encoding): { "sub" : "1234567890" , "name" : "John Doe" , "iat" : 1516239022 } After Base64URL encoding: Header: lmn Payload: pqr Signature Generation: Signature = signWithPrivateKey( "lmn.pqr" ) = x123 Final JWT: JWT = lmn.pqr.x123 Signature Generation (by Token Issuer — e.g., AWS Cognito) The issuer (e.g., AWS Cognito) creates a message: message = lmn.pqr The message is signed using the private RSA key and the algorithm specified in the JWT header: RS256 = RSA with SHA-256  hashing. Signature...

  Why you see it in IntelliJ but not in your project folder IntelliJ shows all dependencies under External Libraries, but they are not stored directly inside your project directory. Instead, they are downloaded and cached by your build tool (like Gradle or Maven) in a global location on your system. ~ /.gradle/ caches/modules- 2 /files- 2.1 / ~ / .m2 / repository/ You have a Maven project that uses a:1.2 → it downloads the JAR to ~/.m2/repository. Now, in a Gradle project, you also want to use a:1.2 What actually happens: Gradle does not use Maven’s .m2/repository directly. Instead: Gradle will check its own cache: ~/.gradle/caches/modules-2/files-2.1/ If a:1.2 is not found in Gradle's cache, it will: Download a:1.2 from the remote repository (e.g., Maven Central) again. Store it in the Gradle cache, not reuse from .m2. Why this happens: Gradle and Maven use different caching strategies and metadata formats, so they maintain separate repositories. BUT: You can configure Gradle to l...