Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I am learning Spring boot recently, there are too much magic in it. I find most of the resource, include the official website, is focused on how to use it, not explain how it works. Could anyone share such resources?
UPDATE:
Maybe my description cause some confusion(close votes), I am actually looking for answer to questions like below:
What will happen when boot find "org.springframework.boot:spring-boot-starter-web" in pom.xml? Does it add Tomcat lib jar into my classpath? Will web.xml be generated? (documents said boot do not generate code)
What will happen when boot find "org.springframework.boot:spring-boot-starter-data-jpa", will persistence.xml be generated? How boot create a repository instance based on the database driver dependency in pom.xml?
...
Spring Boot does not generate any code at all, all configuration is performed programmatically. So for example, there won't be a web.xml file that configures your servlets, instead the servlet 3.0 API will be used to register them in code.
The starter POMs provide a convenient way to add jars to your classpath, but they do not themselves do anything. For example, spring-boot-starter-web will add Tomcat and Spring MVC jars, spring-boot-starter-data-jpa will add Hibernate and Spring Data JPA etc.
Once you have relevant jars on your classpath, Spring Boot will attempt to auto-configure things for you. When it starts it consults META-INF/spring.factories files to find potential configuration (here is an example).
Each configuration is tried in turn to see if it can be applied. Configurations use #Condition annotations to limit when they apply. For example, the HibernateJpaAutoConfiguration only applies when certain Hibernate classes can be found (see here). Auto-configurations are just typical Spring #Configuration classes, so you can take a look at the source code to see what is actually happening.
The reference documentation (and specifically Appendix B) might also help.
Based upon my intial understanding my answer is given below.
Basically, Spring Boot is helping in providing dependencies based upon your requirements.
We don't need to manage pom.xml.
We just need to include correct base project of Spring Boot.
Rest all of things can be done without Spring Boot as well, like all configuration with Annotation only.
Below given link may help you more.
http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/index.html
Did a simple experiment with the jars inclusion:
First run the application without the "spring-boot-starter-web" jar, the "spring-boot" application will be standalone application.
Now add the "spring-boot-starter-web", the "spring-boot" application will starts the "tomcat" container.
2 things here, based on my observation.
The pom.xml is declaration to what jars to be added.
Once the SpringBoot application started, first it will check the "Auto-configurations", once the "spring-boot-starter-web" is in the classpath, this will start the tomcat automatically.
For any more information, we need to run the "spring-boot" application in --debug option.
This will publish the "AUTO-CONFIGURATION REPORT" which will be helpful.
Related
I am trying to check the log4j vulnerability in GeoServer, On before and after updating the old log4j package to the new package which resolves the issue. For that, I am using the Zap tool for checking the vulnerability, where I found that active scan rule alpha. This rule attempts to discover the Log4Shell (CVE-2021-44228) vulnerability. checkout this link for more information https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-alpha/.
And also I am little confused about how to execute this active scan rule alpha. please share some information about its execution.
My question is whether this is the right way to check this log4j vulnerability in GeoServer? or is there are any other ways for this?
You need to enable an OAST service (via Options / OAST) first.
You can either use one of the public ones we have pre-configured or stand up your own instance.
We also recommend that you scan headers as well as this vulnerability often is exposed by them.
For more details see this blog post :) https://www.zaproxy.org/blog/2021-12-14-log4shell-detection-with-zap/
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
I have a difficult WPF application, which works with PTL, many third-party libraries and network. In developer workstation it works fine (in release mode too), but when I run it in client workstation - I got stackoverflow exception in same input data. Also app crashed always in different places.
So, my questions are:
I know, that its impossible to catch stackoverflow exception by try-catch-finally. But may be exists any workaround to understand which module generate this problem?
What different between client and developer environment, if all third-party libraries are equals?
I know, that its impossible to catch a StackOverflowError exception using try-catch-finally.
It is not impossible. Just highly inadvisable, and it probably won't fix the issue. (The best a handler could do would be to abandon what ever caused the problem and try to continue. But what if the application needed the result that was being computed? Or what if the application tries the same computation again?)
But may be exists any workaround to understand which module generate this problem?
Without knowing the real cause of the problem, there is no good workaround.
How do you find the real cause of the problem? Debug the application!
What different between client and developer environment, if all third-party libraries are equals?
In general it could be any of the following:
Different Java versions
Different OS versions
Containers and/or virtualization
Different networking environments
Different external tools installed
Different file system layouts
Different users or file permissions
Different Java application configs
Different input data / databases.
and probably a few more besides. In short there are potentially lots of things that could be different that could cause different behaviors. You might be able to discount some of these as not relevant, but it is also possible to be wrong about that.
IMO, looking for the differences is the wrong approach. A better idea is to debug your application in the client environment. Read the stacktrace, read the code, attach a debugger to the JVM and set breakpoints, etc to try and find out what is actually happening.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
We started using servicestack v4, rest assured that there where no licensing limits on the client. At least that's what I could read out of servicestack's download page.
We are building our project according to mythz' answer to this question on servicestack how to structure an api.
The generic client works (so far) as expected without setting a license, but when a colleague created a test-client against the service, using the .Dump() method, he ran into this exception:
The free-quota limit on '20 ServiceStack.Text Types' has been reached. Please see https://servicestack.net to upgrade to a commercial license or visit https://github.com/ServiceStackV3/ServiceStackV3 to revert back to the free ServiceStack v3.
Let it be said: the .Dump()-method is not the issue here, we could do without it :) But, I really dislike these sudden exceptions! They suddenly blows up your project, reaching some sort of licensing limit. The last time something like this happended, it was inside an ormlite integration test. Everything works just fine, then KABOOM, you have to add your license to your NUnit test project.
Is there any more gotchas in this framework? Can we recommend to consumers of our API to use the servicestack client to connect, or will it suddenly come back and haunt us? I fully understand the need for licensing the framework, but this all boils down to me not trusting the framework which now is the core of my service!
What can you freely use the client-package and it's dependencies to, and what can you not?
Do you have any words of reconciliation? Will the ServiceStack.Client-mines be removed, or should we recommend all customers using the servicestack.client-package to buy a license to avoid their application from suddenly crashing if we add another property in a POCO-class? If ServiceStack.Client is not a "free", rather a "free-but" package, how can I know when calling a method if it's under some sort of quota or not?
As of v4.0.62 ServiceStack.Text is now free where now all restrictions have been removed from ServiceStack.Text as well as all client libraries depending on ServiceStack.Text including:
ServiceStack.Text
ServiceStack.Client
ServiceStack.HttpClient
ServiceStack.Stripe
(includng all *.Signed .NET Core *.Core versions of the above packages)
Where the above libraries no longer have any technical restrictions or need to register a license key in order to use them unrestricted.
All other free quotas in ServiceStack Server libraries are listed at: https://servicestack.net/download#free-quotas
I need to plan monitoring of Liferay 6.1 running on Glassfish 3.1.2. So far we determined Glassfish mbans we want to monitor.
The question is:
does Liferay provide any MBeans in addittion to those provided by app server (liferay specific mbans) ?
if so, are there any industry standard liferay mbeans that are worth to monitor in general ?
References to existing Liferay docs are welcome (actually may suffice for the whole answer). So far I could not find anything in official docs.
Thanks !
I doubt that you'll find "industry standard" mbeans, as Liferay is a platform that is used in many completely different ways: E.g. you might want to monitor the MessageBoards caches if you have a forum-like installation that suffers performance in that area. If you don't have enough content of a specific type, it doesn't make sense to monitor that cache.
That being said, from the top of my head I remember that the caches are available for your monitoring.
My recommendation is to browse through the MBeans and figure out if the given values make sense for your installation and usecase. They do have quite descriptive names.
Also, keep in mind that in general production you'll monitor other values than e.g. during performance tuning. (Coming back to caches: It makes sense to dimension the caches according to their actual size - but they wouldn't vary greatly day to day. So looking at them manually - when you want to change some config - makes sense
I need a way to find which Java methods are writing a plain log file (this log it's not log4j), I'm certain that the log is written as a text file with the io.file class.
How can I isolate the methods with Eclipse that operate with the log.
I made some investigation on Linux to determine the process that opens the file and it's jboss, so it's the main project, what now is needed is to narrow down the search.
So, what can it be done at this point ?
Any other tips like using 3-rd party monitoring tools like jvisualvm to monitor jboss's threads are welcomed.
I can provide more details about my problem, leave the questions in the comments, because I don't know very well how to explain the issue I'm experiencing.