Hi, Spring fans! Welcome to another installment of This Month in Spring! Can you believe we're staring down 2022? It's already almost the end of the year! I can't believe we quickly got this far, but we did.

There have been several things I want to draw your attention to since last month, not least of which is the information about Log4j2 and the new Spring Native release.

Log4j2 is the gift that keeps on giving

Log4j2 isn't a problem. I am so grateful to all the developers who work on Log4j2 so that we can use it. Vulnerabilities happen, and they happen to everybody. So, I wish people would try to remember that Log4j2 has served countless people just fine for a very, very long time. While there is a vulnerability, the vulnerability is easy to fix. If you're a Spring Boot developer using the default, out-of-the-box settings in a Spring Boot application, then you've got nothing to fear. I'll repeat it: unless you've explicitly opted into Log4j2, you should be fine. However, a new Logback issue could, in theory, affect Spring Boot developers. It's a much more complex vulnerability to exploit, however. That doesn't mean it's not worth your attention. Be careful out there, friends: wear a mask and patch your software!

Spring Native 0.11

Moving on to things more tantalizing: we released Spring Native 0.11, which is fantastic because it features a brand new AOT (ahead-of-time) engine that completely reworks how we transpile Spring Boot applications into GraalVM native images. I've been working with GraalVM a lot over the last two years, and this new release is a vast, revolutionary step in the story of Spring Native and a giant leap forward on the journey to Spring Framework 6 and Spring Boot 3, both of which will land next year.

I've been tinkering with the new release a lot over the last month, too. Spring Native works well for a ton of use cases supported by Spring itself, and so, for most applications, I've found things work just fine with no changes. That said, some things will not work in a Spring Native context or any GraalVM context without some help. For example, it would help if you told GraalVM what you're doing that might confound it – proxies, serialization, resource-loading, etc. Spring Native provides a mechanism – hints – by which you can do this. It's easy. But it still has to be done. So, I've been going around to some projects that I think would probably need some help and trying to make them work.

MyBatis and Spring Native

I got Spring and MyBatis to work well and put that in a sample branch. See this blog for more on that. It was challenging to get Spring and the MyBatis Spring Boot autoconfiguration to work. I started rebuilding the autoconfiguration, bit by bit, and managed to build an inarguably less helpful, less robust Spring Boot autoconfiguration for MyBatis that works well with Spring Native, too. I'm already talking to some folks on the MyBatis team about possibly including some of this work. (Fingers crossed!). With this proof-of-concept Spring Boot autoconfiguration and Spring Native configuration, you can create a MyBatis SQL Mapper like this:

@Mapper
public interface CityMapper {

   @Insert("INSERT INTO city (name, state, country) VALUES(#{name}, #{state}, #{country})")
   @Options(useGeneratedKeys = true, keyProperty = "id")
   void insert(City city);

   @Select("SELECT id, name, state, country FROM city ")
   Collection findAll();
}  

Spring Retrosocket and Spring Native

I also updated the Spring Retrosocket project to work with Spring Native. Spring Retrosocket is a declarative Feign– or Retrofit-like client for RSocket-based services.

@RSocketClient
interface GreetingsClient {

   @MessageMapping("hello")
   Mono hello(Mono name);
} 

The Kubernetes Java Client and Spring Native

Then, I turned my attention to making the Kubernetes Java client work well in a Spring Native and GraalVM context. The Kubernetes Java client is essential if you want to build memory-efficient controllers and operators for Kubernetes. Did I mention that GraalVM native images are very memory efficient? It depends on what you're doing in your application, of course, but my typical applications end up taking anywhere from 40 to 55 megabytes of RAM (well, RSS, specifically). And that's in addition to startup in only tens of milliseconds. The official Kubernetes-for-Java client has a Spring Boot autoconfiguration. So all I had to do was write the trivial Spring Native configuration required to make such applications work well in a Spring Native and GraalVM context. I explain it here in detail. Suffice it to say it's now possible to use your favorite development framework not just to build excellent Kubernetes resources and controllers but deploy them in a low-footprint fashion to your organization's clusters.

Spring GraphQL and Spring Native

Then, I turned my attention to Spring GraphQl and Spring Native. Spring GraphQL works pretty well as long as you override how the GraphQlSourceBuilder derives the Spring Framework Resource instances used to feed the engine the schema for your GraphQL endpoints. It's not as easy as it could be, but it's still only an extra @Bean or two or so lines of code to make it work. Fine. The trouble starts when you're using Spring GraphQL and want to query the metamodel for Spring GraphQL's schema itself. Having the GraphQL metamodel is convenient when, for example, you're using the /graphiql/ interactive console to query the data. That took some doing, but I did it. I explain that further in this post.

With that, I can deploy a GraphQL controller like this:

@Controller
class CustomerGraphQlController {

   private final CustomerRepository repository; 
   CustomerGraphQlController(CustomerRepository repository) {
      this.repository = repository ;
   } 
   @QueryMapping
   Flux customers() {
    return this.repository.findAll();  
   }
}

record Customer(@Id Integer id, String name) { } 

…that uses the following schema:

type Query { customers : [Customer] } type Customer { id: ID name :String } 

Then open the example up at http://localhost:8080/graphiql/ and issue the following query:

query { customers { id, name } } 

And get the results I was expecting!

Miscellaneous

I've also been dealing with many other things I wanted to get working with Spring Native. So here's the Spring Native configuration for CommonMark, a Markdown parser in Java.

Here are the various classes I had to add to make Apache Lucene work in a Spring Native project. Of course, this example is more involved and uses GraalVM substitutions and a typical Spring Native configuration. But it works, and well, too!

Oh, and did I mention I worked with Ronald Dehuysser to get Jobrunr, a distributed job scheduling engine, working in a GraalVM context with Spring Native? Because I did, and the result is awesome!

I've done all this in just the last few weeks: the possibilities are endless, and I can't wait to see more and more of the wide and world of Springdom sprout GraalVM integrations.

Anyway, enough of this ever-so-indulgent discussion of building GraalVM and native applications; we've got a ton of good stuff to review this month, so let's dive into it!

• Read this first! If you've been living under a rock, you may not have heard of the recent Log4J2 vulnerability. If you're using the default, out-of-the-box Spring Boot logging support, then this does not apply to you! But, if you are using Log4j2 specifically, you need to read this post on Log4j2 and Spring Boot!
• Bruno Borges tweets this straightforward workaround for those of you who are using Log4j2 and can't change the startup scripts of your application afflicted by the Log4j2 exploit
• Once you're sure your applications are healthy and happy, check out the new Spring Native 0.11 release! And its new AOT engine, which brings Spring Native to the Next Level.
• Don't want to read the blog on Spring Native (why not?)? I did a Spring Tips (@SpringTipsLive) video you can watch to see everything new and excellent in Spring Native 0.11. This video goes deep, starting with the basics, looking at performance numbers (dramatic reductions in compile-time, startup time, and runtime memory footprint) for some typical workloads, and then looking at the new AOT engine's extension plans.
• A Bootiful Podcast: Transformative leader, brilliant technologist, my friend, Patrick Chanezon
• Secure communications end-to-end for Spring Boot apps – in Zero Trust environment
• Spring Cloud Gateway and gRPC
• Spring Cloud Square 0.4.0-RC1 is available
• Spring GraphQL 1.0.0-M4 Released
• Spring Native for Serverless Java
• Spring Tools 4 on Twitter
• Spring Tools 4.13.0 released
• Both Vaadin Flow and Vaadin Fusion versions of the Spring Petclinic sample have joined the Spring Petclinic Community
• The amazing Gunnar Hillert has posted the Oracle Coherence Sock Shop Microservices example app for Spring Boot, which adds better Tracing support using Spring Cloud Sleuth for Jaeger and Zipkin. An original application from Weaveworks inspired this demonstration.
• Neo4j's Michael Simons has this great tweet: Did you know that Neo4js releases the Neo4j Java driver as a slim option, under the coordinates org.neo4j.driver:neo4j-java-driver-slim, without shaded dependencies? This slim dependency might be handy if your project already has a dependence on Project Reactor or Netty.
• Microsoft's Rory Preddy tweeted that a demo-heavy Monitoring Java on Azure series is now available. Besides data migration, end-to-end monitoring is the #1 challenge for developers migrating Spring Boot apps to the cloud – in this series, we demystify all!
• Now Available: JDK migration guide Includes significant changes & enhancements in #JDK17 ☕️ Move your Java version forward
• Piotr Mińkowski has a nice little tip: If you use a dedicated management port for Actuator endpoints starting from Spring Boot 2.6, you may expose a particular health group on the main server port under the additional path. It is helpful in #Kubernetes liveness and readiness probes.
• Tanzu Tuesdays 74 – Carvel support in Kubeapps – New pluggable gRPC-based architecture – YouTube
• Azure Spring Cloud scales Spring Boot apps to billions of requests per day without the hassle of managing infrastructure. See it in action
• This is an excellent video overview of VMware's free, open-source Kubernetes distro, the Tanzu Community Edition.
• an excellent report on the Microsoft Tech Community: How developers migrate Spring apps to the cloud
• A Bootiful Podcast: DataStax's Christopher Bradford on the Apache Cassandra operator for Kubernetes, K8ssandra
• Accelerate Spring Apps to Cloud at Scale – Discussion with Azure Spring Cloud Customers
• Spring Authorization Server 0.2.1 available now
• Spring Cloud 2021.0.0 (codename Jubilee) Has Been Released
• Spring Cloud Function 3.2 is out!
• Spring Cloud Sleuth 3.1.0 is out!
• Spring Tips: @Controllers and RSocket
• JSON:API for Spring HATEOAS
• Living with Kubernetes: 12 Commands to Debug Your Workloads
• Hmm. I wonder what Mark Paluch's cooking something extraordinary with the R2DBC SPI. I wonder what…?
• Nice job, Github Actions! There's now integrated sigstore support! Safeguard your containers with new container signing capability in GitHub Actions
• Pull Request #762 adds Knative for incubation at CNCF – hurray!
• Security Report for Spring AMQP (Spring for RabbitMQ)
• Spring Boot 2.6.1 is now available
• Spring Data MongoDB – Relation Modelling
• Thymeleaf 3.0.13 now available! This new version includes security improvements, make sure to check the release notes
• In the installment of A Bootiful Podcast, I talked about reactive-systems with functional programming legend Debasish Ghosh
• The Apache Cassandra project is working hard to officially support JDK 17 in the next Apache Cassandra major release.
• I love to see how far the JVM has come. One great indicator of its progress: its garbage collector. Check out this post on garbage collection progress from JDK 8 to JDK 17
• This is so cool! There's now an Oracle Database Kubernetes Operator
• JEP 420: Pattern Matching for the switch expression (Second Preview)
• Java on Visual Studio Code Update – October 2021
• For many folks, the days of using Docker Desktop for free are numbered. You might be interested in this blog on Rancher Desktop – A Docker Desktop Replacement
• A Bootiful Podcast: Fellow Java Champion Kate Stanley on Kubernetes and Apache Kafka
• Hi, Spring fans! I hope you'll check out the recent talk I did, Bootiful Kotlin, at the Kotlin Hyderabad event
• Continuously Verify Your Startup Times so that You Won't Be Surprised Badly.
• Get to Know a Kubernetes Operator! I wrote this post as a guided tour of some of my favorite operators for Kubernetes.
• The RSocket Routing Broker has been renamed to RSocket Broker. The new Github organization and projects are here. Maven coordinates and java packages have been updated. Updated samples are here.
• Spring AMQP (Spring for RabbitMQ) 2.4 is Now Available
• Spring Boot 2.4.13 available now
• Spring Boot 2.5.7 is now available
• Spring Boot 2.6 is now available
• Spring Cloud Netflix version 2.2.10.RELEASE is now available
• Spring HATEOAS 1.4 released
• Spring Tips: @Controllers: WebSockets
• Spring for Apache Kafka 2.8 is Now Available
• In this installment of A Bootiful Podcast, I talked to JMS and Messaging legend, HornetQ and Artemis co-founder, Clebert Suconic
• I liked this post on Piotr's TechBlog post: Kafka Streams with Spring Cloud Stream
• R2DBC and Spring for Non-Blocking Database Access
• Release 1.8.0 · micrometer-metrics/micrometer
• Spring Cloud Stream with Apache Kafka and Rabbitmq binder | Spring Boot
• Spring Data 2021.0.7 and 2020.0.15 released
• Spring Data 2021.1.0 goes GA
• Spring Framework 5.3.13 available now
• Spring Tips: My Reactive Summit 2021 Day 2 Keynote with James Ward
• hantsy has been adding samples demonstrating reactive concepts to this repository since Spring Framework 5 development began. There are always new and exciting examples
• Join us, and some of our favorite software developers for the next installment of SpringOne Tour!