This repository contains a Spring Boot project named product-service-api. The project is built using Maven and includes controllers, a repository, a service, and exception handling.
The project consists of a Spring Boot application with the following components:
-
Main Application Class:
ProductServiceApiApplication- Entry point for the application.
- Annotated with
@SpringBootApplication.
-
Controller Class:
ProductController- RESTful controller handling product-related requests.
-
Aspect Class:
CategoryController- RESTful controller handling category-related requests.
-
Clone the repository:
git clone https://github.com/ashwani-cse/product-service-api.git
-
Build the project:
mvn clean install -U
-U: It is a optional to update snapshots and releases. 3. Run the application:
```bash
mvn spring-boot:run
```
-
Access the API:
Open a web browser or a tool like Postman and make a GET request to
http://localhost:8080/products/.
CREATE DATABASE IF NOT EXISTS product_service_flywaydb;
CREATE USER IF NOT EXISTS product_service_flywaydb_user IDENTIFIED BY 'product_service_flywaydb_pass';
GRANT ALL PRIVILEGES ON product_service_flywaydb.* TO product_service_flywaydb_user;Make some security changes before exposing application to user. Because you may be exposed to SQL injection attacks.
- Command to revoke all the privileges from the user associated with the application:
revoke all on product_service_flywaydb.* from 'product_service_flywaydb_user';
- And give some necessary privileges to application to make changes to only data of the database.
grant select, insert, delete, update on product_service_flywaydb.* to 'product_service_flywaydb_user';
- Re-grant permissions.
- Change the spring.jpa.hibernate.ddl-auto = update
- Re-run your applications.
Then repeat the two commands shown here to make your application safe for production use again. Better still, use a dedicated migration tool, such as Flyway or Liquibase.
This is a popular open-source tool that helps identify project dependencies and check if they have known, publicly disclosed, vulnerabilities. To identify and report known vulnerabilities in the dependencies of a Maven-based project execute below command -
mvn dependency-check:check Note: Use the NVD API key for fast scanning.
If you see any vulnerability, try to update with latest version of that dependency. In this project i found vulnerability with jackson-databind-core in 2.15.x versions. So i updated pom with dependency management with latest jackson-databind core version.
Note: for github use to commit/push and pull create a token from developer settings then in-place of password enter that token. Because from 2021, password has disabled for security reason.
Connect with us on social media and stay updated with the latest news and developments:
Stay ahead of the curve by subscribing to our LinkedIn newsletter:
Experience the future of e-commerce with CommerceNexus - where innovation meets efficiency!