This blog demonstrates how ModeMapper can help automate the DTO paping process to entities on the Spring Boot API, using sample sources. The second half explains how to use Auth0 to protect and authorize the resulting Spring Boot API.
DTO represents a data transfer object, a design pattern that came up with the idea of reducing the number of calls when working on a remote interface. As Martin Fowler defines in Blog, the main reason to use data transfer objects is to combine multiple remote calls into one batch. is.
For example, let's say you're communicating with a RESTful API that exposes bank account data. In this case, instead of issuing multiple requests to check the current and up-to-date account transactions, the bank can publish an endpoint that returns a DTO to summarize everything. This coarse-grained interface can greatly help improve performance, as one of the most expensive operations for remote applications is the round-trip time between the client and server.
Another benefit of using DTOs with RESTful APIs written in Java (and Spring Boot) is useful when hiding implementation details for domain objects (also known as entities). Publishing entities through endpoints is a security issue if you are not careful about which properties you change through which operations.
As an example, imagine a Java API that exposes user details and accepts user updates through two endpoints. The first endpoint processes the GET request and returns user data. The second endpoint then accepts the PUT request to update these details. If this application does not utilize DTO, all properties of the user will be exposed on the first endpoint (eg password) and the second endpoint will carefully select which properties to accept when updating the user. Must (eg not everyone can update the user's role). To overcome this situation, the DTO helps to expose only what the first endpoint is interested in and limit what the second endpoint accepts. This property helps maintain data integrity within the application.
In this article, we will use DTO to handle this situation. As we'll see later, this design pattern introduces a few more classes into your application, but with improved security.
The continuation of this blog is explained at the following URL. Automatically map DTO to entities with Spring Boot API
Auth0 is a so-called IDaaS (Identity as a Service) vendor that provides authentication / authorization services for web applications, mobiles, APIs, etc. in the cloud. We provide a recommended solution for those who want to incorporate user authentication, authorization, and security in corporate web applications, APIs, Native Mobile App, etc., but it is difficult to implement.
Auth0 publishes sample programs for various platform frameworks on Github, including the sample programs used in this tutorial. In addition to the Spring Boot API introduced this time, we have released sources for many frameworks, so why not give it a try? Github repository --Auth0
The Auth0 service can be evaluated free of charge (free trial: 22 days) without a contract. For a free trial, access the Auth0 homepage and <A HREF="https://auth0.com" at the top right of the screen. /signup?utm_campaign=qiita_auth0_aspnet_core&utm_source=qiita"> . You can sign up for user registration using your Gitgub, Google, or Microsoft account, so why not give it a try?