 Hello, my name is Matt Ravel and today I would like to show you how to make better, faster, lighter Java applications with Java 12 and J-Hipster 6. This screencast will be based on this tutorial I wrote back in early April, showing you how to use J-Hipster 6. I recently updated it for the release of J-Hipster 6, which happened on May 3rd just last week. So let's get started. The first thing that you're going to want to do is make sure you have Java 11 or 12 installed. So you can do that with SDKman. SDKman is a great software development kit manager that allows you to manage things like Java, Groovy, Scala Kotlin, Salon, Antmaven Grails, Gradle, all that good kind of stuff. So you can see here, this is what you need to actually install it. You just use the curl command, and it'll install it in your terminal. So I already have it installed, and that means I can run SDK list Java, and it will show me all the different options that I can use. And if I look at the current version, you'll see I'm using Java 11. Let's go ahead and upgrade to Java 12. So you can do SDK install Java 12.0.0-open, and that will install it. I already have installed, so it'll give me that message. But I can say SDK default Java, and make that my default. And now if I do Java-version, it'll say that I'm running Java 12. So jhipster is available at jhipster.tech. Has all kinds of information on the side about what it is. And if you look at its release notes, you'll notice released 600 was the latest one. And so there's a lot of improvements in this. The biggest one is migrating to Spring Boot 2.1, and that brings Java 11 and 12 support, and you can read all the other stuff on there. I'm particularly proud of this one, the Spring Security 5.1 OIDC support, and that's what I'll be highlighting today, creating an app that uses OIDC for login. To install jhipster, you simply need to do npm install dash g generator dash jhipster 6.0.0. Okay, once you have that installed, you can create a new app. The first thing you'll want to do, especially if you're creating a monolith, is to create a directory. So I'm going to just call mine hip app and cd into there. And jhipster ships with a sweet feature called JDL. JDL stands for Jhipster Domain Language. That's how you know it's hip, right, if it has its own domain language. And this allows you to define applications. So if I wanted to do vi app.jh, for instance, I could define the whole application using a syntax like this, and that would be my app.jh. And that would actually use all the defaults that are specified in jhipster. So if we look at our search for JDL here, it takes us here. And so JDL's available options shows you all the defaults. So you can see application type would be monolith, it would use a base name of jhipster, use a package name of com.mycompany, it would basically use JWT as a default, and then all of these other things. So if I was to create, you know, a app with that app.jh, this is what it would default to. And I'm going to customize that just a little bit. So it uses allot2 and renames the app to hip app. So in the config section, we can go in here and do application, or start with base name. We'll just call it hip app, and then the authentication type is allot2. So once we have that in place, you can do jhipster import JDL app.jh. So the app has been created, and if we were to, we can open that up in IntelJ for instance if we wanted to. So before you can run this app, you actually have to start key cloak. So there's a Docker compose file for that. The reason for that is because we use OIDC discovery now with spring 5.1. And that requires an endpoint to be available so it can discover all the various authorization and token validation endpoints that it uses for authentication. So you can do that with key cloak up dash D. So it runs as a daemon. This uses key cloak 6.0.1. And then we can start our app. And while the app's starting, I just wanted to show you a bit about the directory structure. You'll see it looks like a normal Java application, source main Java. And then this is where all our files live from our configuration to our domain classes to some repositories for spring data, and finally all of our rest endpoints. And then the application, the Angular app, lives in this directory, source main web app app, and it looks like a normal Angular app. So everything should be up and running now, or it's still compiling. It uses a front end Maven plugin to do the compilation of the Angular app from TypeScript to JavaScript when you start it up. And it's smart enough to detect if it needs to run that or not. And so when I said the well-known endpoint, you can actually see this right here. This is talking to key cloak at that well-known open ID configuration. This part right here is a standard URL for OpenID Connect. And so even when we switch it to talk to a different identity provider, it'll still use that endpoint to get the information. So if we were to go to localhost8080 and log in using admin-admin or user-user, then you could browse around and see the metrics that it offers. So under administration, there's all kinds of performance metrics that it records using Spring's actuator, among other things, as well as micrometer, health of the application, the configuration for all the different Spring properties, auditing for who logged in, as well as log configuration settings. So if you want to tweak Spring Framework, for instance, you could do orgSpringFramework and change it to error. You could also look at the API via swagger and get the current user's information, for example. And so key cloak works great in development, but in production, you may actually want to use something that's always on, like octa. So if you go to developer.octa.com, it shows you how to sign up to create a free developer account. I already have one. Mine is at dev133320. Look at my password and one password. There it is. Log in. And you'll need to create a new web application. So we'll call this J-Hipster 6. And then for the login redirect URI, you'll want to use login.oct2.code.oidc. And then you'll also need to add a log out URI. So click done to save that one and then click edit. And add localhost8080 as a log out redirect URI. The other thing you'll likely want to do is to add groups. So I've already configured them in here. You see I have a role admin and role user. That's what J-Hipster expects by default. And then you'll want to go into your authorization server. We created a default one for you and specify a groups claim. I already have one here. But if you look at it, it's basically, we put it in the ID token. We match the value type of groups. Matches a regex of dot star. And then it includes it in any scope. So if you were to create a new one, you would name it groups. Put it in the ID token and do it very similarly like that. And if you want to look at J-Hipster security, it has all these steps in there for you. So just showing you that. Open ID connect talks about key cloak and octa. And so it has all these steps for actually configuring that groups claim in there. And that will allow J-Hipster to know who you are and what groups you're in and assign permissions accordingly. So the cool thing is all you really need to change is a few environment variables because if you're storing secrets in your source code, that's not a good idea. So that's why I recommend you do them in environment variables instead. So we can stop the app. We could create an octa.env and paste that in there. And then we'll go back and get our values. So from our J-Hipster six application, we'll start with the client ID, next the client secret, and then our issue or URI. So the easiest place to find that is right under API authorization servers and grabbing it right there. It does tend to put a space. So watch for that. Okay, now we've set all that up and then you'll need to source that file. All right, to set all those variables and then you can run the application. And now instead of using key cloak, it'll use octa. So now if we hit local host 8080 and click sign in, since we're already logged into octa, it automatically logged us in and since my user account has administrator rights, I get an administration menu. So if I were to log out, sign in again, I could use a different account that's just a user. And now I have no admin menu. So everything set up correctly. If you do create an env file, one thing to make sure of is to add it to your git ignore. So up here we'll do like star.env and now that file actually won't be checked into source control. So it's pretty sweet. Spring Security actually does all the work here. Spring Security 5.1 adds first-class OIDC support and it's the one that makes it very easy to switch between providers from key cloak to octa or you could even use Google or something like GitHub as well. And it's pretty cool because JDL allows you to create full-on CRUD applications. So Jhipster JDL shows you all the different documentation and how you create it. But it also has, we have a bunch of samples out there. So JDL samples, we'll show you for instance, one of my favorites, a blog sample. So we don't need the application config in this case but you can see you can override the defaults and maybe use Postgres instead of MySQL. And you could also grab just the entities if you want it. So if I wanted to create a new blog.jh, put everything in there, then I could do Jhipster import JDL blog.jh and that would create entities, relationships and tie everything together as you would expect on the UI. I won't run that because it'll take a little bit but I think it's pretty cool. And also I wrote up another blog post. Jhipster Spring Security 5.1 eyes of a Java hipster maybe. Yes, upgrading Spring Security OAuth and JUnit test through the eyes of a Java hipster. I found it on Reddit first in our blog but basically it shows you what I did to upgrade from Spring Security 5.0 to 5.1 and implement a number of different features including log out and a few other things. So I invite you to take a look at those blog posts. My name is Matt Rabel. Again, you can find me on Twitter at mrabel. You can find my whole team at Octadev. Friends don't let friends build authentication. And if you like more videos like this one, please hit our YouTube channel and subscribe for more updates. Thanks for watching.