 Hello Java developers. My name is Matt Rabel. Today I'd like to show you how to build a secure REST API and native image with Spring Boot. Let's get it up. I created a demo script for this screencast, which you can find in the Octadev native Java examples repository. And it's demo dash spring boot dot adoc adoc for ASCII doc. And like I said, we're going to build a simple REST API secure with OAuth 2 and then access it with a JWT and all the links for the demo script and for the repository with the completed code and instructions for doing it all are in the description below in the video. So go ahead and check that out and click on those links. So you'll need a few prerequisites you'll need SDK man already have it installed. So it's it's not dash dash right use the version SDK man is where you can get it. And then HTTP already have that installed as well. And then the octa CLI, which I have zero dot 10. And you can get that from CLI dot octa.com. And then the brackets at the end of the steps might be intelligent live templates that I could use. So if I type a bit of code and it spits out a bunch of code, then you'll know where that came from. And so we're going to start with SDK man here to install Java 17 with growl VM, I already have it installed. So you could also do SDK list Java and grep girl for the growl images that are available for your machine. And then you'll want to generate a no off to access token. This will be the JWT that will use to access the rest API. So octa apps, create spa, like DC debugger. And it's at OIDC debugger.com slash debug. And then we can go ahead and go to the OIDC debugger website. And we'll go ahead and make this a bit bigger. And you'll see it's got our client ID, which we'll need right here. And it remembered my authorized URI from the last time I was here. And you'll just need to use the issuer and tack on that v1 authorized. And then down here in the token, make sure have v1 authorized there as well. And then code and use pixie proof key for code exchange. And you should be off to the races. And then you'll get this access token here, which you can copy and put in your terminal. So token equals, and now we're all set up there. And we can put this back over here. And now we'll create a spring boot Java rest API. This will use start.spring.io. And I'll go ahead and do this in a downloads directory. And use HTTP to hit that endpoint. And we're going to include web OAuth to resource server and native, and then expand it. And here we are. So now we can open up spring boot in IntelliJ. And the first thing you're going to want to do is modify the palm dot XML to basically use a different version of Tomcat, that's a bit more optimized. So find that starter web, replace it with this. So it excludes the embed core and embed Web socket and uses embed programmatic instead. I don't know if that'll always be the case if it'll need it in a future version. But that's, you know, 267 right now. And then hello controller. Go ahead and create that color that hello controller. Then we have a shortcut. Let's be hello there. And then this you might want to click to refresh everything. It should be, you know, pulling in spring just fine. There we go. Now our imports are resolved. So you can see, you know, just long package names, but not much code, right? Only, you know, 15 lines or so here. And then we can configure an application dot properties for the OAuth to resource server or issuer. So that's our issuer, you or I, and then we'll need to get our octa domain name, which we had back here. Grab it right there, replace that placeholder. And then we'll also need to add security configuration. So we can just do this under this main package. And we'll call it security configuration. And this basically, you know, enables web security extends web security configure adapter. It doesn't like that I deleted the package there. Package com octa rest. And now it should all compile. And so it just makes you basically send a JWT in for any request requires all requests be authenticated. And so now we can start this up with MVNW spring boot run. We got a change of permissions. I don't know when they start doing that, but it is didn't always happen. Then you can see it starts in 1200 milliseconds there. So pretty fast. And then if we want to make sure it's secured, we can hit hello. And it'll reply with a whole bunch of security headers. So that's a nice thing about spring security. And the good old 401. And now if we want to hit it with that token, we can recall that. And then use HTTBI with a bear token. And it prints out, you know, my name. So this whole controller is resolving my email to the get name there. And then we can also build a native app. So we'll want to exit out of here and stop this one. Sometimes it takes a couple control C's and VNW package dash P native. You can see that took a little over two minutes to run there two minutes 13 seconds. And then we can start it up with target demo. And it starts up in what 46 milliseconds there, a couple control C's 36 milliseconds. So we're getting better, right? And 36 milliseconds. So it's about the average. And then if you want to compare it with, you know, other frameworks, I did this where I basically ran each one three times. And then it ran on five times. And I took the average of that. So this was on a MacBook Pro Intel from 2019, 64 gigs of RAM, right? Most of the startup time is related to disk speed, but build time is certainly, you know, determined by RAM and CPU. So Spring Boot basically takes around 60 milliseconds to load up, micronaut about half the speed, and then 25% faster than micronaut is quarkus. And then helodons a bit faster than spring boot as well. And so you can see the average is there. And then the memory usage I think is interesting. So Spring Boot takes about 50 megabytes of memory. So that's a lot better than typical Java app, right? After it's created into a binary. And then 61 megabytes after the first request, and only increases by a megabyte after five requests, you know, the others use a bit less memory. But you know, in the end, they're all kind of similar, except for quarkus here is pretty good on memory. And then what about the M1 max, that's what I'm recording this on. So a milliseconds to start their spring boot 36. Right. So that's pretty awesome. The others are a bit faster, but they're rewriting spring framework six to be all native and ahead of time compiling, and get rid of some reflection. So I wouldn't be surprised if this gets a lot faster. But the interesting thing for you as a developer is that, you know, the builds are much faster, like almost twice as fast. The apps start up twice as fast. But they do use more memory on the M1. So not sure what that is. But you can create a secure Spring Boot app with Okta, using the Okta CLI. So we've actually integrated these commands into it. So just to show you what that looks like, if we were to go to, you know, downloads, already have that one. So take temp, clear that out, and then Okta start spring boot, it'll actually download and configure an Okta Spring Boot app for you. And, you know, you can just start it up, log in, and it all works. So that's pretty slick. And we also have a web flux branch. That's the one that has native built in. So the regular Spring Boot, I didn't bother to put native in there, but the web flux one does. And then, of course, you can find the code that I just created in this native Java examples, Spring Boot. And if you're to go to the repo, it'll point to the blog post where I compare them all. I hope you've enjoyed this screencast. You can find me at mrable on Twitter, if you want to see when I post new videos or blog posts. And, of course, my team is at Okta Dev on Twitter, and subscribe to our YouTube channel, so you can be notified when we produce and publish more content like this. Cheers. Have a great day.