Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.
Get started with understanding multi-threaded applications with our Java Concurrency guide:
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Refactor Java code safely — and automatically — with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
In distributed systems, managing multi-step processes (e.g., validating a driver, calculating fares, notifying users) can be difficult. We need to manage state, scattered retry logic, and maintain context when services fail.
Dapr Workflows solves this via Durable Execution which includes automatic state persistence, replaying workflows after failures and built-in resilience through retries, timeouts and error handling.
In this tutorial, we'll see how to orchestrate a multi-step flow for a ride-hailing application by integrating Dapr Workflows and Spring Boot:
1. Introduction
When we develop web services, we may need to deal with complex or unexpected URL paths that can contain slashes. As a consequence, we may encounter issues with the web servers or frameworks we are using.
Spring specifically can be a bit tricky in this regard due to the default configurations that it provides.
In this tutorial, we’ll show some common solutions and recommendations for handling URLs with slashes in Spring. We’ll also see why we shouldn’t use some common hacks to work around these issues. Keep reading to know more about it!
2. Parse the Request Manually
In our web services, sometimes we need to map all the requests under a certain path to the same endpoint. To make matters worse, we may not know what the rest of the path will look like. We might also need to somehow receive this path as a parameter in order to use it afterward.
Let’s say that we can receive requests with any path under /mypaths:
http://localhost:8080/mypaths/any/custom/pathAnd suppose we want to store all these different paths in a database to know what requests we’re receiving.
The first solution that will probably come to our minds is to capture the dynamic part of the path into a PathVariable:
@GetMapping("mypaths/{anything}")
public String pathVariable(@PathVariable("anything") String anything) {
return anything;
}Unfortunately, we soon find out that this returns a 404 if the PathVariable contains a slash. The slash character is the URI standard path delimiter, and all that goes after it counts as a new level in the path hierarchy. As expected, Spring follows this standard.
We can easily solve this by creating a fallback for all the requests under a certain path by using the ** wildcard:
@GetMapping("all/**")
public String allDirectories(HttpServletRequest request) {
return request.getRequestURI()
.split(request.getContextPath() + "/all/")[1];
}Then we have to parse the URI ourselves in order to get the part of the path we’re interested in.
This solution is very convenient when working with URL-like parameters, but as we’ll see in the next section, it’s not enough for some other cases.
3. Use Query Parameters
In contrast to our previous example, there are other cases where we’re not just mapping different paths but receiving any String as a parameter in the URL.
Let’s imagine that in our previous example, we make a request with a path parameter that contains consecutive slashes:
http://localhost:8080/all/http://myurl.comAt first, we could think that this should work, but we soon realize that our controller returns http:/myurl.com. This happens because Spring Security normalizes the URLs and replaces any double-slash with a single one.
Spring also normalizes other sequences in URLs, such as path traversals. It takes these precautions to prevent malicious URLs from bypassing the defined security constraints, as explained in the official Spring Security documentation.
In these cases, it’s strongly recommended to use query parameters instead:
@GetMapping("all")
public String queryParameter(@RequestParam("param") String param) {
return param;
}This way, we can receive any String parameter without these security restrictions, and our web service will be more robust and secure.
4. Avoid Workarounds
The solutions we’ve presented may imply some changes in our mappings design. This could tempt us to use some common workarounds to make our original endpoints work when receiving slashes in the URLs.
The most common workaround is probably to encode the slashes in the path parameters. However, some security vulnerabilities were reported in the past and most web and application servers reacted to it by disallowing the encoded slashes by default. It’s still possible to change this behavior just by changing the corresponding setting, like in Tomcat.
Others like Apache Server went a bit further and introduced an option to allow encoded slashes without decoding them so that they’re not interpreted as path delimiters. In any case, this is not recommended and it can introduce potential security risks.
On the other hand, web frameworks also take some precautions. As we’ve seen before, Spring adds some mechanisms as protection against less strict servlet containers. So, in case we allow encoded slashes in our server, we still have to allow them in Spring.
Finally, there are other kinds of workarounds like changing the URI normalization that Spring provides by default. As before, we should be very cautious if we change these defaults.
5. Conclusion
In this short article, we’ve shown some solutions for dealing with slashes in URLs in Spring. We’ve also introduced some security problems that can arise if we change the default configurations of servers or frameworks like Spring.
As a rule of thumb, query parameters are usually the best solution to deal with slashes in URLs.
