📚 Learning Notes: Why Refresh Tokens Should Be Persisted While learning JWT authentication, I came across an interesting question: 🤔 If JWTs are stateless, why would we store refresh tokens in a database? The answer comes down to one thing: 🔐 Control. 🔹 The Problem Access tokens are usually short-lived. ⏱️ 15 minutes ⏱️ 30 minutes ⏱️ 1 hour If an access token is stolen, the damage is limited. Refresh tokens are different. They often live for months or even a year. If a refresh token is compromised, an attacker could continuously generate new access tokens. That's a much bigger risk. 🔹 Why Persist Refresh Tokens? Instead of treating refresh tokens as completely stateless, many systems store metadata about them. Benefits: ✅ Token Revocation Logout becomes meaningful. Delete the refresh token record and the token can no longer be used. ✅ Device Management Track how many active sessions a user has. Example: • Laptop • Mobile • Tablet Each device can have its own refresh token record. ✅ Suspicious Activity Detection Unexpected token usage can be identified and revoked. ✅ Token Rotation Each refresh token can be used exactly once. When exchanged: Old Token ❌ New Token ✅ This dramatically reduces the value of stolen refresh tokens. 🔹 TDD Approach Following the Red → Green → Refactor cycle: 🔴 Red Write a failing test: • Register a user • Check if a refresh token record exists in the database The test fails because no persistence mechanism exists yet. 🟢 Green Create a RefreshToken entity: RefreshToken ├─ id ├─ expiresAt ├─ userId ├─ createdAt └─ updatedAt Save a refresh token record whenever a user authenticates. Run tests again → Pass ✅ 🔹 User ↔ Refresh Token Relationship A common design: User (1) │ │ ▼ Refresh Tokens (Many) This allows a single user to maintain multiple active sessions across devices. TypeORM makes this easy using: • OneToMany • ManyToOne relationships. 🔹 JWT ID (JTI) One concept I found particularly interesting was using the JWT ID claim. Instead of storing large amounts of data inside the refresh token: JWT ├─ sub ├─ role └─ jti The jti references the database record. Benefits: ✅ Smaller tokens ✅ Easy revocation ✅ Better auditing ✅ Simpler token rotation 🔹 Additional Security Opportunities Once refresh tokens are persisted, we unlock features such as: 🛡️ Logout Everywhere 🛡️ Session Tracking 🛡️ Refresh Token Rotation 🛡️ Revocation Lists 🛡️ Expired Token Cleanup Jobs These become difficult or impossible with fully stateless refresh tokens. 💡 Biggest takeaway JWT authentication is often described as stateless. But in practice, many production systems intentionally add state back to refresh tokens. Why? Because security isn't just about issuing tokens. It's about being able to control them after they've been issued. #JWT #Authentication #RefreshToken #NodeJS #TypeScript #BackendDevelopment #SoftwareEngineering #WebSecurity #LearningInPublic #PostgreSQL #TypeORM

Completed the Third Module by Coding Shuttle @sudoanuj which is based on the Relationship mapping between the tables, how JDBC and Spring Data JPA helps to map the POJO with the database. Learned Cascading and many other important concepts like pagination and projection. The homework assignment was heavily focused on the relationship mappings. The first homework assignment was related to subject, student, department, admission record and professor which is basically a college management system where the ERD diagram was provided by @sudoanuj which made things easier. The tables have different relationships with each other. Some tables have OneToOne relationship and some have ManyToMany. Let's Understand the annotations with examples: 1. OneToOne: A Student can have only one Admission record. So that's why a OneToOne relationship is established between these two tables. 2. OneToMany: A Professor can teach more than one subject. So there's a OneToMany relationship established between these two tables and vice versa for ManyToOne. 3. ManyToMany: Many students can be taught by many professors. mappedBy is used to define the non-owning (inverse) side of a bidirectional entity relationship. It is present on the inverse side of the relationship, telling JPA that the other side owns the foreign key. JsonIgnore is a Jackson library annotation used to prevent specific entity fields or relationships from being serialized into JSON. It is commonly used to hide sensitive data like passwords or to break infinite recursion loops caused by bidirectional database relationships. Heavily used in ManyToMany relationships. JoinTable with JoinColumn defines the owning side of a ManyToMany relationship in JPA. It explicitly defines the intermediate join table and the foreign key columns used to establish the relationship between two database tables. The second homework project was an Author and Book management system where we had to map authors and the books they published. There are only two tables in this project with a ManyToMany relationship between authors and books — because one author can write many books and one book can have many authors. The main challenge was implementing all these APIs: Create a new book and author Retrieve a list of all books and authors Retrieve a single book or author by ID Update book and author details Delete a book or author Find books by title Find books published after a certain date Find authors by name Find all books by a specific author Some APIs required custom query methods in the Repository layer using Spring Data JPA's method naming conventions. Definitely a solid project! Learned a lot in this module. Will dive more in-depth into topics like Cascading and N 1 query optimization. #Java #SpringBoot #SpringDataJPA #BackendDevelopment #LearningInPublic #JavaDeveloper #CodingJourney

Day 14 - Spring Boot Learned how database relationships work using OneToMany and ManyToOne mappings. Implemented a real-world example: User to Orders relationship using JPA & Hibernate. #SpringBoot #Java #BackendDevelopment

Daily Log 🪵 ​Spring Boot: Deep-dived into OneToMany and ManyToOne mappings; polished my understanding of Validation constraints. ​DSA: Tackled the "Lowest Common Ancestor" (Medium) in Binary Trees and knocked out 3 Linked List revisions. ​#SpringBoot #Java #DataStructures

The best way to map the ManyToOne association with JPA and Hibernate vladmihalcea.com/manytoone-j…

Early hours of today, my Spring Boot app crashed on startup with a Hibernate error: “Property ‘BudgetTemplate.user’ is not a collection and may not be a @OneToMany” At first glance it looks scary. But when you understand relationships, the fix is obvious in seconds. A BudgetTemplate belongs to one User,so from the template’s side, that’s @ManyToOne, not @OneToMany. One annotation change. App back up. Database connected. The lesson: errors stop being scary when you understand the “why” behind your design decisions ,not just the code. Still building. 🚀 Gm!

Yesterday's update : Day 12 of Learning and improving : - Solved DSA Problem - Meditation - Learnt about OneToOne, ManyToOne, ManyToMany, OneToMany mapping in Spring - Learnt about Cascading in Spring JPA

Java Development Roadmap (Complete Guide) PHASE 1: JAVA FUNDAMENTALS ├── Core Java Basics │ ├── JDK, JRE, JVM architecture │ ├── Data types and variables │ ├── Operators and expressions │ ├── Control flow (if-else, switch, loops) │ └── Arrays and enhanced for loops ├── Object-Oriented Programming │ ├── Classes and objects │ ├── Constructors and this keyword │ ├── Inheritance (extends, super) │ ├── Polymorphism (overloading, overriding) │ ├── Abstraction (abstract classes, interfaces) │ └── Encapsulation (access modifiers) ├── Basic Java APIs │ ├── String, StringBuilder, StringBuffer │ ├── Wrapper classes and autoboxing │ ├── Math, Random, Scanner classes │ └── Date and Time API (java.time) PHASE 2: ADVANCED JAVA ├── Collections Framework │ ├── List (ArrayList, LinkedList, Vector) │ ├── Set (HashSet, LinkedHashSet, TreeSet) │ ├── Queue (PriorityQueue, ArrayDeque) │ ├── Map (HashMap, LinkedHashMap, TreeMap) │ ├── Comparable vs Comparator │ └── Stream operations and lambda expressions ├── Exception Handling │ ├── Checked vs unchecked exceptions │ ├── try-catch-finally blocks │ ├── try-with-resources │ └── Custom exceptions ├── Multithreading │ ├── Thread class and Runnable interface │ ├── Thread lifecycle and states │ ├── Synchronization and locks │ ├── ExecutorService and thread pools │ ├── CompletableFuture for async programming │ └── Concurrent collections ├── File I/O and NIO │ ├── FileReader/FileWriter │ ├── BufferedReader/BufferedWriter │ ├── NIO package (Path, Files) │ └── Serialization PHASE 3: DATABASE & JDBC ├── SQL Fundamentals │ ├── CRUD operations │ ├── Joins (INNER, LEFT, RIGHT, FULL) │ ├── Group By and Having │ ├── Subqueries and set operations │ └── Indexes and performance ├── JDBC Programming │ ├── DriverManager and Connection │ ├── Statement, PreparedStatement │ ├── ResultSet and RowSet │ ├── Batch processing │ ├── Transaction management │ └── Connection pooling (HikariCP) ├── Database Design │ ├── Normalization (1NF to 3NF) │ ├── Primary/Foreign keys │ └── Entity relationship modeling PHASE 4: ENTERPRISE JAVA (JAKARTA EE) ├── Servlet & JSP │ ├── Servlet lifecycle │ ├── RequestDispatcher and sendRedirect │ ├── Session management │ ├── Filters and Listeners │ ├── JSP tags and EL │ └── MVC architecture with Servlets/JSP ├── RESTful Web Services │ ├── JAX-RS (Jersey, RESTEasy) │ ├── @Path, @GET, @POST annotations │ ├── JSON binding with Jackson │ ├── Exception mappers │ └── API documentation (Swagger/OpenAPI) ├── Enterprise Integration │ ├── JMS with ActiveMQ │ ├── EJB basics (stateless, stateful) │ └── JTA transactions PHASE 5: SPRING FRAMEWORK ├── Spring Core │ ├── IoC and Dependency Injection │ ├── ApplicationContext and BeanFactory │ ├── XML vs Java configuration │ ├── Annotations (@Component, @Autowired) │ ├── Bean scopes and lifecycle │ └── Spring Expression Language (SpEL) ├── Spring MVC │ ├── DispatcherServlet workflow │ ├── Controllers (@Controller, @RestController) │ ├── Request mapping and data binding │ ├── Validation with Hibernate Validator │ ├── File upload/download │ └── Interceptors and exception handling ├── Spring Data JPA │ ├── Hibernate ORM fundamentals │ ├── Entity mappings (@OneToMany, @ManyToOne) │ ├── Repository pattern (JpaRepository) │ ├── Query methods and @Query │ ├── Pagination and sorting │ └── Auditing and soft deletes ├── Spring Security │ ├── Authentication and Authorization │ ├── UserDetailsService and JWT │ ├── OAuth2 and SSO integration │ ├── Method-level security │ └── CSRF and CORS configuration PHASE 6: SPRING BOOT & MICROSERVICES ├── Spring Boot Fundamentals │ ├── Auto-configuration │ ├── Starters and dependencies │ ├── application.properties/yml │ ├── Profiles and environment-specific config │ ├── Actuator endpoints │ └── Spring Boot DevTools ├── Microservices Architecture │ ├── Spring Cloud ecosystem │ ├── Service discovery (Eureka) │ ├── API Gateway (Spring Cloud Gateway) │ ├── Circuit breaker (Resilience4j) │ ├── Distributed tracing (Sleuth Zipkin) │ └── Configuration server (Spring Cloud Config) ├── Communication Protocols │ ├── RESTful services with WebClient │ ├── gRPC with Protocol Buffers │ ├── Apache Kafka for event-driven architecture │ └── RabbitMQ with Spring AMQP PHASE 7: BUILD TOOLS & TESTING ├── Build Tools │ ├── Maven (POM.xml, dependencies, plugins) │ │ ├── Project structure │ │ ├── Lifecycle phases │ │ └── Multi-module projects │ ├── Gradle (build.gradle, tasks) │ │ ├── Groovy vs Kotlin DSL │ │ └── Dependency management ├── Testing │ ├── Unit Testing with JUnit 5 │ │ ├── @Test, assertions │ │ ├── Parameterized tests │ │ └── Test lifecycle hooks │ ├── Mocking with Mockito │ │ ├── @Mock, @InjectMocks │ │ └── When/Then patterns │ ├── Integration Testing │ │ ├── @SpringBootTest │ │ ├── TestContainers for database testing │ │ └── @DataJpaTest, @WebMvcTest │ └── Performance Testing (JMeter, Gatling) PHASE 8: DEVOPS & DEPLOYMENT ├── Containerization │ ├── Docker for Java apps │ │ ├── Multi-stage Dockerfiles │ │ ├── JVM optimization in containers │ │ └── Docker Compose for local dev │ ├── Kubernetes for Java microservices │ │ ├── Pod and Service definitions │ │ ├── ConfigMaps and Secrets │ │ └── Helm charts for Java apps ├── CI/CD Pipeline │ ├── Jenkins with Java projects │ ├── GitHub Actions for Spring Boot │ ├── GitLab CI with Maven/Gradle │ └── SonarQube for code quality ├── Cloud Deployment │ ├── AWS (Elastic Beanstalk, ECS, EKS) │ ├── Azure (App Service, AKS) │ ├── Google Cloud (App Engine, GKE) │ └── Heroku / Railway / Render PHASE 9: PERFORMANCE & SECURITY ├── Performance Optimization │ ├── JVM tuning (Heap, GC algorithms) │ ├── Profiling tools (JProfiler, VisualVM) │ ├── Database query optimization │ ├── Caching (Spring Cache, Redis, Hazelcast) │ └── Connection pooling tuning ├── Security Best Practices │ ├── OWASP Top 10 for Java │ ├── Input validation and sanitization │ ├── SQL/NoSQL injection prevention │ ├── Secure coding guidelines │ ├── Dependency scanning (OWASP Dependency Check) │ └── Secret management (Vault, AWS Secrets Manager) PHASE 10: MODERN JAVA & TRENDS ├── Java 8 Features │ ├── Lambda expressions and Streams │ ├── Optional class │ ├── Default and static methods in interfaces │ ├── New Date/Time API │ └── CompletableFuture ├── Java 9-21 Features │ ├── Module system (Project Jigsaw) │ ├── Local variable type inference (var) │ ├── Switch expressions │ ├── Text blocks │ ├── Records and sealed classes │ ├── Pattern matching │ ├── Virtual threads (Project Loom) │ └── Foreign Function & Memory API ├── Reactive Programming │ ├── Project Reactor (Mono, Flux) │ ├── Spring WebFlux │ └── RSocket protocol SPECIALIZED DOMAINS ├── Big Data Java │ ├── Apache Spark with Java │ ├── Apache Flink │ └── Hadoop ecosystem ├── Android Development │ ├── Android SDK with Java │ └── Kotlin interop ├── FinTech/Enterprise │ ├── High-performance Java │ ├── Low-latency systems │ └── Financial messaging (FIX protocol) PROJECTS TO BUILD 1. Beginner: Library Management System (Core Java File I/O) 2. Intermediate: E-commerce API (Spring Boot JPA Security) 3. Intermediate: Task Management App with JWT authentication 4. Advanced: Microservices-based Banking System (Spring Cloud, Kafka) 5. Advanced: Real-time Chat Application (WebSocket STOMP) 6. Expert: Stock Trading Platform (low-latency, reactive) 7. Expert: Scalable Social Media Backend (microservices, Redis) LEARNING RESOURCES ├── Official Documentation │ ├── docs.oracle.com/en/java/ │ ├── spring.io/projects/spring-bo… │ └── hibernate.org/orm/documentat… ├── Books │ ├── "Effective Java" - Joshua Bloch │ ├── "Java Concurrency in Practice" │ ├── "Spring in Action" │ └── "Clean Code" - Robert C. Martin ├── Practice Platforms │ ├── LeetCode (Java problems) │ ├── HackerRank Java track │ ├── CodeWars │ └── Spring Initializr (start.spring.io) RECOMMENDED CERTIFICATIONS ├── Oracle Certified Professional: Java SE Programmer ├── Spring Professional Certification ├── AWS Certified Developer └── Azure Java Developer 📚 RECOMMENDED EBOOK For comprehensive Java and its interview preparation and in-depth concepts, check out: 👉Grab the Java Handbook: codewithdhanian.gumroad.com/…)** This ebook covers: - Core Java fundamentals with detailed explanations - Advanced Java concepts (Multithreading, Collections) - Spring/Spring Boot interview questions - Microservices design patterns - Real-world scenarios and coding problems - 300 frequently asked interview questions - Code examples and best practices - System design for Java developers Estimated Time: 6-12 months for core proficiency, 1-2 years for enterprise readiness Key Principle: Write code daily, understand the "why" behind features, master debugging Progression Strategy: 1. Months 1-3: Core Java OOP concepts 2. Months 4-6: Advanced Java JDBC Basic Servlets 3. Months 7-12: Spring Framework Spring Boot 4. Year 2: Microservices Cloud Advanced topics 5. Year 3 : Specialization Architecture Java Developer Mindset: - Strong typing catches bugs early - JVM is your friend - understand it - Enterprise patterns matter - Backward compatibility is sacred - Verbose can be clear - prioritize readability - Always consider garbage collection and memory - Design for interfaces, not implementations Daily Learning Routine: - Morning: Read Java/Spring documentation or articles - Afternoon: Code implementation - Evening: Code review and optimization - Weekend: Build side projects and experiment Community to Follow: - r/java, r/springsource - Follow @e_opore on X - Java Champions on Twitter - Spring Blog - InfoQ Java section Remember: Java is everywhere - from Android phones to enterprise servers to big data systems. Master the fundamentals first, then explore specialized domains. The ecosystem is vast but well-documented. Build projects that solve real problems, and always keep learning as Java evolves every 6 months now!

The only Java Spring Boot concepts you need to know • Spring Boot Setup → @ SpringBootApplication, Spring Initializr • Dependency Injection & IoC → @ Autowired, Bean scopes • Auto-configuration & Starters → reduced boilerplate config • REST API Basics → @ RestController, @ GetMapping, @ PostMapping • HTTP Methods & Routing → @ PutMapping, @ DeleteMapping, @ RequestMapping • Request Handling → @ RequestBody, @ PathVariable, @ RequestParam • Configuration → application .properties, application.yml, Spring Profiles • Spring Data JPA → @ Entity, @ Table, @ Id • Repositories → JpaRepository, derived queries & @ Query • Relationships → @ OneToMany, @ ManyToOne, @ JoinColumn • Validation → @ Valid, @ NotNull, @ Size • Exception Handling → @ ControllerAdvice, @ ExceptionHandler • Security Basics → Spring Security setup, roles & permissions • JWT Authentication → token filters & validation • Transactions → @ Transactional • Actuator → app health, metrics & monitoring • Testing → @ SpringBootTest, @ WebMvcTest, unit & integration tests • Caching → @ Cacheable, cache strategies • Logging → structured logs, logging levels • Reactive Support (optional) → WebFlux for non-blocking apps • Build & Packaging → Maven / Gradle, runnable JAR/WAR

Lazy vs Eager Loading in JPA Same relationship. Different fetch strategy. Huge performance impact. Let’s understand this with a simple restaurant example 🍽️  Imagine you ordered ONE tea. 🔴 FetchType.EAGER  You ordered one tea.   But the waiter brought tea snacks dessert together.  That’s EAGER loading. When the parent entity is fetched,   all related entities are loaded immediately —  Even if they are not required. Good for small relationships.   Risky for large collections. 🟢 FetchType.LAZY  You ordered one tea.   The waiter brought only tea.  That’s LAZY loading. Related entities are loaded only when accessed.  More controlled.   Usually better for performance. ⚠️ The N 1 Query Problem  Suppose you fetch 4 users. Query 1 → Fetch users   Query 2 → Orders for User 1   Query 3 → Orders for User 2   Query 4 → Orders for User 3   Query 5 → Orders for User 4  Total = 1 N queries  1 query loads parent entities.   N additional queries load child data.  More database round trips.   Lower performance. 🛠 How to Fix It  ✔ Use JOIN FETCH   ✔ Use @EntityGraph   ✔ Use DTO projection  Fetch associations explicitly   to avoid excessive queries. Golden Rule 🧠  EAGER loads immediately.   LAZY loads on demand.  Performance depends on *when* you fetch,   not just *what* you fetch. Interview Questions I Was Asked: Q1. Why is @ManyToOne EAGER by default?   A. Because it typically references a single small entity. Q2. What causes the N 1 problem?   A. Lazy loading inside loops without proper join fetching. Q3. Why is LAZY usually preferred?   A. It prevents unnecessary joins and reduces memory usage.

Yes, we are. Our ancestors came over here legally. And we were born here we’ve been here for multiple generations. They came in through the door not through the window. They assimilated they started speaking English instead of German, or Spanish, or Dutch, or whatever. ManytoOne.

The best way to map the @ManyToOne association with JPA and Hibernate vladmihalcea.com/manytoone-j…

finished my Task_Management API. • learned db relationship e.g oneTomany, manyToOne. • added task controller to manage tasks. • ensured only logged in users can update and delete their tasks. • did a little API documentation in the readMe file.

Day-99 of #100daysofcoding Today's topics learned:- -OneToOne relationship -ManyToOne relationship -OneToOne relationship -OneToMany relationship -Caching using spring boot -spring JDBC -mysql connection -using JPA

I solved this problem using EntityGraphs for ManyToOne and OneToOne and set ManyToMany and OneToOne to Fetch(FetchMode.SELECT). This helped me to solve major performance issues.

the arguments to things like ManyToOne basically takes the list of file paths generated by the glob patterns. and from there you can basically do... whatever the hell you want. OneToOne is smart enough to only transform one output if one input changes.

#Day32 of #100daysofcoding -Deepened my understanding on JoinColumn, OnetoMany and ManytoOne annotations is SpringBoot -Using Wrapper classes in Entity -Optional<T> class revised. - learned about mappedBy

Fixing #Hibernate @ManyToOne and @Column AnnotationException - #Java Code Geeks javacodegeeks.com/fixing-hib…

Day 84/100 of #100DaysOfCode 🚀 • Mastered @ManyToOne entity relationships • Built repository layer with Spring Data JPA • Fixed dependency injection in REST controllers • Learned transactional service patterns Small steps, solid progress! #Java #SpringBoot

Our goal: add extra fields to the ManyToMany join table, but since that’s not possible, we’ll replicate the db relation with a join entity & two ManyToOne relations symfonycasts.com/screencast/…