das-buro-am-draht / spring-cache-dynamodb Goto Github PK

Provides support to increase developer productivity in Java when using Amazons DynamoDB as a key-value store. Uses familiar Spring concepts such as a template classes for core API usage and lightweight repository style data access.

License: Apache License 2.0

dynamodb spring cache spring-cache spring-boot java

spring-cache-dynamodb's Introduction

spring-cache-dynamodb

Spring Cache implementation based on Amazon DynamoDB

Install

To integrate this Git repository into your project, simply add the maven dependency

<dependency>
    <groupId>com.dasburo</groupId>
    <artifactId>spring-cache-dynamodb</artifactId>
    <version>2.0.0</version>
</dependency>

This release is using the AWS Java SDK v2.x. If you must use v1.x, please use a version prior to 2.0.0 of this library.

Usage

Quick start

There is an autoconfiguration class that will set up a simple key-value cache for you, provided you have specified the following properties.

Properties

# TTL (in seconds). Default is Duration.ZERO and disables TTL.
spring.cache.dynamo.caches[0].ttl = 10s

# Cache name for the @Cacheable annotation.
spring.cache.dynamo.caches[0].cacheName = myCache

# Value that indicates if the cache must be flushed on application start.
spring.cache.dynamo.caches[0].flushOnBoot = true

YAML

spring:
  cache:
    dynamo:
      caches:
        - # TTL.
          ttl: 10s
          # Cache name for the @Cacheable annotation.
          cacheName: myCache
          # Value that indicates if the cache table must be flushed when the application starts.
          flushOnBoot: true

Custom configuration

To customize the creation of a cache manager, create a Java Bean in a configuration class:

@Bean
public AwsCredentials awsCredentials() {
    return AwsBasicCredentials.create(amazonAWSAccessKey, amazonAWSSecretKey);
}

@Bean
public AwsCredentialsProvider awsCredentialsProvider(AwsCredentials awsCredentials) {
    return StaticCredentialsProvider.create(awsCredentials);
}

@Bean
public DynamoDbClient amazonDynamoDB(AwsCredentialsProvider awsCredentialsProvider) {
    return DynamoDbClient.builder()
        .credentialsProvider(awsCredentialsProvider)
        .region(Region.of(amazonAWSRegion))
        .build();
}

@Bean
public CacheManager cacheManager(DynamoDbClient ddb) {
    List<DynamoCacheBuilder> cacheBuilders = new ArrayList<>();
    cacheBuilders.add(DynamoCacheBuilder.newInstance(cacheName, ddb)
      .withTTL(Duration.ofSeconds(cacheTtl)));
    
    return new DynamoCacheManager(cacheBuilders);
}

Serializers

By default, the included StringSerializer is used. But it's also possible to define a custom Serializer of type DynamoSerializer for each cache.

How to use the cache?

@Cacheable

After the cache has been configured, you can use the Cacheable annotation. In the following example, the cache "myCache" is used like this:

@Cacheable(value = "myCache", key = "#id")
public Data getData(String id) {
  // ...
}

The id parameter is used as document identifier. Note that the cache key must be of type java.lang.String. It is also possible to use SpEL to generate a combined key.

The Data object will be stored in a DynamoDB table for future use (as the TTL has not expired). Note that cache elements must be serializable (i.e. implement java.io.Serializable).

License

Spring Cache DynamoDB is Open Source software released under the Apache 2.0 license.

spring-cache-dynamodb's People

Contributors

Stargazers

Watchers

Forkers

dnltsk tuankhoi2206

spring-cache-dynamodb's Issues

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.yaml:snakeyaml:1.23

Vulnerabilities

DepShield reports that this application's usage of org.yaml:snakeyaml:1.23 results in the following vulnerability(s):

(CVSS 7.5) [CVE-2017-18640] The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operat...

Occurrences

org.yaml:snakeyaml:1.23 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-test:2.1.7.RELEASE
└─ org.springframework.boot:spring-boot-starter:2.1.7.RELEASE
└─ org.yaml:snakeyaml:1.23

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 9.1) Vulnerability due to usage of net.minidev:json-smart:2.3

Vulnerabilities

DepShield reports that this application's usage of net.minidev:json-smart:2.3 results in the following vulnerability(s):

(CVSS 9.1) [CVE-2021-27568] An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-sma...

Occurrences

net.minidev:json-smart:2.3 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-test:2.1.7.RELEASE
└─ com.jayway.jsonpath:json-path:2.4.0
└─ net.minidev:json-smart:2.3

[DepShield] (CVSS 5.3) Vulnerability due to usage of org.apache.httpcomponents:httpclient:4.5.9

Vulnerabilities

DepShield reports that this application's usage of org.apache.httpcomponents:httpclient:4.5.9 results in the following vulnerability(s):

(CVSS 5.3) [CVE-2020-13956] Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret ma...

Occurrences

org.apache.httpcomponents:httpclient:4.5.9 is a transitive dependency introduced by the following direct dependency(s):

• com.amazonaws:aws-java-sdk-dynamodb:1.11.899
└─ com.amazonaws:aws-java-sdk-core:1.11.899
└─ org.apache.httpcomponents:httpclient:4.5.9

Items may not be deleted after TTL expiration

According to AWS DynamoDB docs:

Depending on the size and activity level of a table, the actual delete operation of an expired item can vary. Because TTL is meant to be a background process, the nature of the capacity used to expire and delete items via TTL is variable (but free of charge). TTL typically deletes expired items within 48 hours of expiration.

Items that have expired, but haven’t yet been deleted by TTL, still appear in reads, queries, and scans. If you do not want expired items in the result set, you must filter them out. To do this, use a filter expression that returns only items where the Time to Live expiration value is greater than the current time in epoch format. For more information, see Filter expressions for scan.

Items that are past their expiration, but have not yet been deleted can still be updated, and successful updates to change or remove the expiration attribute will be honored.

Perhaps I am wrong but did not find anywhere in the code a check if the TTL expiration value is greater than the current time. If this is true, it would mean that items that are meant to disappear from cache, may still be there.

Enable usage of DynamoDB's Partition Key and Sort Keys

Right now DynamoDB's Partition Key and Sort Key features are not usable because

all cached data is stored inside value attribute and not on root level
all cached data is encoded

The usage of Partition Key and Sort Key would allow

faster access of cached data due to partitioning
improve selective invalidating of cached data

see https://aws.amazon.com/de/blogs/database/choosing-the-right-dynamodb-partition-key/

first idea

To allow the usage of the features the key attributes must be in the root of the data object so that

the value-Object that is grouping all attributes is skipped
the forced encoding must be dropped

What are the use cases where both features are required? Binary data like Images or so?

second idea

A different (maybe better) approach would be to configure a Partition Key inside the CacheConfig. For instance

DynamoCacheBuilder.newInstance("pet-table", amazonDynamoDB)
   .withTTL(Duration.ofHours(24))
   .withSerializer(new PetSerializer())
   .withPartitionKey(new PartitionKey("pet-type", S))

All PutItemRequests then could add the pet-type attribute beside the value attribute.

Thanks

AWS DynamoDB Region should be configurable

The Region for the DynamoDB is actually set to EU_CENTRAL by default. This should be configurable.

[DepShield] (CVSS 9.8) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.9.9

Vulnerabilities

DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.9.9 results in the following vulnerability(s):

Occurrences

com.fasterxml.jackson.core:jackson-databind:2.9.9 is a transitive dependency introduced by the following direct dependency(s):

• com.amazonaws:aws-java-sdk-dynamodb:1.11.899
└─ com.amazonaws:aws-java-sdk-core:1.11.899
└─ com.fasterxml.jackson.core:jackson-databind:2.9.9

das-buro-am-draht / spring-cache-dynamodb Goto Github PK

spring-cache-dynamodb's Introduction

spring-cache-dynamodb

Install

Usage

Quick start

Properties

YAML

Custom configuration

Serializers

How to use the cache?

@Cacheable

License

spring-cache-dynamodb's People

Contributors

Stargazers

Watchers

Forkers

spring-cache-dynamodb's Issues

first idea

second idea

Recommend Projects

Recommend Topics

Recommend Org