Mt Footstool by Arthur

This tech blog explores how the Adatree engineering team leverages latest Spring Security features to support multiple identification providers and achieve security, performance and maintainability. We use a fictional story to explain the application security challenges that companies face and how we solved them.

A promising startup

You are building a subscription service. It is very popular and many consumers as well as business partners want to use it. To use your service, both consumers and business partners need login with credentials to identify themselves. After some investigation, you know that consumers prefer their Google Accounts or Facebook Login while your business partners…

At AWS re:Invent 2020, AWS Lambda released Container Image Support for Lambda functions. This new feature allows engineers to package and deploy Lambda functions as container images of up to 10 GB in size. It offers technical teams an exciting opportunity to unify development and deployment processes and maximise investments in container-centric pipelines and tooling.

So we decided to adopt it into our solution and remove s3 bucket access from our deployment pipelines. Happy days!

Until I saw below highlighted statement in Lambda documentation

Fig 1. an unexpected restriction

Considering IAM provides sophisticated and powerful access controls for AWS ECR, I cannot believe this limitation…

Port adelaide river kayaking by Arthur

Is embedded Liquibase the right way?

Embedding Liquibase into the startup process of an application is a very common pattern for good reason

I agree with this statement from Liquibase blog to a large extent and use Liquibase in most of the Spring Boot + RDS projects I have worked on.

But embedding Liquibase into startup processes comes with caveats:

  1. DevOps friends would kindly point out that it violates Segregation of Duties practices to run an Application as Admin. This emits a bad smell.
  2. Database migration is a natural part of deployment instead of Application startup. When embedding Liquibase into an application, a risky database migration…

CICD pipeline as code using Azure DevOps REST APIs with Postman

Hooker Valley, New Zealand by author


To provision a source code repository and CICD pipelines in Azure DevOps for a typical Spring Boot based micro service requires a lot of mouse clicks. It is not only time-consuming but also error-prone.

YAML templates can help to some extent but there are limitations, the same as Azure CLI. For example, neither agent pool nor linked variable groups can be imported via YAML templates. Linked variable groups are often shared among different App Services across different environments with carefully designed access controls. …

Arthur Zhang

Father of two giggly girls; a technical problem solver who focuses on both delivery and growth

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store