Spring-security context setup for 2-legged (client credentials) OAuth2 server

userApprovalHandler: if you only have one client in your system, I agree the users should not have to approve it accessing their data. oauthAuthenticationEntryPoint: Normally, if authentication fails, the response type is JSON. Documentation says “If authentication fails and the caller has asked for a specific content type response, this entry point can send one, … Read more

Jackson custom deserializer for one field with polymorphic types

Jackson processes @JsonTypeInfo before choosing which Deserializer to use, probably because the choice of Deserializer could depend generally on the type. However, you can easily disable this on a per-field basis the same way you specify custom Deserializer – by annotating the field directly: @JsonDeserialize(using = DefinitionDeserializer.class) @JsonTypeInfo(use = JsonTypeInfo.Id.NONE) private Definition definition;

Thread.sleep() VS Executor.scheduleWithFixedDelay()

You’re dealing with sleep times termed in tens of seconds. The possible savings by changing your sleep option here is likely nanoseconds or microseconds. I’d prefer the latter style every time, but if you have the former and it’s going to cost you a lot to change it, “improving performance” isn’t a particularly good justification. … Read more