English · 한국어
Runnable examples for devslab-kr Spring Boot starters and libraries.
Each subdirectory is an independent Spring Boot application with its own Gradle build. Pick one, cd into it, and run ./gradlew bootRun.
💬 Questions, ideas, or sharing your application of the demos? Head to Discussions — bilingual (English / Korean), maintained by the same folks who write the libraries.
Latest active line. Use these if your app is on Spring Boot 4+.
| Demo | Showcases | Maven Central |
|---|---|---|
easy-paging-sb4-demo |
Annotation-driven offset pagination with @AutoPaginate (Spring Boot 4 + MyBatis + H2) |
 |
easy-paging-sb4-keyset-demo |
Cursor (keyset) pagination with @KeysetPaginate — composite (time, id) key, stable under writes, no OFFSET/COUNT(*) |
|
easy-paging-sb4-postgres-demo |
Same starter against real PostgreSQL — Docker Compose for bootRun, Testcontainers + @ServiceConnection for tests, no local DB install |
|
easy-paging-sb4-reactive-demo |
Reactive stack — WebFlux + R2DBC via R2dbcOffsetPagingSupport. Same JSON envelope as the MVC demos, served as Mono<PageResponse<T>> |
 |
For apps still on Spring Boot 3.3–3.5. The starter's 3.x branch continues to receive SB3 security patches; these demos pin against that line.
| Demo | Showcases | Maven Central |
|---|---|---|
easy-paging-demo |
Annotation-driven offset pagination with @AutoPaginate (Spring Boot 3 + MyBatis + H2) |
 |
easy-paging-keyset-demo |
Cursor (keyset) pagination with @KeysetPaginate |
|
easy-paging-postgres-demo |
Same starter against real PostgreSQL | |
easy-paging-reactive-demo |
Reactive stack — WebFlux + R2DBC |  |
| Demo | Showcases | Maven Central |
|---|---|---|
ssrf-guard-demo |
SSRF (Server-Side Request Forgery) protection across three Spring HTTP clients (RestClient, RestTemplate, WebClient) — same UrlPolicy for all. 15-pattern attack matrix endpoint, Micrometer metrics. |
 |
ssrf-guard-springai-demo |
⭐ LLM agent SSRF defense (Spring AI). Wraps every Spring AI ToolCallback so URL-shaped tool arguments are validated before the LLM-driven fetch_url runs. Fake-LLM driver makes the demo runnable offline (no API key). |
 |
ssrf-guard-langchain4j-demo |
⭐ LLM agent SSRF defense (LangChain4j). Same story for the other major Java LLM framework — wraps every ToolExecutor bean and validates ToolExecutionRequest.arguments() JSON before the executor runs. |
 |
ssrf-guard-feign-demo |
Spring Cloud OpenFeign RequestInterceptor — same UrlPolicy applied to @FeignClient calls. Two @FeignClient interfaces (one whitelisted, one not) to show the block path. |
 |
ssrf-guard-jdkhttp-demo |
java.net.http.HttpClient (Java 11+) wrapper — no Spring required by the library. Three-line wiring in main(). |
 |
ssrf-guard-okhttp-demo |
OkHttp Interceptor + Dns integration — also no Spring needed. Three-line wiring on OkHttpClient.Builder. |
 |
ssrf-guard-httpclient5-demo |
Apache HttpClient 5 — DNS-time SSRF gate (SafeDnsResolver) + SafeRedirectStrategy. Zero wiring code in Spring (module ships its own autoconfig); five-line wiring outside Spring. The TOCTOU-closing approach: validate=connect on the same InetAddress[]. |
 |
ssrf-guard-native-image-demo |
⚡ GraalVM native-image proof. Pulls ssrf-guard:3.1.0, applies the org.graalvm.buildtools.native plugin, demonstrates nativeCompile produces a working native binary that blocks the same 12-pattern attack matrix as the JVM build. End-to-end verification that ssrf-guard 3.1.0's RuntimeHintsRegistrar entries are complete. |
|
Async API-call logging into PostgreSQL JSONB via the api-log starter — one demo per persistence backend. Every demo uses the self-loopback design: the same app exposes both an /upstream/widgets endpoint (the "service being called") and a /client/widgets endpoint that calls the upstream via the api-log HTTP client util. A third /api-log endpoint reads the api_log table so you can curl the full lifecycle — INITIATED → SUCCESS / ERROR / RETRY_ERROR — without leaving the demo. Docker Compose for the local DB; Testcontainers + @ServiceConnection for the integration tests.
| Demo | Showcases | Maven Central |
|---|---|---|
api-log-jpa-demo |
JPA backend — Spring MVC + RestApiClientUtil (blocking) + JpaApiLogWriter. Reads the logged rows via ApiLogRepository (Spring Data JPA). The most common drop-in for Servlet/JPA apps. |
 |
api-log-mybatis-demo |
MyBatis backend — Spring MVC + RestApiClientUtil + MybatisApiLogWriter. Uses the bundled ApiLogMapper for by-request lookup, plus a custom ApiLogQueryMapper (xml) for recent / by-event queries. For teams already on MyBatis who don't want JPA. |
 |
api-log-r2dbc-demo |
R2DBC backend (reactive) — WebFlux + ReactiveApiClientUtil (Mono-based) + R2dbcApiLogWriter. Reader uses DatabaseClient for streaming Flux<ApiLogView>. Entire HTTP path is non-blocking; api-log writes also non-blocking. For WebFlux apps that have no JDBC anywhere on the request path. |
 |
- Each demo is a standalone Gradle project — its own
settings.gradle.kts,build.gradle.kts, andgradlew. Demos do not share a root build, so their dependency versions and JDK targets can drift independently. - Each demo depends on the latest stable release of the starter it showcases (pinned by version in
build.gradle.kts). Dependabot bumps it on new releases. - This repo is not versioned or tagged — demos are not published artifacts.
mainis the source of truth. - Each demo has its own
README.mdwith quickstart, prerequisites, and a tour of what the starter is doing.
- Create
<starter-shortname>-demo/at the repo root. - Copy the layout of an existing demo (e.g.
easy-paging-demo/) as a template. - Add a row to the table above linking to the demo and to its starter on Maven Central.
- CI auto-detects the new demo from the presence of
build.gradle.kts— no workflow changes needed.
Pull requests build only the demos whose files changed. Pushes to main build every demo (catches drift from starter version bumps).