Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK 2017

Transcript

1. None
2. None
3. None
4. None
5. None

6. Conway’s Law Any organization that designs a system (defined broadly)

   will produce a design whose structure is a copy of the organization’s communication structure. Melvyn Conway 1967

7. "Do one thing and do it well."

8. The Future?

9. You shouldn’t start with a microservices architecture. Instead begin with

   a monolith, keep it modular, and split it into microservices once the monolith becomes a problem. Martin Fowler March 2014
10. None
11. None
12. None

13. start.spring.io

14. None
15. None
16. None
17. None

18. Microservices are awesome, but they’re not free. Les Hazlewood Stormpath

    CTO
19. None
20. None
21. None
22. None

23. Securing Your API Choose the Right API Security Protocol Basic

    API Authentication with TLS (aka SSL) OAuth 1.0a, OAuth 2.0, OpenID Connect API Keys vs. Username/Password Authentication Store Your API Security Key securely Use globally unique IDs (e.g. Url62) Avoid sessions, especially in URLs

24. JSON Web Tokens

25. Create a JWT in Java String jwt = Jwts.builder() .setSubject("users/TzMUocMF4p")

    .setExpiration(new Date(1300819380)) .claim("name", "Robert Token Man") .claim("scope", "self groups/admins") .signWith( SignatureAlgorithm.HS256, "secret".getBytes("UTF-8") ) .compact();

26. Validating a JWT String jwt = // get JWT from

    Authorization header Jws<Claims> claims = Jwts.parser() .setSigningKey("secret".getBytes("UTF-8")) .parseClaimsJws(jwt) String scope = claims.getBody().get("scope") assertEquals(scope, "self groups/admins");

27. Better Secret String b64EncodedSecret = "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E="; .signWith(SignatureAlgorithm.HS256, TextCodec.BASE64.decode(b64EncodedSecret))

28. None
29. None

30. JHipster by the numbers +250 contributors +6800 Github stars +480,000

    installations +150 companies officially using it

31. How to use JHipster To install JHipster, you run an

    npm command: $ npm install -g generator-jhipster $ mkdir myapp && cd myapp $ yo jhipster

32. What’s Generated? Spring Boot application Angular application Liquibase changelog files

    Configuration files

33. Security Screens Several generated screens Login, logout, forgot password Account

    management User management Useful for most applications Pages must be tweaked User roles will be added/extended Provides good examples of working screens Forms, directives, validation…

34. Admin Screens Monitoring Health Spring Boot configuration Spring Security audits

    Log management Very useful in production

35. Liquibase

36. Microservices with JHipster

37. None

38. JHipster on Google Cloud https://youtu.be/dgVQOYEwleA

39. Microservices are not free, but you get a deep discount

    on microservices with JHipster. Matt Raible 2016

40. JHipster.next JHipster CLI gRPC Support React Support Spring 5 and

    Reactive Improved Kafka Support
41. None

42. Do one thing and do it well. Unix philosophy

43. This Presentation and Demos https://github.com/mraible/microservices-for-the-masses

44. None
45. None

46. Image Credits Fountain of colours - Paulius Malinovskis on Flickr

    Ponte dell’Accademia at Sunrise - Trey Ratcliff on Stuck in Customs Conway’s Law - Martin Fowler and James Lewis on Microservices Good Morning Denver - Sheila Sund on Flickr Monoliths - Arches National Park on Flickr Mexico - Trish McGinity on McGinity Photo Future - vivianhir on Flickr Spring Runoff - Ian Sane on Flickr The memory Seeker, Santa Monica Pier, CA - Pacheco on Flickr San Francisco By Night - Trish McGinity on McGinity Photo