Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Microservices for the Masses with Spring Boot, JHipster, and JWT - J-Spring 2017

Matt Raible
PRO
May 10, 2017
Technology
3
1.8k

Microservices for the Masses with Spring Boot, JHipster, and JWT - J-Spring 2017

Microservices are all the rage and being deployed by many Java Hipsters. If you’re working on a large team that needs different release cycles for product components, microservices can be a blessing. If you’re working at your VW Restoration Shop and running its online store with your own software, having five services to manage and deploy can be a real pain. Share your knowledge and experience about microservices in this informative and code-heavy talk.

We’ll use JHipster (a Yeoman generator) to create Angular + Spring Boot apps on separate instances with a unified front-end. I’ll also show you options for securing your API gateway and individual applications using JWT. Docker, ELK, Spring Cloud, Okta; there will be plenty of interesting demos to see!

Matt Raible
PRO

May 10, 2017
Tweet

More Decks by Matt Raible

See All by Matt Raible
Micro Frontends for Java Developers - Devoxx UK 2023
mraible
PRO
1
210
OAuth for Java Developers - Codemotion Madrid 2023
mraible
PRO
0
310
OAuth for Java Developers - IntelliJ IDEA Live Stream 2023
mraible
PRO
0
430
Reactive Microservices with Spring Boot and JHipster - The Golden Path to SpringOne 2023
mraible
PRO
0
160
OAuth for Java Developers - Denver JUG 2023
mraible
PRO
0
370
What the Heck is OAuth - Boulder JUG 2023
mraible
PRO
0
270
How to Achieve Massive Productivity at Work - Denver JUG 2022
mraible
PRO
2
220
Web App Security for Java Developers - London JUG 2022
mraible
PRO
1
490
Comparing Native Java REST API Frameworks - Manchester JUG 2022
mraible
PRO
0
370

Other Decks in Technology

See All in Technology
CloudWatch複合アラームでELBの5XXをいい感じに検知しようとしたらうまくいかなかった話 / cloudwatch alarm elb 5xx
gotok365
0
600
Head toward Java 20 and Java 21
line_developers
PRO
0
350
Антихрупкость в IT или как полюбить изменения
alexanderbyndyu
0
430
IaCのCI/CDを考えよう / JAWS-UG_Okayama_IaC_CICD
taishin
1
170
NAB Show 2023 動画技術関連レポート / NAB Show 2023 Report
cyberagentdevelopers
PRO
1
140
無理なく始めるGoでのユニットテストの並行化戦略
shohata
1
510
Microsoft Build 2023 で発表された Cosmos DB の注目アップデート / Microsoft Build 2023 Cosmos DB update
miyake
1
210
GLOBIS データサイエンスチームのご紹介/ GLOBIS Data Science Team is hiring.
globis_gdp
0
1.9k
Spotify API を使ったアイマス楽曲の楽しみ方
takemikami
0
120
Go1.20からサポートされるtree構造のerrの紹介と、treeを考慮した複数マッチができるライブラリを作った話/introduction of tree structure err added since go 1_20
convto
0
180
「時系列データ」を ChatGPT で活かすには?!
soracom
PRO
0
440
ABEMAのRenderScript Intrinsics Replacement Toolkit 導入事例
takahana
0
280

Featured

See All Featured
Designing for Performance
lara
601
65k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.7k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
7
1k
Happy Clients
brianwarren
90
6k
Raft: Consensus for Rubyists
vanstee
130
5.8k
Web Components: a chance to create the future
zenorocha
304
41k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
130
8.9k
Intergalactic Javascript Robots from Outer Space
tanoku
263
26k
Teambox: Starting and Learning
jrom
124
8k
Fireside Chat
paigeccino
18
2.1k

Transcript

  1. View Slide

  2. View Slide

  3. View Slide

  4. View Slide

  5. View Slide

  6. Conway’s Law
    Any organization that designs a system (defined
    broadly) will produce a design whose structure is a copy
    of the organization’s communication structure.
    Melvyn Conway 1967

    View Slide

  7. "Do one thing and do it well."

    View Slide

  8. The Future?

    View Slide

  9. You shouldn’t start with a microservices architecture.
    Instead begin with a monolith, keep it modular, and split
    it into microservices once the monolith becomes a
    problem.
    Martin Fowler March 2014

    View Slide

  10. View Slide

  11. View Slide

  12. View Slide

  13. start.spring.io

    View Slide

  14. View Slide

  15. View Slide

  16. View Slide

  17. View Slide

  18. Microservices are awesome, but they’re not free.
    Les Hazlewood Stormpath CTO

    View Slide

  19. Spring Boot Demo

    View Slide

  20. View Slide

  21. View Slide

  22. Securing Your API
    Choose the Right API Security Protocol
    Basic API Authentication with TLS (aka SSL)
    OAuth 1.0a, OAuth 2.0, OpenID Connect
    API Keys vs. Username/Password Authentication
    Store Your API Security Key securely
    Use globally unique IDs (e.g. Url62)
    Avoid sessions, especially in URLs

    View Slide

  23. JSON Web Tokens

    View Slide

  24. Create a JWT in Java
    String jwt = Jwts.builder()
    .setSubject("users/TzMUocMF4p")
    .setExpiration(new Date(1300819380))
    .claim("name", "Robert Token Man")
    .claim("scope", "self groups/admins")
    .signWith(
    SignatureAlgorithm.HS256,
    "secret".getBytes("UTF-8")
    )
    .compact();

    View Slide

  25. Validating a JWT
    String jwt = // get JWT from Authorization header
    Jws claims = Jwts.parser()
    .setSigningKey("secret".getBytes("UTF-8"))
    .parseClaimsJws(jwt)
    String scope = claims.getBody().get("scope")
    assertEquals(scope, "self groups/admins");

    View Slide

  26. Better Secret
    String b64EncodedSecret =
    "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=";
    .signWith(SignatureAlgorithm.HS256,
    TextCodec.BASE64.decode(b64EncodedSecret))

    View Slide

  27. View Slide

  28. View Slide

  29. JHipster by the numbers
    +250 contributors
    +6800 Github stars
    +480,000 installations
    +150 companies officially using it

    View Slide

  30. How to use JHipster
    To install JHipster, you run an npm command:
    $ npm install -g generator-jhipster
    $ mkdir myapp && cd myapp
    $ yo jhipster

    View Slide

  31. What’s Generated?
    Spring Boot application
    Angular application
    Liquibase changelog files
    Configuration files

    View Slide

  32. Security Screens
    Several generated screens
    Login, logout, forgot password
    Account management
    User management
    Useful for most applications
    Pages must be tweaked
    User roles will be added/extended
    Provides good examples of working screens
    Forms, directives, validation…

    View Slide

  33. Admin Screens
    Monitoring
    Health
    Spring Boot configuration
    Spring Security audits
    Log management
    Very useful in production

    View Slide

  34. Liquibase

    View Slide

  35. Microservices with JHipster

    View Slide

  36. View Slide

  37. Microservices are not free, but you get a deep discount
    on microservices with JHipster.
    Matt Raible 2016

    View Slide

  38. JHipster.next
    JHipster CLI
    gRPC Support
    React Support
    Spring 5 and Reactive
    Improved Kafka Support

    View Slide

  39. View Slide

  40. Do one thing and do it well.
    Unix philosophy

    View Slide

  41. This Presentation and Demos
    https://github.com/mraible/microservices-for-the-masses

    View Slide

  42. View Slide

  43. Image Credits
    Fountain of colours - Paulius Malinovskis on Flickr
    Ponte dell’Accademia at Sunrise - Trey Ratcliff on Stuck in Customs
    Conway’s Law - Martin Fowler and James Lewis on Microservices
    Good Morning Denver - Sheila Sund on Flickr
    Monoliths - Arches National Park on Flickr
    Mexico - Trish McGinity on McGinity Photo
    Future - vivianhir on Flickr
    Spring Runoff - Ian Sane on Flickr
    The memory Seeker, Santa Monica Pier, CA - Pacheco on Flickr
    San Francisco By Night - Trish McGinity on McGinity Photo

    View Slide