Slide 1

Slide 1 text

Matt Raible | @mraible September 30, 2020 Java REST API Comparison Micronaut, Quarkus, and Spring Boot Photo by Matt Duncan on https://unsplash.com/photos/IUY_3DvM__w

Slide 2

Slide 2 text

Matt Raible Developer Advocate Okta @mraible I ❤ Java AND JavaScript! https://jconf.dev

Slide 3

Slide 3 text

@mraible Who is Matt Raible? Father, Husband, Skier, Mountain Biker, Whitewater Rafter Bus Lover Web Developer and Java Champion Okta Developer Advocate Blogger on raibledesigns.com and developer.okta.com/blog @mraible

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

@mraible Today’s Agenda Why Java? Build { REST, GraphQL } APIs with Java Secure your APIs with OAuth 2.1 Build with Docker Go Native with GraalVM https://unsplash.com/photos/JsTmUnHdVYQ

Slide 8

Slide 8 text

@mraible Why Java? 25 Years of use, abuse, and improvements Open Source code is available; many popular open source frameworks and tools Hugely Popular and widely used by many enterprises and web-scale companies

Slide 9

Slide 9 text

@mraible Download the JDK from OpenJDK https://jdk.java.net/15 Or from AdoptOpenJDK https://adoptopenjdk.net Get Started with Java 15

Slide 10

Slide 10 text

@mraible Get Started with Java 15 Better yet, use SDKMAN! curl -s https://get.sdkman.io | bash sdk install java 15.0.0.hs-adpt

Slide 11

Slide 11 text

What’s New in Java 15 https://blogs.oracle.com/java-platform-group/the-arrival-of-java-15

Slide 12

Slide 12 text

https://developer.okta.com/blog/2020/01/09/java-rest-api-showdown Build REST APIs with Java

Slide 13

Slide 13 text

Serverless https://unsplash.com/photos/glRqyWJgUeY

Slide 14

Slide 14 text

@mraible sdk install micronaut mn create-app com.okta.rest.app \ -b maven -f security-jwt Get Started with Micronaut

Slide 15

Slide 15 text

https://micronaut.io/launch

Slide 16

Slide 16 text

package com.okta.rest.controller; import io.micronaut.http.MediaType; import io.micronaut.http.annotation.Controller; import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Produces; import io.micronaut.security.annotation.Secured; import io.micronaut.security.rules.SecurityRule; import java.security.Principal; @Controller("/hello") public class HelloController { @Get @Secured(SecurityRule.IS_AUTHENTICATED) @Produces(MediaType.TEXT_PLAIN) public String hello(Principal principal) { return "Hello, " + principal.getName() + "!"; } }

Slide 17

Slide 17 text

micronaut.security.enabled=true micronaut.security.token.jwt.enabled=true micronaut.security.token.jwt.signatures.jwks.okta.url= https://dev-133337.okta.com/oauth2/default/v1/keys Micronaut JWT Security

Slide 18

Slide 18 text

micronaut.security.enabled=true micronaut.security.token.jwt.enabled=true micronaut.security.token.jwt.signatures.jwks.okta.url= https://dev-133337.okta.com/oauth2/default/v1/keys Micronaut JWT Security https://micronaut-projects.github.io/micronaut-security/latest/guide/#jwt

Slide 19

Slide 19 text

Install HTTPie (a better cURL) $ install httpie https://httpie.org

Slide 20

Slide 20 text

Test Micronaut with HTTPie https://httpie.org mvn mn:run http :8080/hello TOKEN=eyJraWQiOiJxOE1QMjFNNHZCVmxOSkxGbFFWNlN... http :8080/hello Authorization:"Bearer $TOKEN"

Slide 21

Slide 21 text

Verify Micronaut API with HTTPie

Slide 22

Slide 22 text

@mraible Get Started with Quarkus mvn io.quarkus:quarkus-maven-plugin:1.8.1.Final:create \ -DprojectGroupId=com.okta.rest \ -DprojectArtifactId=quarkus \ -DclassName="com.okta.rest.quarkus.HelloResource" \ -Dpath="/hello" \ -Dextensions="jwt"

Slide 23

Slide 23 text

https://code.quarkus.io

Slide 24

Slide 24 text

package com.okta.rest.quarkus; import io.quarkus.security.Authenticated; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.SecurityContext; import java.security.Principal; @Path("/hello") public class HelloResource { @GET @Path("/") @Authenticated @Produces(MediaType.TEXT_PLAIN) public String hello(@Context SecurityContext context) { Principal userPrincipal = context.getUserPrincipal(); return "Hello, " + userPrincipal.getName() + "!"; } }

Slide 25

Slide 25 text

mp.jwt.verify.publickey.location= https://dev-133337.okta.com/ oauth2/default/v1/keys mp.jwt.verify.issuer=https:// dev-133337.okta.com/oauth2/ default MicroProfile JWT Security https://www.eclipse.org/community/eclipse_newsletter/2017/september/article2.php

Slide 26

Slide 26 text

mp.jwt.verify.publickey.location= https://dev-133337.okta.com/ oauth2/default/v1/keys mp.jwt.verify.issuer=https:// dev-133337.okta.com/oauth2/ default MicroProfile JWT Security https://www.eclipse.org/community/eclipse_newsletter/2017/september/article2.php

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

Test Quarkus with HTTPie https://httpie.org mvn compile quarkus:dev http :8080/hello TOKEN=eyJraWQiOiJxOE1QMjFNNHZCVmxOSkxGbFFWNlN... http :8080/hello Authorization:"Bearer $TOKEN"

Slide 29

Slide 29 text

Verify Quarkus API with HTTPie

Slide 30

Slide 30 text

@mraible Get Started with Spring Boot http https://start.spring.io/starter.zip \ dependencies==web,okta \ packageName==com.okta.rest \ name=spring-boot \ type=maven-project \ -o spring-boot.zip

Slide 31

Slide 31 text

https://start.spring.io

Slide 32

Slide 32 text

package com.okta.rest.controller; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import java.security.Principal; @RestController public class HelloController { @GetMapping("/hello") public String hello(@AuthenticationPrincipal Principal principal) { return "Hello, " + principal.getName() + "!"; } }

Slide 33

Slide 33 text

Spring Security OAuth 2.0 Resource Server https://docs.spring.io/spring-security/site/docs/5.4.0/reference/html5/#oauth2resourceserver okta.oauth2.issuer=https://dev-133337.okta.com/ oauth2/default

Slide 34

Slide 34 text

Test Spring Boot with HTTPie https://httpie.org mvn spring-boot:run http :8080/hello TOKEN=eyJraWQiOiJxOE1QMjFNNHZCVmxOSkxGbFFWNlN... http :8080/hello Authorization:"Bearer $TOKEN"

Slide 35

Slide 35 text

Verify Spring Boot API with HTTPie

Slide 36

Slide 36 text

@mraible Startup Performance Milliseconds 0 525 1050 1575 2100 Micronaut Quarkus Spring Boot 1,878 658 596 1,014 1,132 474 Dev Startup (mvn) Packaged Startup (java -jar)

Slide 37

Slide 37 text

@mraible Build GraphQL APIs with Java Why GraphQL? Does your favorite framework support GraphQL? Micronaut https://micronaut-projects.github.io/micronaut-graphql/latest/guide Quarkus https://quarkus.io/guides/microprofile-graphql Spring Boot https://github.com/leangen/graphql-spqr-spring-boot-starter

Slide 38

Slide 38 text

@mraible Secure your API with OAuth 2.0 https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1

Slide 39

Slide 39 text

@mraible Secure your API with OAuth 2.1 https://oauth.net/2.1 PKCE is required for all clients using the authorization code flow Redirect URIs must be compared using exact string matching The Implicit grant is omitted from this specification The Resource Owner Password Credentials grant is omitted from this specification Bearer token usage omits the use of bearer tokens in the query string of URIs Refresh tokens for public clients must either be sender-constrained or one-time use

Slide 40

Slide 40 text

@mraible Authenticate with OpenID Connect (OIDC) What is OpenID Connect? Does your favorite framework support OIDC authentication? Micronaut https://guides.micronaut.io/micronaut-oauth2-okta/guide Quarkus https://quarkus.io/guides/security-openid-connect-web-authentication Spring Boot https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2login

Slide 41

Slide 41 text

@mraible What about Testing?

Slide 42

Slide 42 text

@mraible Build with Docker Create a Dockerfile FROM openjdk:15-alpine ARG JAR_FILE=target/*.jar COPY ${JAR_FILE} app.jar EXPOSE 8080 ENTRYPOINT ["java","-jar","/app.jar"]

Slide 43

Slide 43 text

@mraible Build with Docker Build your image docker build -t . Run your image docker run -i --rm -p 8080:8080

Slide 44

Slide 44 text

@mraible Build with Docker: Jib Get Jibby with it! mvn verify jib:build Or build directly to your Docker daemon mvn verify jib:dockerBuild https://github.com/GoogleContainerTools/jib

Slide 45

Slide 45 text

@mraible Build with Docker Micronaut generates a Dockerfile Quarkus generates three Docker-related files Dockerfile.fast-jar Dockerfile.jvm Dockerfile.native Quarkus + Jib mvn quarkus:add-extension -Dextensions="container-image-jib"

Slide 46

Slide 46 text

@mraible Build with Docker Spring Boot 2.3+ has built-in support mvn spring-boot:build-image Uses layered JARs for for faster builds dependencies snapshot-dependencies resources application https://spring.io/blog/2020/01/27/creating-docker-images-with-spring-boot-2-3-0-m1

Slide 47

Slide 47 text

@mraible Use Micronaut CLI mn create-app ... -f graalvm mn feature-diff --features=graalvm mvn package ./docker-build.sh Go Native with GraalVM and Micronaut https://docs.micronaut.io/latest/guide/#graal

Slide 48

Slide 48 text

@mraible Go Native with GraalVM and Quarkus It’s built-in to Quarkus! mvn package -Pnative -Dquarkus.native.container-build=true Then build the image docker build -f src/main/docker/Dockerfile.native -t . And run it docker run -i --rm -p 8080:8080 https://quarkus.io/guides/building-native-image

Slide 49

Slide 49 text

@mraible Go Native with GraalVM and Spring Boot Upgrade to Spring 2.4.0-M2 2.4.0-M2 Update configuration to avoid proxies https://tanzu.vmware.com/content/slides/the-path-towards-spring-boot-native-applications-2 @SpringBootApplication(proxyBeanMethods = false) public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } }

Slide 50

Slide 50 text

@mraible Go Native with GraalVM and Spring Boot Add Milestone repositories to your pom.xml spring-milestones Spring Milestones https://repo.spring.io/milestone spring-milestones Spring Milestones https://repo.spring.io/milestone

Slide 51

Slide 51 text

@mraible Go Native with GraalVM and Spring Boot Configure your Spring Boot Maven Plugin org.springframework.boot spring-boot-maven-plugin 1 -Dspring.native.remove-yaml-support=true -Dspring.spel.ignore=true --enable-https https://www.graalvm.org/reference-manual/native-image/JCASecurityServices/

Slide 52

Slide 52 text

@mraible Go Native with GraalVM and Spring Boot Add Spring GraalVM dependency org.springframework.experimental spring-graalvm-native 0.8.0 Build the native application mvn spring-boot:build-image

Slide 53

Slide 53 text

@mraible Go Native with GraalVM and Spring Boot Run your native Spring Boot app! docker run -p 8080:8080 docker.io/library/demo:0.0.1-SNAPSHOT https://github.com/okta/okta-spring-boot/issues/192

Slide 54

Slide 54 text

@mraible Attempted Workaround for Okta + GraalVM Use Spring Security’s resource server org.springframework.boot spring-boot-starter-security org.springframework.security spring-security-oauth2-resource-server org.springframework.security spring-security-oauth2-jose spring.security.oauth2.resourceserver.jwt.issuer-uri=https://...

Slide 55

Slide 55 text

@mraible Native Startup Performance Milliseconds 0 12.5 25 37.5 50 September 21, 2020 13 26 Micronaut Quarkus

Slide 56

Slide 56 text

@mraible Tests Run on a 2019 MacBook Pro

Slide 57

Slide 57 text

Community

Slide 58

Slide 58 text

@mraible Stack Overflow Tags 0 26250 52500 78750 105000 September 20, 2020 91,030 919 732 Micronaut Quarkus Spring Boot

Slide 59

Slide 59 text

@mraible GitHub Stars 0 15000 30000 45000 60000 September 20, 2020 50,600 5,900 4,100 Micronaut Quarkus Spring Boot

Slide 60

Slide 60 text

star-history.t9t.io/#micronaut-projects/micronaut-core&quarkusio/quarkus&spring-projects/spring-boot GitHub Star Growth

Slide 61

Slide 61 text

@mraible Jobs on Indeed (US) 0 1050 2100 3150 4200 September 20, 2020 3,745 10 12 Micronaut Quarkus Spring Boot

Slide 62

Slide 62 text

Hot Frameworks https://hotframeworks.com

Slide 63

Slide 63 text

@mraible JHipster Support Micronaut Blueprint - github.com/jhipster/generator-jhipster-micronaut - v0.3.8, 15 releases, 12 contributors, 289 commits // TODO: NoSQL, Reactive, Microservices, Graal VM native images Quarkus Blueprint - github.com/jhipster/jhipster-quarkus - v0.1.6, 7 releases, 7 contributors, 80 commits // TODO: Gradle, OAuth / OIDC, NoSQL, Reactive, Microservices

Slide 64

Slide 64 text

https://developer.okta.com/blog/2020/08/17/micronaut-jhipster-heroku

Slide 65

Slide 65 text

@mraible Action!

Slide 66

Slide 66 text

developer.okta.com/blog @oktadev

Slide 67

Slide 67 text

Curious about Microservice Security? https://developer.okta.com/blog/2020/03/23/microservice-security-patterns

Slide 68

Slide 68 text

Thanks! Keep in Touch raibledesigns.com @mraible Presentations speakerdeck.com/mraible Code github.com/oktadeveloper developer.okta.com

Slide 69

Slide 69 text

developer.okta.com