Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spring Cloud Gateway - Resilience & Security

Spring Cloud Gateway - Resilience & Security

How to build an API gateway and implement cross-cutting concerns like security and resilience, using Spring Cloud Gateway, Spring Cloud Circuit Breaker, Resilience4J, Spring Data Reactive Redis, and Spring Security OAuth.

C20b9829daddbee16e359b0a750660a5?s=128

Thomas Vitale

March 01, 2021
Tweet

Transcript

  1. Thomas Vitale @vitalethomas thomasvitale.com Spring Cloud Gateway Security and Resilience

    Spring User Group Italia - 25/02/2021
  2. Thomas Vitale • Senior Software Engineer at Systematic, Denmark. •

    Spring, Cloud Native, DevOps, Application Security. • Author of “Cloud Native Spring in Action - With Spring Boot and Kubernetes” (Manning). About Me
  3. API Gateway thomasvitale.com @vitalethomas

  4. Scenarios Di ff erent clients need di ff erent APIs

    Cross-cutting concerns in distributed systems Uni fi ed interface for microservices Strangling the monolith thomasvitale.com @vitalethomas
  5. The Library System Book Service [Container: Spring Boot] Provides functionality

    for managing the library books. Book Database [Container: PostgreSQL] Stores book information. Reads from and writes to [JDBC] Library [Software System] Uses [REST/HTTP] Edge Service [Container: Spring Boot] Provides API gateway and cross-cutting concerns. User [Person] A user of the Library application. Uses Single-Page Application [Container: Angular] Provides the Library functionality to users. Session Store [Container: Redis] Stores web session information. Reads from and writes to [RESP] Delivers to the user's web browser Uses Loan Service [Container: Spring Boot] Provides functionality for book loans. Uses [REST/HTTP] Account Service [Container: Spring Boot] Provides functionality for managing accounts. Uses [REST/HTTP]
  6. Spring Cloud Gateway https://spring.io/projects/spring-cloud-gateway thomasvitale.com @vitalethomas

  7. Reactive Spring thomasvitale.com @vitalethomas

  8. Thread-per-request thomasvitale.com @vitalethomas Thread Pool Intensive Operation Thread 1 Thread

    2 Thread 3 Request Request Request Blocking, wait for result One thread per request
  9. Event Loop thomasvitale.com @vitalethomas Intensive Operation Non-Blocking, non waiting for

    result Just a few threads, processing multiple requests Event Loop Event Queue Request/Response schedule event register callback operation complete trigger callback
  10. Reactive Spring thomasvitale.com @vitalethomas https://spring.io/reactive

  11. Spring Cloud Gateway thomasvitale.com @vitalethomas

  12. The Architecture thomasvitale.com @vitalethomas Client Predicates HandlerMapping Pre-Filters WebHandler Global

    Filters Post-Filters Downstream Service Spring Cloud Gateway Request Response
  13. Retry thomasvitale.com @vitalethomas Book Route Retry Book Controller Edge Service

    Book Service t t t 1. Send HTTP request 2. Receive HTTP 503 error 3. Retry HTTP request 4. Receive HTTP 503 error 5. Retry HTTP request 6. Receive successfull HTTP response after second retry attempt
  14. Rate Limiter thomasvitale.com @vitalethomas https://stripe.com/blog/rate-limiters

  15. Circuit Breaker thomasvitale.com @vitalethomas CLOSED HALF_OPEN OPEN Trip breaker when

    failure rate above threshold Attempt reset after wait duration Trip breaker after failure rate above threshold Reset breaker when failure rate below threshold
  16. Time Limiter and Fallback thomasvitale.com @vitalethomas Book Route Time Limiter

    Fallback Time Limiter Book Controller Edge Service Book Service t t t t 1. Send HTTP request 2a. Receive successfull HTTP response within the time limit 2b. Throw exception when timeout expires and no fallback defined 2c. Return fallback when defined and timeout expires
  17. 2 OAuth2 Client 3 OAuth2 Resource Server 1 Session Management

    Security thomasvitale.com @vitalethomas
  18. With Spring Boot and Kubernetes • 35% discount code, valid

    for all products in all format • mtpspring21 • manning.com Cloud Native Spring in Action www.thomasvitale.com @vitalethomas
  19. Thomas Vitale @vitalethomas thomasvitale.com Spring Cloud Gateway Security and Resilience

    Spring User Group Italia - 25/02/2021