Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spring Cloud Gateway: Resilience and Security

Thomas Vitale
June 11, 2021
Programming
0
200

Spring Cloud Gateway: Resilience and Security

Do you want to use a microservices architecture? Are you looking for a solution to manage access to single services from clients? How can you ensure resilience and security for your entire system? Spring Cloud Gateway is a project based on Reactor, Spring WebFlux, and Spring Boot which provides an effective way to route traffic to your APIs and address cross-cutting concerns.

In this session, I'll show you how to configure an API gateway to route traffic to your microservices architecture and implement solutions to improve the resilience of your system with patterns like circuit breakers, retries, fallbacks, and rate limiters using Spring Cloud Circuit Breaker and Resilience4J. Since the gateway is the entry point of your system, it’s also an excellent candidate to implement security concerns like user authentication. I'll show you how to do that with Spring Security, OAuth2 and OpenID Connect, relying on Spring Redis Reactive to manage sessions.

Thomas Vitale

June 11, 2021
Tweet

More Decks by Thomas Vitale

See All by Thomas Vitale
Next-Generation Cloud Native Apps with Spring Boot 3
thomasvitale
0
100
Developer Experience with Spring Boot on Kubernetes
thomasvitale
0
26
Multitenant Mystery - Only Rockers in the Building
thomasvitale
1
110
Developer Experience with Java on Kubernetes
thomasvitale
0
23
Observability and Efficiency with Spring Boot 3
thomasvitale
0
63
Paved Paths to Production – There and Back Again
thomasvitale
1
73
A Paved Path to Production on Kubernetes
thomasvitale
1
84
Spring Cloud Gateway: Resilience, Security, and Observability (Golden Path to SpringOne 2023)
thomasvitale
0
99
Kustomize
thomasvitale
0
19

Other Decks in Programming

See All in Programming
JRuby: Looking Forward
headius
1
100
NewCrafts: Let's Do a Thing and Call it Foo
maaretp
0
100
Mitigate Attacks on your PHP Supply Chain
dunglas
2
570
ランニングコストやっべぇぞ!ECS/FargateでECRへのアクセスについて
honma12345
0
840
初めてのKubernetes (ハンズオン)
nearme_tech
0
140
これだけは知っておきたいクラス設計の基礎知識
masuda220
PRO
19
13k
SpringIO_19-05-2023.pdf
ancaghenade
0
120
その Swift コード、
こう書き換えてみないか / Polishing your Swift code with me!
treastrain
1
3.4k
Let's write RBS!
pocke
0
1.8k
サイト信頼性を高める前に開発チームからの信頼性を高めよう
syossan27
9
2.2k
From Mobile to Backend with Kotlin and Ktor - plDroid
prof18
0
140
フロントエンドエンジニアの友人と“型”で話がすれ違った原因 YUMEMI.grow合同LT会in横浜 @Kaito-Dogi
doggy
1
360

Featured

See All Featured
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Adopting Sorbet at Scale
ufuk
66
8k
Support Driven Design
roundedbygravity
88
9k
Fantastic passwords and where to find them - at NoRuKo
philnash
33
2k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
3
540
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
Building Effective Engineering Teams - LeadDev
addyosmani
5
590
BBQ
matthewcrist
75
8.2k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
8.4k
Building Your Own Lightsaber
phodgson
96
5k

Transcript

  1. Thomas Vitale
    GOTO Aarhus
    Jun 11th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View Slide

  2. Thomas Vitale
    • Senior Software Engineer at
    Systematic, Denmark.

    • Spring, Cloud Native, DevOps,
    Kubernetes, Application Security.

    • Author of “Cloud Native Spring
    in Action” (Manning).
    About Me

    View Slide

  3. API gateway
    thomasvitale.com @vitalethomas

    View Slide

  4. Scenarios
    Di
    ff
    erent clients need
    di
    ff
    erent APIs
    Cross-cutting concerns in
    distributed systems
    Uni
    fi
    ed interface for
    microservices
    Strangling the monolith
    thomasvitale.com @vitalethomas

    View Slide

  5. The Library System
    Book Service
    [Container: Spring Boot]
    Provides functionality for
    managing the library books.
    Book Database
    [Container: PostgreSQL]
    Stores book information.
    Reads from and writes to
    [JDBC]
    Library
    [Software System]
    Uses
    [REST/HTTP]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A user of the
    Library application.
    Uses
    Single-Page Application
    [Container: Angular]
    Provides the Library
    functionality to users.
    Session Store
    [Container: Redis]
    Stores web session
    information.
    Reads from and writes to
    [RESP]
    Delivers to the user's web browser
    Uses
    Loan Service
    [Container: Spring Boot]
    Provides functionality for
    book loans.
    Uses
    [REST/HTTP]
    Account Service
    [Container: Spring Boot]
    Provides functionality for
    managing accounts.
    Uses
    [REST/HTTP]

    View Slide

  6. Reactive Spring
    thomasvitale.com @vitalethomas

    View Slide

  7. Thread-per-request
    thomasvitale.com @vitalethomas
    Thread Pool
    Intensive
    Operation
    Thread 1
    Thread 2
    Thread 3
    Request
    Request
    Request
    Blocking,
    wait for result
    One thread
    per request

    View Slide

  8. Event Loop
    thomasvitale.com @vitalethomas
    Intensive
    Operation
    Non-Blocking,
    non waiting for result
    Just a few threads,
    processing multiple
    requests
    Event Loop
    Event Queue
    Request/Response
    schedule
    event
    register
    callback
    operation
    complete
    trigger
    callback

    View Slide

  9. Reactive Spring
    thomasvitale.com @vitalethomas
    https://spring.io/reactive

    View Slide

  10. Spring Cloud Gateway
    thomasvitale.com @vitalethomas

    View Slide

  11. The Architecture
    thomasvitale.com @vitalethomas
    Client Predicates
    HandlerMapping
    Pre-Filters
    WebHandler
    Global Filters
    Post-Filters
    Downstream
    Service
    Spring Cloud Gateway
    Request
    Response

    View Slide

  12. Retry
    thomasvitale.com @vitalethomas

    View Slide

  13. Retry
    thomasvitale.com @vitalethomas
    Book Route Retry Book Controller
    Edge Service Book Service
    t t t
    1. Send HTTP request
    2. Receive HTTP 503 error
    3. Retry HTTP request
    4. Receive HTTP 503 error
    5. Retry HTTP request
    6. Receive successfull HTTP response after second retry attempt

    View Slide

  14. Request Rate Limiter
    thomasvitale.com @vitalethomas

    View Slide

  15. Rate Limiter
    thomasvitale.com @vitalethomas
    https://stripe.com/blog/rate-limiters

    View Slide

  16. Circuit Breaker
    thomasvitale.com @vitalethomas

    View Slide

  17. Circuit Breaker
    thomasvitale.com @vitalethomas
    CLOSED
    HALF_OPEN
    OPEN
    Trip breaker when
    failure rate above
    threshold
    Attempt reset after
    wait duration
    Trip breaker after
    failure rate above
    threshold
    Reset breaker when
    failure rate below
    threshold

    View Slide

  18. Time Limiter
    thomasvitale.com @vitalethomas

    View Slide

  19. Time Limiter and Fallback
    thomasvitale.com @vitalethomas
    Book Route
    Time Limiter
    Fallback
    Time Limiter Book Controller
    Edge Service Book Service
    t t t t
    1. Send HTTP request
    2a. Receive successfull HTTP response within the time limit
    2b. Throw exception when timeout expires and no fallback defined
    2c. Return fallback when defined and timeout expires

    View Slide

  20. User Authentication
    thomasvitale.com @vitalethomas

    View Slide

  21. 2 OAuth2 Client
    3 OAuth2 Resource Server
    1 Session Management
    Security
    thomasvitale.com @vitalethomas

    View Slide

  22. Observability
    thomasvitale.com @vitalethomas

    View Slide

  23. With Spring Boot and Kubernetes
    • 35% discount code, valid for
    all products in all format

    • ctwgotoaar21


    • manning.com
    Cloud Native Spring in Action
    www.thomasvitale.com @vitalethomas

    View Slide

  24. Thomas Vitale
    GOTO Aarhus
    Jun 11th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View Slide