Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spring Cloud Gateway: Resilience and Security

Spring Cloud Gateway: Resilience and Security

Do you want to use a microservices architecture? Are you looking for a solution to manage access to single services from clients? How can you ensure resilience and security for your entire system? Spring Cloud Gateway is a project based on Reactor, Spring WebFlux, and Spring Boot which provides an effective way to route traffic to your APIs and address cross-cutting concerns.

In this session, I'll show you how to configure an API gateway to route traffic to your microservices architecture and implement solutions to improve the resilience of your system with patterns like circuit breakers, retries, fallbacks, and rate limiters using Spring Cloud Circuit Breaker and Resilience4J. Since the gateway is the entry point of your system, it’s also an excellent candidate to implement security concerns like user authentication. I'll show you how to do that with Spring Security, OAuth2 and OpenID Connect, relying on Spring Redis Reactive to manage sessions.

Thomas Vitale

June 11, 2021
Tweet

More Decks by Thomas Vitale

Other Decks in Programming

Transcript

  1. Thomas Vitale
    GOTO Aarhus
    Jun 11th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View Slide

  2. Thomas Vitale
    • Senior Software Engineer at
    Systematic, Denmark.

    • Spring, Cloud Native, DevOps,
    Kubernetes, Application Security.

    • Author of “Cloud Native Spring
    in Action” (Manning).
    About Me

    View Slide

  3. API gateway
    thomasvitale.com @vitalethomas

    View Slide

  4. Scenarios
    Di
    ff
    erent clients need
    di
    ff
    erent APIs
    Cross-cutting concerns in
    distributed systems
    Uni
    fi
    ed interface for
    microservices
    Strangling the monolith
    thomasvitale.com @vitalethomas

    View Slide

  5. The Library System
    Book Service
    [Container: Spring Boot]
    Provides functionality for
    managing the library books.
    Book Database
    [Container: PostgreSQL]
    Stores book information.
    Reads from and writes to
    [JDBC]
    Library
    [Software System]
    Uses
    [REST/HTTP]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A user of the
    Library application.
    Uses
    Single-Page Application
    [Container: Angular]
    Provides the Library
    functionality to users.
    Session Store
    [Container: Redis]
    Stores web session
    information.
    Reads from and writes to
    [RESP]
    Delivers to the user's web browser
    Uses
    Loan Service
    [Container: Spring Boot]
    Provides functionality for
    book loans.
    Uses
    [REST/HTTP]
    Account Service
    [Container: Spring Boot]
    Provides functionality for
    managing accounts.
    Uses
    [REST/HTTP]

    View Slide

  6. Reactive Spring
    thomasvitale.com @vitalethomas

    View Slide

  7. Thread-per-request
    thomasvitale.com @vitalethomas
    Thread Pool
    Intensive
    Operation
    Thread 1
    Thread 2
    Thread 3
    Request
    Request
    Request
    Blocking,
    wait for result
    One thread
    per request

    View Slide

  8. Event Loop
    thomasvitale.com @vitalethomas
    Intensive
    Operation
    Non-Blocking,
    non waiting for result
    Just a few threads,
    processing multiple
    requests
    Event Loop
    Event Queue
    Request/Response
    schedule
    event
    register
    callback
    operation
    complete
    trigger
    callback

    View Slide

  9. Reactive Spring
    thomasvitale.com @vitalethomas
    https://spring.io/reactive

    View Slide

  10. Spring Cloud Gateway
    thomasvitale.com @vitalethomas

    View Slide

  11. The Architecture
    thomasvitale.com @vitalethomas
    Client Predicates
    HandlerMapping
    Pre-Filters
    WebHandler
    Global Filters
    Post-Filters
    Downstream
    Service
    Spring Cloud Gateway
    Request
    Response

    View Slide

  12. Retry
    thomasvitale.com @vitalethomas

    View Slide

  13. Retry
    thomasvitale.com @vitalethomas
    Book Route Retry Book Controller
    Edge Service Book Service
    t t t
    1. Send HTTP request
    2. Receive HTTP 503 error
    3. Retry HTTP request
    4. Receive HTTP 503 error
    5. Retry HTTP request
    6. Receive successfull HTTP response after second retry attempt

    View Slide

  14. Request Rate Limiter
    thomasvitale.com @vitalethomas

    View Slide

  15. Rate Limiter
    thomasvitale.com @vitalethomas
    https://stripe.com/blog/rate-limiters

    View Slide

  16. Circuit Breaker
    thomasvitale.com @vitalethomas

    View Slide

  17. Circuit Breaker
    thomasvitale.com @vitalethomas
    CLOSED
    HALF_OPEN
    OPEN
    Trip breaker when
    failure rate above
    threshold
    Attempt reset after
    wait duration
    Trip breaker after
    failure rate above
    threshold
    Reset breaker when
    failure rate below
    threshold

    View Slide

  18. Time Limiter
    thomasvitale.com @vitalethomas

    View Slide

  19. Time Limiter and Fallback
    thomasvitale.com @vitalethomas
    Book Route
    Time Limiter
    Fallback
    Time Limiter Book Controller
    Edge Service Book Service
    t t t t
    1. Send HTTP request
    2a. Receive successfull HTTP response within the time limit
    2b. Throw exception when timeout expires and no fallback defined
    2c. Return fallback when defined and timeout expires

    View Slide

  20. User Authentication
    thomasvitale.com @vitalethomas

    View Slide

  21. 2 OAuth2 Client
    3 OAuth2 Resource Server
    1 Session Management
    Security
    thomasvitale.com @vitalethomas

    View Slide

  22. Observability
    thomasvitale.com @vitalethomas

    View Slide

  23. With Spring Boot and Kubernetes
    • 35% discount code, valid for
    all products in all format

    • ctwgotoaar21


    • manning.com
    Cloud Native Spring in Action
    www.thomasvitale.com @vitalethomas

    View Slide

  24. Thomas Vitale
    GOTO Aarhus
    Jun 11th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View Slide