Save 37% off PRO during our Black Friday Sale! »

Spring Cloud Gateway: Resilience and Security

Spring Cloud Gateway: Resilience and Security

Do you want to use a microservices architecture? Are you looking for a solution to manage access to single services from clients? How can you ensure resilience and security for your entire system?

Spring Cloud Gateway is a project based on Reactor, Spring WebFlux, and Spring Boot which provides an effective way to route traffic to your APIs and address cross-cutting concerns.

In this session, Thomas will show you how to configure an API gateway to route traffic to your microservices architecture and implement solutions to improve the resilience of your system with patterns like circuit breakers, retries, fallbacks, and rate limiters using Spring Cloud Circuit Breaker and Resilience4J. Since the gateway is the entry point of your system, it’s also an excellent candidate to implement security concerns like user authentication. He'll show you how to do that with Spring Security, OAuth2 and OpenID Connect, relying on Spring Redis Reactive to manage sessions.

C20b9829daddbee16e359b0a750660a5?s=128

Thomas Vitale

November 09, 2021
Tweet

Transcript

  1. Thomas Vitale GOTO Copenhagen Nov 9th, 2021 Spring Cloud Gateway

    Resilience and Security @vitalethomas
  2. Thomas Vitale • Senior Software Engineer at Systematic, Denmark. •

    Author of “Cloud Native Spring in Action” (Manning). • Spring Security and Spring Cloud contributor. About Me thomasvitale.com
  3. API Gateway thomasvitale.com @vitalethomas

  4. Scenarios Di ff erent clients need di ff erent APIs

    Cross-cutting concerns in distributed systems Uni fi ed interface for microservices Strangling the monolith thomasvitale.com @vitalethomas
  5. https://spring.io/microservices

  6. Account Service [Container: Spring Boot] Provides functionality for managing members

    accounts. Loan Service [Container: Spring Boot] Provides functionality for managing book loans. Library [Software System] Uses [REST/HTTP] Uses [REST/HTTP] Edge Service [Container: Spring Boot] Provides API gateway and cross-cutting concerns. User [Person] A member of the Library. Uses Book Service [Container: Spring Boot] Provides functionality for managing the library books. Uses [REST/HTTP]
  7. Reactive Spring thomasvitale.com @vitalethomas

  8. Thread-per-request thomasvitale.com @vitalethomas Thread Pool Intensive Operation Thread 1 Thread

    2 Thread 3 Request Request Request Blocking, wait for result One thread per request
  9. Event Loop thomasvitale.com @vitalethomas Intensive Operation Non-Blocking, non waiting for

    result Just a few threads, processing multiple requests Event Loop Event Queue Request/Response schedule event register callback operation complete trigger callback
  10. thomasvitale.com @vitalethomas

  11. Routing thomasvitale.com @vitalethomas

  12. The Architecture thomasvitale.com @vitalethomas

  13. Resilience thomasvitale.com @vitalethomas

  14. Retry thomasvitale.com @vitalethomas

  15. Retry thomasvitale.com @vitalethomas Book Route Retry Book Controller Edge Service

    Book Service t t t 1. Send HTTP request 2. Receive HTTP 503 error 3. Retry HTTP request 4. Receive HTTP 503 error 5. Retry HTTP request 6. Receive successfull HTTP response after second retry attempt
  16. Request Rate Limiter thomasvitale.com @vitalethomas

  17. Rate Limiter thomasvitale.com @vitalethomas https://stripe.com/blog/rate-limiters

  18. Circuit Breaker thomasvitale.com @vitalethomas

  19. Circuit Breaker thomasvitale.com @vitalethomas CLOSED HALF_OPEN OPEN Trip breaker when

    failure rate above threshold Attempt reset after wait duration Trip breaker after failure rate above threshold Reset breaker when failure rate below threshold
  20. Time Limiter thomasvitale.com @vitalethomas

  21. Time Limiter and Fallback thomasvitale.com @vitalethomas Book Route Time Limiter

    Fallback Time Limiter Book Controller Edge Service Book Service t t t t 1. Send HTTP request 2a. Receive successfull HTTP response within the time limit 2b. Throw exception when timeout expires and no fallback defined 2c. Return fallback when defined and timeout expires
  22. User Authentication thomasvitale.com @vitalethomas

  23. Account Service [Container: Spring Boot] Provides functionality for managing members

    accounts. Loan Service [Container: Spring Boot] Provides functionality for managing book loans. Library [Software System] Uses [REST/HTTP] Uses [REST/HTTP] Edge Service [Container: Spring Boot] Provides API gateway and cross-cutting concerns. User [Person] A member of the Library. Uses Book Service [Container: Spring Boot] Provides functionality for managing the library books. Uses [REST/HTTP]
  24. Login thomasvitale.com @vitalethomas Library [Software System] Edge Service [Container: Spring

    Boot] Provides API gateway and cross-cutting concerns. User [Person] A member of the library. Uses OAuth2 Client OAuth2 User Keycloak [Container: WildFly] Provides identity and access management. OAuth2 Authorization Server Uses Delegates authentication and token management to OAuth2 + OIDC
  25. Token Relay thomasvitale.com @vitalethomas Browser Edge Service Book Service Access

    Token Session Cookie Resource Server Access Token Resource Server Access Token Keeps mapping Session <---> Access Token OAuth2
  26. Observability thomasvitale.com @vitalethomas

  27. grafana.com

  28. None
  29. Thomas Vitale GOTO Copenhagen Nov 9th, 2021 Spring Cloud Gateway

    Resilience and Security @vitalethomas