Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spring Cloud Gateway: Resilience and Security

Thomas Vitale
November 09, 2021

Spring Cloud Gateway: Resilience and Security

Do you want to use a microservices architecture? Are you looking for a solution to manage access to single services from clients? How can you ensure resilience and security for your entire system?

Spring Cloud Gateway is a project based on Reactor, Spring WebFlux, and Spring Boot which provides an effective way to route traffic to your APIs and address cross-cutting concerns.

In this session, Thomas will show you how to configure an API gateway to route traffic to your microservices architecture and implement solutions to improve the resilience of your system with patterns like circuit breakers, retries, fallbacks, and rate limiters using Spring Cloud Circuit Breaker and Resilience4J. Since the gateway is the entry point of your system, it’s also an excellent candidate to implement security concerns like user authentication. He'll show you how to do that with Spring Security, OAuth2 and OpenID Connect, relying on Spring Redis Reactive to manage sessions.

Thomas Vitale

November 09, 2021
Tweet

More Decks by Thomas Vitale

Other Decks in Technology

Transcript

  1. Thomas Vitale
    GOTO Copenhagen
    Nov 9th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View full-size slide

  2. Thomas Vitale
    • Senior Software Engineer at
    Systematic, Denmark.

    • Author of “Cloud Native Spring
    in Action” (Manning).

    • Spring Security and Spring
    Cloud contributor.
    About Me
    thomasvitale.com

    View full-size slide

  3. API Gateway
    thomasvitale.com @vitalethomas

    View full-size slide

  4. Scenarios
    Di
    ff
    erent clients need
    di
    ff
    erent APIs
    Cross-cutting concerns in
    distributed systems
    Uni
    fi
    ed interface for
    microservices
    Strangling the monolith
    thomasvitale.com @vitalethomas

    View full-size slide

  5. https://spring.io/microservices

    View full-size slide

  6. Account Service
    [Container: Spring Boot]
    Provides functionality for
    managing members
    accounts.
    Loan Service
    [Container: Spring Boot]
    Provides functionality for
    managing book loans.
    Library
    [Software System]
    Uses
    [REST/HTTP]
    Uses
    [REST/HTTP]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A member of the Library.
    Uses
    Book Service
    [Container: Spring Boot]
    Provides functionality for
    managing the library books.
    Uses
    [REST/HTTP]

    View full-size slide

  7. Reactive Spring
    thomasvitale.com @vitalethomas

    View full-size slide

  8. Thread-per-request
    thomasvitale.com @vitalethomas
    Thread Pool
    Intensive
    Operation
    Thread 1
    Thread 2
    Thread 3
    Request
    Request
    Request
    Blocking,
    wait for result
    One thread
    per request

    View full-size slide

  9. Event Loop
    thomasvitale.com @vitalethomas
    Intensive
    Operation
    Non-Blocking,
    non waiting for result
    Just a few threads,
    processing multiple
    requests
    Event Loop
    Event Queue
    Request/Response
    schedule
    event
    register
    callback
    operation
    complete
    trigger
    callback

    View full-size slide

  10. thomasvitale.com @vitalethomas

    View full-size slide

  11. Routing
    thomasvitale.com @vitalethomas

    View full-size slide

  12. The Architecture
    thomasvitale.com @vitalethomas

    View full-size slide

  13. Resilience
    thomasvitale.com @vitalethomas

    View full-size slide

  14. Retry
    thomasvitale.com @vitalethomas

    View full-size slide

  15. Retry
    thomasvitale.com @vitalethomas
    Book Route Retry Book Controller
    Edge Service Book Service
    t t t
    1. Send HTTP request
    2. Receive HTTP 503 error
    3. Retry HTTP request
    4. Receive HTTP 503 error
    5. Retry HTTP request
    6. Receive successfull HTTP response after second retry attempt

    View full-size slide

  16. Request Rate Limiter
    thomasvitale.com @vitalethomas

    View full-size slide

  17. Rate Limiter
    thomasvitale.com @vitalethomas
    https://stripe.com/blog/rate-limiters

    View full-size slide

  18. Circuit Breaker
    thomasvitale.com @vitalethomas

    View full-size slide

  19. Circuit Breaker
    thomasvitale.com @vitalethomas
    CLOSED
    HALF_OPEN
    OPEN
    Trip breaker when
    failure rate above
    threshold
    Attempt reset after
    wait duration
    Trip breaker after
    failure rate above
    threshold
    Reset breaker when
    failure rate below
    threshold

    View full-size slide

  20. Time Limiter
    thomasvitale.com @vitalethomas

    View full-size slide

  21. Time Limiter and Fallback
    thomasvitale.com @vitalethomas
    Book Route
    Time Limiter
    Fallback
    Time Limiter Book Controller
    Edge Service Book Service
    t t t t
    1. Send HTTP request
    2a. Receive successfull HTTP response within the time limit
    2b. Throw exception when timeout expires and no fallback defined
    2c. Return fallback when defined and timeout expires

    View full-size slide

  22. User Authentication
    thomasvitale.com @vitalethomas

    View full-size slide

  23. Account Service
    [Container: Spring Boot]
    Provides functionality for
    managing members
    accounts.
    Loan Service
    [Container: Spring Boot]
    Provides functionality for
    managing book loans.
    Library
    [Software System]
    Uses
    [REST/HTTP]
    Uses
    [REST/HTTP]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A member of the Library.
    Uses
    Book Service
    [Container: Spring Boot]
    Provides functionality for
    managing the library books.
    Uses
    [REST/HTTP]

    View full-size slide

  24. Login
    thomasvitale.com @vitalethomas
    Library
    [Software System]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A member of the library.
    Uses
    OAuth2 Client
    OAuth2 User
    Keycloak
    [Container: WildFly]
    Provides identity and access
    management.
    OAuth2 Authorization Server
    Uses Delegates authentication and
    token management to
    OAuth2 + OIDC

    View full-size slide

  25. Token Relay
    thomasvitale.com @vitalethomas
    Browser Edge Service Book
    Service
    Access Token
    Session Cookie
    Resource
    Server
    Access Token
    Resource
    Server
    Access Token
    Keeps mapping
    Session <---> Access Token
    OAuth2

    View full-size slide

  26. Observability
    thomasvitale.com @vitalethomas

    View full-size slide

  27. Thomas Vitale
    GOTO Copenhagen
    Nov 9th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View full-size slide