Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spring Cloud Gateway: Resilience and Security

Thomas Vitale
November 09, 2021
Technology
0
350

Spring Cloud Gateway: Resilience and Security

Do you want to use a microservices architecture? Are you looking for a solution to manage access to single services from clients? How can you ensure resilience and security for your entire system?

Spring Cloud Gateway is a project based on Reactor, Spring WebFlux, and Spring Boot which provides an effective way to route traffic to your APIs and address cross-cutting concerns.

In this session, Thomas will show you how to configure an API gateway to route traffic to your microservices architecture and implement solutions to improve the resilience of your system with patterns like circuit breakers, retries, fallbacks, and rate limiters using Spring Cloud Circuit Breaker and Resilience4J. Since the gateway is the entry point of your system, it’s also an excellent candidate to implement security concerns like user authentication. He'll show you how to do that with Spring Security, OAuth2 and OpenID Connect, relying on Spring Redis Reactive to manage sessions.

Thomas Vitale

November 09, 2021
Tweet

More Decks by Thomas Vitale

See All by Thomas Vitale
Next-Generation Cloud Native Apps with Spring Boot 3
thomasvitale
0
100
Developer Experience with Spring Boot on Kubernetes
thomasvitale
0
26
Multitenant Mystery - Only Rockers in the Building
thomasvitale
1
110
Developer Experience with Java on Kubernetes
thomasvitale
0
23
Observability and Efficiency with Spring Boot 3
thomasvitale
0
63
Paved Paths to Production – There and Back Again
thomasvitale
1
73
A Paved Path to Production on Kubernetes
thomasvitale
1
84
Spring Cloud Gateway: Resilience, Security, and Observability (Golden Path to SpringOne 2023)
thomasvitale
0
99
Kustomize
thomasvitale
0
19

Other Decks in Technology

See All in Technology
データマイニングと機械学習 - ニューラルネットワーク
trycycle
0
130
[春のDojo祭り'23] いまからでも遅くない!データベース超入門 ハンズオン編
leekwangsoo1995
2
340
少しずつでも出来るようになりたいもの、なに? / What do you want to be able to do step by step?
banjun
PRO
1
190
ChatGPTをどう使うか?(JJUGナイトセミナー5/23)
shin_higuchi
0
790
GLOBIS データサイエンスチームのご紹介/ GLOBIS Data Science Team is hiring.
globis_gdp
0
1.9k
[DevDojo] 成功するスクラムチームとは
mercari
PRO
0
100
何故、UseCaseは1メソッドなのか
okuzawats
2
230
時系列データをChatGPTで読み解いてみる【IoT-Tech Meetup】
soracom
PRO
0
750
AI完全初心者でも最新の生成AIの仕組がわかった気になれるプレゼン
shimap_sampo
5
1.7k
「Go Style Guide」から学んだ可読性の高いコードの書き方
andpad
5
2.7k
Web API development in Visual Studio 2022
tsubakimoto_s
0
110
GO TechTalk #19 タクシーアプリ『GO』事業成長を支えるデータ分析基盤の継続的改善!
mot_techtalk
2
560

Featured

See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
255
12k
What's new in Ruby 2.0
geeforr
336
30k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
16
5.8k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
5
6.5k
The Pragmatic Product Professional
lauravandoore
22
3.8k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Into the Great Unknown - MozCon
thekraken
6
480
Ruby is Unlike a Banana
tanoku
93
9.7k
What's in a price? How to price your products and services
michaelherold
234
10k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.5k
Building Adaptive Systems
keathley
29
1.5k

Transcript

  1. Thomas Vitale
    GOTO Copenhagen
    Nov 9th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View Slide

  2. Thomas Vitale
    • Senior Software Engineer at
    Systematic, Denmark.

    • Author of “Cloud Native Spring
    in Action” (Manning).

    • Spring Security and Spring
    Cloud contributor.
    About Me
    thomasvitale.com

    View Slide

  3. API Gateway
    thomasvitale.com @vitalethomas

    View Slide

  4. Scenarios
    Di
    ff
    erent clients need
    di
    ff
    erent APIs
    Cross-cutting concerns in
    distributed systems
    Uni
    fi
    ed interface for
    microservices
    Strangling the monolith
    thomasvitale.com @vitalethomas

    View Slide

  5. https://spring.io/microservices

    View Slide

  6. Account Service
    [Container: Spring Boot]
    Provides functionality for
    managing members
    accounts.
    Loan Service
    [Container: Spring Boot]
    Provides functionality for
    managing book loans.
    Library
    [Software System]
    Uses
    [REST/HTTP]
    Uses
    [REST/HTTP]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A member of the Library.
    Uses
    Book Service
    [Container: Spring Boot]
    Provides functionality for
    managing the library books.
    Uses
    [REST/HTTP]

    View Slide

  7. Reactive Spring
    thomasvitale.com @vitalethomas

    View Slide

  8. Thread-per-request
    thomasvitale.com @vitalethomas
    Thread Pool
    Intensive
    Operation
    Thread 1
    Thread 2
    Thread 3
    Request
    Request
    Request
    Blocking,
    wait for result
    One thread
    per request

    View Slide

  9. Event Loop
    thomasvitale.com @vitalethomas
    Intensive
    Operation
    Non-Blocking,
    non waiting for result
    Just a few threads,
    processing multiple
    requests
    Event Loop
    Event Queue
    Request/Response
    schedule
    event
    register
    callback
    operation
    complete
    trigger
    callback

    View Slide

  10. thomasvitale.com @vitalethomas

    View Slide

  11. Routing
    thomasvitale.com @vitalethomas

    View Slide

  12. The Architecture
    thomasvitale.com @vitalethomas

    View Slide

  13. Resilience
    thomasvitale.com @vitalethomas

    View Slide

  14. Retry
    thomasvitale.com @vitalethomas

    View Slide

  15. Retry
    thomasvitale.com @vitalethomas
    Book Route Retry Book Controller
    Edge Service Book Service
    t t t
    1. Send HTTP request
    2. Receive HTTP 503 error
    3. Retry HTTP request
    4. Receive HTTP 503 error
    5. Retry HTTP request
    6. Receive successfull HTTP response after second retry attempt

    View Slide

  16. Request Rate Limiter
    thomasvitale.com @vitalethomas

    View Slide

  17. Rate Limiter
    thomasvitale.com @vitalethomas
    https://stripe.com/blog/rate-limiters

    View Slide

  18. Circuit Breaker
    thomasvitale.com @vitalethomas

    View Slide

  19. Circuit Breaker
    thomasvitale.com @vitalethomas
    CLOSED
    HALF_OPEN
    OPEN
    Trip breaker when
    failure rate above
    threshold
    Attempt reset after
    wait duration
    Trip breaker after
    failure rate above
    threshold
    Reset breaker when
    failure rate below
    threshold

    View Slide

  20. Time Limiter
    thomasvitale.com @vitalethomas

    View Slide

  21. Time Limiter and Fallback
    thomasvitale.com @vitalethomas
    Book Route
    Time Limiter
    Fallback
    Time Limiter Book Controller
    Edge Service Book Service
    t t t t
    1. Send HTTP request
    2a. Receive successfull HTTP response within the time limit
    2b. Throw exception when timeout expires and no fallback defined
    2c. Return fallback when defined and timeout expires

    View Slide

  22. User Authentication
    thomasvitale.com @vitalethomas

    View Slide

  23. Account Service
    [Container: Spring Boot]
    Provides functionality for
    managing members
    accounts.
    Loan Service
    [Container: Spring Boot]
    Provides functionality for
    managing book loans.
    Library
    [Software System]
    Uses
    [REST/HTTP]
    Uses
    [REST/HTTP]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A member of the Library.
    Uses
    Book Service
    [Container: Spring Boot]
    Provides functionality for
    managing the library books.
    Uses
    [REST/HTTP]

    View Slide

  24. Login
    thomasvitale.com @vitalethomas
    Library
    [Software System]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A member of the library.
    Uses
    OAuth2 Client
    OAuth2 User
    Keycloak
    [Container: WildFly]
    Provides identity and access
    management.
    OAuth2 Authorization Server
    Uses Delegates authentication and
    token management to
    OAuth2 + OIDC

    View Slide

  25. Token Relay
    thomasvitale.com @vitalethomas
    Browser Edge Service Book
    Service
    Access Token
    Session Cookie
    Resource
    Server
    Access Token
    Resource
    Server
    Access Token
    Keeps mapping
    Session <---> Access Token
    OAuth2

    View Slide

  26. Observability
    thomasvitale.com @vitalethomas

    View Slide

  27. grafana.com

    View Slide

  28. View Slide

  29. Thomas Vitale
    GOTO Copenhagen
    Nov 9th, 2021
    Spring Cloud Gateway
    Resilience and Security
    @vitalethomas

    View Slide