Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spring Cloud Gateway - Resilience & Security

Spring Cloud Gateway - Resilience & Security

How to build an API gateway and implement cross-cutting concerns like security and resilience, using Spring Cloud Gateway, Spring Cloud Circuit Breaker, Resilience4J, Spring Data Reactive Redis, and Spring Security OAuth.

Thomas Vitale

March 01, 2021
Tweet

More Decks by Thomas Vitale

Other Decks in Programming

Transcript

  1. Thomas Vitale @vitalethomas thomasvitale.com
    Spring Cloud Gateway
    Security and Resilience
    Spring User Group Italia - 25/02/2021

    View full-size slide

  2. Thomas Vitale
    • Senior Software Engineer at
    Systematic, Denmark.

    • Spring, Cloud Native, DevOps,
    Application Security.

    • Author of “Cloud Native Spring in
    Action - With Spring Boot and
    Kubernetes” (Manning).
    About Me

    View full-size slide

  3. API Gateway
    thomasvitale.com @vitalethomas

    View full-size slide

  4. Scenarios
    Di
    ff
    erent clients need
    di
    ff
    erent APIs
    Cross-cutting concerns in
    distributed systems
    Uni
    fi
    ed interface for
    microservices
    Strangling the monolith
    thomasvitale.com @vitalethomas

    View full-size slide

  5. The Library System
    Book Service
    [Container: Spring Boot]
    Provides functionality for
    managing the library books.
    Book Database
    [Container: PostgreSQL]
    Stores book information.
    Reads from and writes to
    [JDBC]
    Library
    [Software System]
    Uses
    [REST/HTTP]
    Edge Service
    [Container: Spring Boot]
    Provides API gateway and
    cross-cutting concerns.
    User
    [Person]
    A user of the
    Library application.
    Uses
    Single-Page Application
    [Container: Angular]
    Provides the Library
    functionality to users.
    Session Store
    [Container: Redis]
    Stores web session
    information.
    Reads from and writes to
    [RESP]
    Delivers to the user's web browser
    Uses
    Loan Service
    [Container: Spring Boot]
    Provides functionality for
    book loans.
    Uses
    [REST/HTTP]
    Account Service
    [Container: Spring Boot]
    Provides functionality for
    managing accounts.
    Uses
    [REST/HTTP]

    View full-size slide

  6. Spring Cloud
    Gateway
    https://spring.io/projects/spring-cloud-gateway
    thomasvitale.com @vitalethomas

    View full-size slide

  7. Reactive Spring
    thomasvitale.com @vitalethomas

    View full-size slide

  8. Thread-per-request
    thomasvitale.com @vitalethomas
    Thread Pool
    Intensive
    Operation
    Thread 1
    Thread 2
    Thread 3
    Request
    Request
    Request
    Blocking,
    wait for result
    One thread
    per request

    View full-size slide

  9. Event Loop
    thomasvitale.com @vitalethomas
    Intensive
    Operation
    Non-Blocking,
    non waiting for result
    Just a few threads,
    processing multiple
    requests
    Event Loop
    Event Queue
    Request/Response
    schedule
    event
    register
    callback
    operation
    complete
    trigger
    callback

    View full-size slide

  10. Reactive Spring
    thomasvitale.com @vitalethomas
    https://spring.io/reactive

    View full-size slide

  11. Spring Cloud Gateway
    thomasvitale.com @vitalethomas

    View full-size slide

  12. The Architecture
    thomasvitale.com @vitalethomas
    Client Predicates
    HandlerMapping
    Pre-Filters
    WebHandler
    Global Filters
    Post-Filters
    Downstream
    Service
    Spring Cloud Gateway
    Request
    Response

    View full-size slide

  13. Retry
    thomasvitale.com @vitalethomas
    Book Route Retry Book Controller
    Edge Service Book Service
    t t t
    1. Send HTTP request
    2. Receive HTTP 503 error
    3. Retry HTTP request
    4. Receive HTTP 503 error
    5. Retry HTTP request
    6. Receive successfull HTTP response after second retry attempt

    View full-size slide

  14. Rate Limiter
    thomasvitale.com @vitalethomas
    https://stripe.com/blog/rate-limiters

    View full-size slide

  15. Circuit Breaker
    thomasvitale.com @vitalethomas
    CLOSED
    HALF_OPEN
    OPEN
    Trip breaker when
    failure rate above
    threshold
    Attempt reset after
    wait duration
    Trip breaker after
    failure rate above
    threshold
    Reset breaker when
    failure rate below
    threshold

    View full-size slide

  16. Time Limiter and Fallback
    thomasvitale.com @vitalethomas
    Book Route
    Time Limiter
    Fallback
    Time Limiter Book Controller
    Edge Service Book Service
    t t t t
    1. Send HTTP request
    2a. Receive successfull HTTP response within the time limit
    2b. Throw exception when timeout expires and no fallback defined
    2c. Return fallback when defined and timeout expires

    View full-size slide

  17. 2 OAuth2 Client
    3 OAuth2 Resource Server
    1 Session Management
    Security
    thomasvitale.com @vitalethomas

    View full-size slide

  18. With Spring Boot and Kubernetes
    • 35% discount code, valid for
    all products in all format

    • mtpspring21


    • manning.com
    Cloud Native Spring in Action
    www.thomasvitale.com @vitalethomas

    View full-size slide

  19. Thomas Vitale @vitalethomas thomasvitale.com
    Spring Cloud Gateway
    Security and Resilience
    Spring User Group Italia - 25/02/2021

    View full-size slide