Microservices with Spring Boot

Josh Long (⻰龙之春)
@starbuxman
jlong@gopivotal.com
slideshare.net/joshlong
github.com/joshlong
http://spring.io
 
MICROSERVICES
BOOTIFUL

@starbuxman
Spring Developer Advocate
Josh Long (⻰龙之春)
@starbuxman josh.long@springsource.com|
Jean Claude
van Damme! Java mascot Duke some thing’s I’ve authored...

@starbuxman
WEB
Controllers, REST, 
WebSocket
INTEGRATION
Channels, Adapters, 
Filters, Transformers
BATCH
Jobs, Steps, 
Readers, Writers
BIG DATA
Ingestion, Export, 
Orchestration, Hadoop
DATA
NON-RELATIONALRELATIONAL
CORE
GROOVYFRAMEWORK SECURITY REACTOR
GRAILS
Full-stack, Web
XD
Stream, Taps, Jobs
BOOT
Bootable, Minimal, Ops-Ready

@starbuxman
Microservices - just SOA redux?  
 
What does the DRY principle, microservices, SOA, and
Unix command line tools have in common?  
 
They promote singly-focused*, loosely-connected
systems
In object-oriented programming, the single responsibility principle states that every class
should have a single responsibility, and that responsibility should be entirely encapsulated by the
class. All its services should be narrowly aligned with that responsibility.!
*
http://en.wikipedia.org/wiki/Single_responsibility_principle

@starbuxman
Singly focused?  
 
Do as little as possible.
Express and expose a service, isolated and
encapsulated.

@starbuxman
How do you expose a service?  
How do you do so simply?

Title Text
@starbuxman
…when somebody
says SOAP is
“SIMPLE”

@starbuxman
REST has no hard and fast rules.
REST is an architectural style, not a standard.
REST uses Headers to describe requests & responses
REST embraces HTTP verbs. (DRY)

@starbuxman
status codes convey the result of the server’s attempt to
satisfy the request.  
 
Categories:
1xx: informational 
2xx: success 
3xx: redirection 
4xx: client error  
5xx: server error

@starbuxman
The Richardson Maturity Model is a way to grade your
API according to the REST constraints with 4 levels of
increasing compliance
!
http://martinfowler.com/articles/richardsonMaturityModel.html

@starbuxman
The Richardson Maturity Model  
 
Level 0: swamp of POX 
Uses HTTP mainly as a tunnel through one URI 
e.g., SOAP, XML-RPC 
 
Usually features on HTTP verb (POST)

@starbuxman
 
Level 1: resources 
Multiple URIs to distinguish related nouns  
e.g., /articles/1, /articles/2, vs. just /articles

@starbuxman
 
Level 2: HTTP verbs 
leverage transport-native properties to enhance service  
e.g., HTTP GET and PUT and DELETE and POST 
 
Uses idiomatic HTTP controls like status codes, headers

Demonstration
Our first @RestController

Demonstration
What about headers and status codes??

@starbuxman
 
Level 3: Hypermedia Controls (aka, HATEOAS) 
No a priori knowledge of service required 
Navigation options are provided by service and hypermedia controls 
 
Promotes longevity through a uniform interface

@starbuxman
Links provide possible navigations from a given resource
!
Links are dynamic, based on resource state.
!
<link href=“http://...:8080/users/232/customers”  
rel= “customers”/>

Demonstration
Working with Hypermedia and  
Spring HATEOAS

@starbuxman
Security is hard. Don’t reinvent
the wheel!
!
Things to worry about when developing
web applications? EVERYTHING
!
(cross-site scripting, session fixation, identification,
authorization, and authentication, encryption, and SO
much more.)

@starbuxman
Usernames and Passwords
!
If you can trust the client to keep a secret like a password, then it
can send the password using:
 
...HTTP Basic - passwords are sent plaintext!
... HTTP Digest - hashed passwords, but still plaintext.
 
SSL/TLS encryption helps prevent man-in-the-middle attacks

@starbuxman
Tim Bray says: Passwords don’t scale
!
Too easy to compromise.
!
Updating all your clients whenever you change
your password would be a nightmare!
!

@starbuxman
OAuth is a way for one (automated) client to securely identify
itself to another service
!
Assumes a user context:
!
“I authorize $CLIENTX to act on $USER_Y’s behalf”
!
OAuth is a way of authorizing a client with particular access (scopes)
!

@starbuxman
So, SSL/TLS is...?
!
an implementation of public key
cryptography:
!
!
!
public key cryptography only works because we
all agree to trust well known root CAs
so trust!
wow

@starbuxman
SSL/TLS is used routinely to verify the identify of servers.
!
Normally, the client confirms the server, but the server rarely requires the
client to transmit a certificate.
!
It’s easy enough to setup SSL/TLS on your web server.
!

@starbuxman
from “Release It!”: feature complete != production ready
!
A microservice needs to be able to slot into a system’s monitoring,
management, and other infrastructure
!
How do you add health checks?
!
JMX support? Analytics like Graphite?

Demonstration
Designing (or configuring!) for production

@starbuxman
What about routing? Load balancing? Enter the smart
service host, or, PaaS
!
You don’t want to handle this in your code.
!
You could build a platform that handles these things for you like Netflix,
Foursquare, eBay, Google and others did.
!
Or you could simply use a Platform-as-a-Service, like  
Cloud Foundry, Heroku, OpenShift, or Azure
SPRING WORKS WELL IN THE CLOUD

@starbuxman
Questions?
References
spring.io
github.com/joshlong/bookmarks
github.com/joshlong/boot-it-up
github.com/joshlong/boot-examples
docs.spring.io/spring-boot/
! Josh Long (⻰龙之春)
@starbuxman
jlong@gopivotal.com
slideshare.net/joshlong
github.com/joshlong
http://spring.io

Microservices with Spring Boot

More Related Content

Microservices with Spring Boot