Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microservices for the Masses with Spring Boot, JHipster, and JWT - Rich Web 2016


Published on

Microservices are all the rage and being deployed by many Java Hipsters. If you’re working on a large team that needs different release cycles for product components, microservices can be a blessing. If you’re working at your VW Restoration Shop and running its online store with your own software, having five services to manage and deploy can be a real pain. Share your knowledge and experience about microservices in this informative and code-heavy talk.

We’ll use JHipster (a Yeoman generator) to create Angular + Spring Boot apps on separate instances with a unified front-end. I’ll also show you options for securing your API gateway and individual applications using JWT. Heroku, Kubernetes, Docker, ELK, Spring Cloud, Stormpath; there will be plenty of interesting demos to see!

Published in: Technology
  • Be the first to comment

Microservices for the Masses with Spring Boot, JHipster, and JWT - Rich Web 2016

  1. 1. Microservices for the Masses Spring Boot · JWT · JHipster Brought to you by Matt Raible and Stormpath
  2. 2. Conway’s Law Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization’s communication structure. Melvyn Conway 1967
  3. 3. "Do one thing and do it well."
  4. 4. The Future?
  5. 5. You shouldn’t start with a microservices architecture. Instead begin with a monolith, keep it modular, and split it into microservices once the monolith becomes a problem. Martin Fowler March 2014
  6. 6.
  7. 7. Microservices are awesome, but they’re not free. Les Hazlewood Stormpath CTO
  8. 8. Spring Boot Demo
  9. 9. JHipster by the numbers +250 contributors +5400 Github stars +320,000 installations +100 companies officially using it
  10. 10. How to use JHipster To install JHipster, you run an npm command: $ npm install -g generator-jhipster $ mkdir myapp && cd myapp $ yo jhipster
  11. 11. What’s Generated? Spring Boot application AngularJS application Liquibase changelog files Configuration files
  12. 12. Security Screens Several generated screens Login, logout, forgot password Account management User management Useful for most applications Pages must be tweaked User roles will be added/extended Provides good examples of working screens Forms, directives, validation…
  13. 13. Admin Screens Monitoring Health Spring Boot configuration Spring Security audits Log management Very useful in production
  14. 14. Liquibase
  15. 15. ThoughtWorks Radar
  16. 16. Securing your API Choose the Right API Security Protocol Basic API Authentication w/ TLS (formlerly known as SSL) OAuth1.0a, OAuth2 API Keys vs. Username/Password Authentication Store Your API Security Key securely Use globally unique IDs (e.g. Url62) Avoid sessions, especially in URLs
  17. 17. How to Secure your API Learn more on the Stormpath blog
  18. 18. Anatomy of a JWT
  19. 19. Create a JWT in Java String jwt = Jwts.builder() .setSubject("users/TzMUocMF4p") .setExpiration(new Date(1300819380)) .claim("name", "Robert Token Man") .claim("scope", "self groups/admins") .signWith( SignatureAlgorithm.HS256, "secret".getBytes("UTF-8") ) .compact();
  20. 20. Validating a JWT String jwt = // get JWT from Authorization header Jws<Claims> claims = Jwts.parser() .setSigningKey("secret".getBytes("UTF-8")) .parseClaimsJws(jwt) String scope = claims.getBody().get("scope") assertEquals(scope, "self groups/admins");
  21. 21. Better Secret String b64EncodedSecret = "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E="; .signWith(SignatureAlgorithm.HS256, TextCodec.BASE64.decode(b64EncodedSecret))
  22. 22. JWTs in Java for CSRF and Microservices Learn more on the Stormpath blog
  23. 23. Microservices with JHipster
  24. 24. Microservices are not free, but you get a deep discount on microservices with JHipster. Matt Raible 2016
  25. 25. Angular 2 JUnit 5 Spring 5 and Reactive Apache Kafka HTTP/2 Progressive Web App Support
  26. 26. Do one thing and do it well. Unix philosophy
  27. 27. This Presentation and Demos
  28. 28. Image Credits Fountain of colours - Paulius Malinovskis on Flickr Ponte dell’Accademia at Sunrise - Trey Ratcliff on Stuck in Customs Conway’s Law - Martin Fowler and James Lewis on Microservices Good Morning Denver - Sheila Sund on Flickr Monoliths - Arches National Park on Flickr Mexico - Trish McGinity on McGinity Photo Future - vivianhir on Flickr Spring Runoff - Ian Sane on Flickr The memory Seeker, Santa Monica Pier, CA - Pacheco on Flickr San Francisco By Night - Trish McGinity on McGinity Photo