Microservices has been buzzword in the last years in software engineering. It helps to solve issues we had with monolith applications, however it also brings new challenges. Eclipse MicroProfile provides a time to market set of specifications and tools addressing these many challenges. Jean-Louis will be looking on how to use these spec implementations in practice throughout this presentation and show step-by-step examples on how to add monitoring with MP Health and with MP Metrics, security with MP JWT, custom configuration with MP Config, and also teach how to easily provide documentation with MP OpenAPI and much more. Lightweight will be achieved by deploying and running Docker on raspberry PIs.

1. wm-jug
#RESTSecurity @dblevins @tomitribe#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Lightweight Enterprise Java
With MicroProfile
Jonathan Gallimore
Tomitribe
Jean-Louis Monteiro
Tomitribe

2. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Agenda
• Microservices!
• What is MicroProfile?
• Specs Overview
• Demos
• MicroProfile Future

3. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Microservices Anyone?

4. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What do people mean by Microservices?
• “Small autonomous services working together”
• “Small enough but not too small”
• “Can be wriCen in 2 weeks”
• “Single responsibility principle”
• “Domain-driven design”

5. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What do others think?

6. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What do others think?

7. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What do others think?

8. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Why Microservices?
• Deliver new features quicker
• Smaller, agile teams
• Scale services independently
• Cloud

9. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Microservices Challenges
• Scalability
• Cost ReducLon
• Resilience
• Monitoring
• Security

10. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What is MicroProfile?
• hCp://microprofile.io/
• Enterprise Java for Microservices
• Open Source (Eclipse)
• 3 years old plaUorm

11. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What is MicroProfile?
• IniLal version 1.0 with CDI, JAX-RS, JSON-P in Sep 2016
• ApplicaLon portability across runLmes
• Currently at version 2.2 since Feb 2019
• ConfiguraLon, Fault Tolerance, JWT PropagaLon, Health Check,
Metrics, Open Tracing, Open API and REST Client
• ReacLve Streams released standalone

12. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What is MicroProfile?

13. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Why MicroProfile?
• Slowdown in Java EE innovaLon
• NegaLve percepLon towards the technology
• Not prepared for Microservices development

14. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Why MicroProfile?
0
10
20
30
40
EE 5 Specs (2006) EE 6 Specs (2009) EE 7 Specs (2013) EE 8 Specs (2017)
39
37
30
24

15. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Why MicroProfile?
• A set of “standards” were required to offer guidance in building
Microservices in Java
• These need to evolve very quickly to adjust to the fast moving
Microservices world
• A community of individuals, organisaLons and vendors
collaboraLng to make this a reality

16. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile != EE (or Jakarta EE)

17. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Who is involved in MicroProfile?

18. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile Implementations

19. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
My first MicroProfile App

20. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
CDI
•Contexts and Dependency InjecLon
•Bean Lifecycle and Typesafe InjecLon
•Producers
•Interceptors
•Observers

21. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
JAX-RS
•RESTful Web Services
•AnnotaLon based
•HTTP Centric

22. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
JSON-P
•Parse, Generate Transform and Query JSON
•Streaming API
•Object Model API

23. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Putting it all together
@ApplicationScoped
@Path("books")
public class BookResource {
@Inject
private BookBean bookBean;
@GET
@Path("{id}")
public Response findById(@PathParam("id") final Long id) {
final Book book = bookBean.find(id);
final JsonObjectBuilder builder =
Json.createObjectBuilder()
.add(“id", book.getId())
.add("name", book.getTitle());
return Response.ok(builder.build().toString()).build();
}
}

24. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Evolving your MicroProfile App

25. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
number-api
book-api
Architecture

26. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Runtime
•Raspberry PI v3 (HypriotOS)
•Package everything with Docker
•Local Docker Registry
•Push Docker Images with Ansible

27. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Deployment
docker-repo Router
Microservices

28. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile Configuration

29. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Configuration
•ApplicaLons need configuraLon based on their running
environment
•It must be possible to change configuraLon without repacking
the applicaLon
•Based on DeltaSpike Config, Apache Tamaya and Sabot

30. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Configuration
•Standalone or in a CDI Container
•Default Values
•Supports the most common Java Type (including OpLonal)

31. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Configuration
@Inject
@ConfigProperty(
name="NUMBER_TARGET_API",
defaultValue=“http://localhost:8081/
number-api/numbers/generate")
private String numberApiTargetUrl;

32. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Configuration
Config config = ConfigProvider.getConfig();
final String url =
config.getValue("NUMBER_TARGET_API",
String.class);

33. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Config Sources
•META-INF/microprofile-config.properLes
•System properLes
•Environment variables
•Pluggable to allow custom config sources and providers through
the ServiceLoader mechanism

34. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile Fault Tolerance

35. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Fault Tolerance
• Different strategies to guide the execuLon and result of some
logic
• Inspired by Hystrix and Failsafe
• Supports Sync and Async execuLon

36. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Fault Tolerance
• Depends on CDI
• Interceptor bindings
• Business method invocaLon
• Integrates with MP Config and Metrics

37. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Timeout
• Prevents the execuLon from waiLng forever
• Fail the execuLon if the Lmeout is hit
• Useful when calling other services

38. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Retry
• Invoke the same operaLon again
• Specify criteria on when to retry
• Recover from network glitchs

39. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Fallback
• Invoked when the original execuLon fails
• Specify when it fails
• Fallback to some other execuLon to prevent failures

40. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Circuit Breaker
• Prevent repeated failures
• Fail fast
• Can be open, half-open or closed
• Protect services

41. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Bulkhead
• Limit number of concurrent requests
• Access from mulLple contexts
• Prevent failures from cascading

42. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile Healthchecks

43. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Healthchecks
• Probe the state of a computer node
• Primary target cloud infrastructure
• Automated processes to maintain the state of nodes

44. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Healthchecks
• Simple API to specify health status
• /health JAX-RS endpoint reporLng server health
• Response status indicates if the health check passed
• Payload can include more detail

45. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Healthchecks
@Health
@ApplicationScoped
public class CheckDiskSpace implements HealthCheck {
public HealthCheckResponse call() {
}
}

46. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Healthchecks
GET /health
{
"outcome": "UP",
"checks": [{
"name": "diskspace",
"state": "UP",
"data": {
"key": "freebytes",
"freebytes": "126000000000"
}
}]
}

47. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Healthcheck Demo

48. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile Metrics

49. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Metrics
• Monitor essenLal System Parameters
• Ensure reliable operaLon of soiware
• Monitoring endpoints to collect data

50. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Metrics
• Accessible via REST interface
• /metrics/base for MP compliant servers
• /metrics/applicaLon for ApplicaLon specific Metrics
• /metrics/vendor for Server specific metrics
• OPTIONS provides metadata, such as Unit of measure

51. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
GET /metrics/base
{
"thread.count" : 33,
"thread.max.count" : 47,
"memory.maxHeap" : 3817863211,
"memory.usedHeap" : 16859081,
"memory.committedHeap" : 64703546
}

52. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
OPTIONS /metrics/base
{
"fooVal": {
"unit": "milliseconds",
"type": "gauge",
"description": "The average duration of foo requests during last 5
minutes",
"displayName": "Duration of foo",
"tags": "app=webshop"
},
"barVal": {
"unit": "megabytes",
"type": "gauge",
"tags": "component=backend,app=webshop"
}
}

53. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Metrics
• @Counted
• @Metered
• @Timed
• @Gauge
• Histogram

54. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Application Metrics
@GET
@Path(“/{id}“)
@Metered(name = “BookResource.findById_meter”)
@Timed(name = “BookResource.findById_timer”,
unit = MetricUnits.MILLISECONDS,
absolute = true)
public Response findById(@PathParam(“id") final Long id) {
...
}

55. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
GET /metrics/application/{meter}
Meter
{
"{meter}": {
"count": 1,
"fifteenMinRate": 0.2,
"fiveMinRate": 0.2,
"meanRate": 0.015384615384615385,
"oneMinRate": 0.2,
"unit": "per_second"
}
}

56. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
GET /metrics/application/{timer}
Timed
{
"{timer}": {
"count": 1,
"fifteenMinRate": 0.2,
"fiveMinRate": 0.2,
"max": 13644163,
"mean": 13644163,
"meanRate": 0.015384615384615385,
"min": 13644163,
"oneMinRate": 0.2,
"p50": 13644163,
"p75": 13644163,
"p95": 13644163,
"p98": 13644163,
"p99": 13644163,
"p999": 13644163,
"stddev": 0
}
}

57. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
GET /metrics/application/{counter}
Counted
{
"{counter}": 156825
}

58. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Gauge
public class BookResource {
private AtomicLong booksAdded = new AtomicLong();
@Gauge(name="booksadded", unit = MetricUnits.NONE)
public long count() {
return booksAdded.get();
}
}

59. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
GET /metrics/application/{gauge}
Gauge
{
"{gauge}": 156825
}

60. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Histogram
public class BookResource {
@Inject
@Metric(name = "bookcount")
private Histogram histo;
public void update(long count) {
histo.update(count);
}
}

61. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile OpenTracing

62. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
OpenTracing
• Trace the flow of a request across services
• OpenTracing is a distributed tracing standard for applicaLons
• Java Binding to OpenTracing ImplementaLon

63. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
OpenTracing
• JAX-RS calls are traced
• Context propagated to services called with REST client
•X-B3-TraceId, X-B3-ParentSpanId, X-B3-SpanId
• Traces are collected and pushed to a database

64. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
OpenTracing
• OperaLons are measured in Spans
• Spans are grouped together into Traces

65. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
@Traced
@GET
@Path(“/books")
public Response findBooks() { }
Tracing CDI Calls

66. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
@ApplicationScoped
public class BookBean {
@Inject
private Tracer tracer;
public Book create(final Book book) {
final Span activeSpan = tracer.activeSpan();
final Tracer.SpanBuilder spanBuilder = tracer.buildSpan("create");
if (activeSpan != null) {
spanBuilder.asChildOf(activeSpan.context());
}
final Span span = spanBuilder.withTag("created", true).start();
tracer.scopeManager().activate(span, true);
// do work
span.finish();
return book;
}
}
OpenTracing

67. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Zipkin Demo

68. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile JWT Propagation

69. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Challenges in security
• Who is the caller?
• What can he do?
• How to propagate the security context?

70. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
JWT Propagation
• Security Tokens
• Most common: OAuth2, OpenID Connect JWT
• Lightweight way to propagate idenLLes across different services
• Complete example - hCps://github.com/tomitribe/microservice-
with-jwt-and-microprofile

71. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
JWT Propagation
• Role based access control
• Keys (JWKS)
• Standard configuraLon (MP Config)

72. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Goals
• Extract and verify the token
• IdenLfy the caller
• Enforce authorizaLon policies

73. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
What is a JWT?
• Pronounced “JOT”
• SAML like but less verbose
• Fancy JSON map
• BASE 64 URL encoded
• Digitally signed (RSA-SHA256, HMAC-SHA512, etc)
• Possibly encrypted
• Built-in expiraLon

74. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
@LoginConfig(authMethod = "MP-JWT")
public class ApplicationConfig extends Application {
// let the server discover the endpoints
}
——
@Inject
private JsonWebToken jwtPrincipal;
@Context
private SecurityContext securityContext;
@Inject
@Claim("username")
private ClaimValue<String> username;
@Inject
@Claim("email")
private ClaimValue<String> email;
——
@RolesAllowed("create")
public Response create(final Book book, @Context UriInfo uriInfo) {
...
}

75. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile OpenAPI

76. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Open API
• Java API for the OpenAPI v3 specificaLon
• OpenAPI v3 is based on Swagger v2
• AnnotaLons should be similar

77. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Configuration
@GET
@Path("/{id}")
@Operation(summary = "Find a Book by Id")
@APIResponse(responseCode = "200",
content = {@Content(schema =
@Schema(implementation = Book.class))})
public Response findById(@PathParam("id") final Long id) {
return bookBean.findById(id)
.map(Response::ok)
.orElse(status(NOT_FOUND))
.build();
}

78. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
paths:
/books/{id}:
get:
parameters:
- name: "id"
required: true
style: "simple"
schema:
readOnly: false
deprecated: false
description: "The id of the Book"
writeOnly: false
deprecated: false
summary: "Find a Book by Id"
responses:
200:
content:
application/json:
schema:
…
description: ""
operationId: "findById"
GET /openapi

79. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
OpenAPI Demo

80. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile REST Client

81. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
REST Client
• Microservices typically talk REST to other services
• Several JAX-RS implementaLons already support interface
definiLon
• Consistent and easy to reuse

82. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
REST Client
• Type safe REST Service over HTTP
• Extends JAX-RS 2.0 API’s
• More natural code style
• Similar to Feign

83. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Configuration
@RegisterRestClient
@Path(“/books")
public interface BookService {
@GET
@Path("/{id}")
Response findById(@PathParam("id") final Long id);
}
@ApplicationScoped
public class BookStore {
@Inject
@RestClient
private BookService client;
}

84. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile Starter
https://start.microprofile.io

85. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Future

86. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
MicroProfile Roadmap
• MicroProfile 3.0 by June 2019
• Major updates to Health and Metrics
• GraphQl, Long Running AcLons, Concurrency, ReacLve
Messaging, Event Data, ReacLve RelaLonal DB Access

87. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Get Involved

88. @dblevins @tomitribe
wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Resources
• hCp://microprofile.io/
• hCp://tomee.apache.org
• hCps://github.com/radcortez/microprofile-samples

89. wm-jug
#wm-jug @jongallimore @JLouisMonteiro @tomitribe
Thank you!