- RestFul
- Small Deployable Units
- Cloud Enabled
- Bounded Context
- Configuration Management
- Dynamic Scaling
- Visibility
- Pack of cards
- Spring Cloud Config ~Management
- Eureka ~Dynamic Scaling
- Zipkin && Sleuth ~Visibility and Monitoring
- Different Languages
- Dynamic Scaling
- Faster Release Cycle
- Pre-Req
- Rabbit MQ Service
- Zipkin Service
- Add dependency
spring-cloud-starter-zipkin- It compiles two dependencies
spring-cloud-starter-sleuthspring-cloud-sleuth-zipkin
- Sleuth will assign a unique id to each request
- Sleuth-Zipkin create Zipkin-compatible traces via HTTP
- It compiles two dependencies
- Create a bean which return
Sampler.ALWAYS_SAMPLE - Zipkin needs a message broker and by default it is
rabbit-mq - We have to run rabbit-mq and zipkin-server and over-ride two properties
spring.rabbitmq.addresses=amqp://localhost:5672/spring.zipkin.base-url=http://localhost:9411/
- Access Zipkin Dashboard to see traces of micro-services
- Pre-Req
- Elastic Search
- Logstash
- Kibana
- Add dependency
logstash-logging-spring-boot-starter - Add following Properties in props file:
logging.logstash.enabled=truelogging.logstash.url=logstash:5000
- Access Kibana Dashboard to see the logs
- There is need to centralize the configurations for difference environments (dev, local, prod, qa)
- Here comes Spring Cloud Config, it provides a config client and a config server
- We have to setup the config server to point to cloud repo (in our case github) and then make our config client to point to our config server to get the configurations from the config server
- According to aws docs
A resource server is a server for access-protected resources. It handles authenticated requests from an app that has an access token. Typically the resource server provides a CRUD API for making these access requests. - Security Config Class (to create a Resource Server)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
http.authorizeRequests(authorize -> authorize.anyRequest().authenticated())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}- Explanation
@ConfigurationIndicates that a class declares one or more@Beanmethods and may be processed by the Spring container to generate bean definitions and service requests for those beans at runtime.@EnableWebSecurityAdd this annotation to an@Configurationclass to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding individual methods:EnableGlobalMethodSecurityEnables Spring Security global method securityThe jsr250Enabledproperty allows us to use the@RoleAllowedannotation on methods- We are overriding
configuremethod ofWebSecurityConfigurerAdapterto authenticating all requests and addingOAuth 2.0Resource Server support. - Add
spring.security.oauth2.resourceserver.jwt.issuer-uriissuer (Auth Server) URI
- According to Stackoverflow:
A client is an application that will interact with the authorization server or the resource server
- According to Key Cloak Docx, Audience validation should be done in service side.
- We can add audience by adding at least one role of respective service in the user roles.
- For more inf please see Key Cloak Docx
- eureka.instance.prefer-ip-address=true
- eureka.instance.instance-id=${spring.cloud.client.ip-address}:${server.port}
- eureka.instance.hostname=${spring.cloud.client.ip-address}
-
- spring-boot-starter-actuator
-
- caffeine
-
- spring-boot-devtools
- lombok
- spring-boot-configuration-processor
-
- spring-boot-starter-test
-
- cc-exception
- cc-dto