- RestFul
- Small Deployable Units
- Cloud Enabled
- Bounded Context
- Configuration Management
- Dynamic Scaling
- Visibility
- Pack of cards
- Spring Cloud Config ~Management
- Eureka ~Dynamic Scaling
- Zipkin && Sleuth ~Visibility and Monitoring
- Different Languages
- Dynamic Scaling
- Faster Release Cycle
- Pre-Req
- Rabbit MQ Service
- Zipkin Service
- Add dependency
spring-cloud-starter-zipkin
- It compiles two dependencies
spring-cloud-starter-sleuth
spring-cloud-sleuth-zipkin
- Sleuth will assign a unique id to each request
- Sleuth-Zipkin create Zipkin-compatible traces via HTTP
- It compiles two dependencies
- Create a bean which return
Sampler.ALWAYS_SAMPLE
- Zipkin needs a message broker and by default it is
rabbit-mq
- We have to run rabbit-mq and zipkin-server and over-ride two properties
spring.rabbitmq.addresses=amqp://localhost:5672/
spring.zipkin.base-url=http://localhost:9411/
- Access Zipkin Dashboard to see traces of micro-services
- Pre-Req
- Elastic Search
- Logstash
- Kibana
- Add dependency
logstash-logging-spring-boot-starter
- Add following Properties in props file:
logging.logstash.enabled=true
logging.logstash.url=logstash:5000
- Access Kibana Dashboard to see the logs
- There is need to centralize the configurations for difference environments (dev, local, prod, qa)
- Here comes Spring Cloud Config, it provides a config client and a config server
- We have to setup the config server to point to cloud repo (in our case github) and then make our config client to point to our config server to get the configurations from the config server
- According to aws docs
A resource server is a server for access-protected resources. It handles authenticated requests from an app that has an access token. Typically the resource server provides a CRUD API for making these access requests.
- Security Config Class (to create a Resource Server)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
http.authorizeRequests(authorize -> authorize.anyRequest().authenticated())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}
- Explanation
@Configuration
Indicates that a class declares one or more@Bean
methods and may be processed by the Spring container to generate bean definitions and service requests for those beans at runtime.@EnableWebSecurity
Add this annotation to an@Configuration
class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding individual methods:EnableGlobalMethodSecurity
Enables Spring Security global method securityThe jsr250Enabled
property allows us to use the@RoleAllowed
annotation on methods- We are overriding
configure
method ofWebSecurityConfigurerAdapter
to authenticating all requests and addingOAuth 2.0
Resource Server support. - Add
spring.security.oauth2.resourceserver.jwt.issuer-uri
issuer (Auth Server) URI
- According to Stackoverflow:
A client is an application that will interact with the authorization server or the resource server
- According to Key Cloak Docx, Audience validation should be done in service side.
- We can add audience by adding at least one role of respective service in the user roles.
- For more inf please see Key Cloak Docx
- eureka.instance.prefer-ip-address=true
- eureka.instance.instance-id=${spring.cloud.client.ip-address}:${server.port}
- eureka.instance.hostname=${spring.cloud.client.ip-address}
-
- spring-boot-starter-actuator
-
- caffeine
-
- spring-boot-devtools
- lombok
- spring-boot-configuration-processor
-
- spring-boot-starter-test
-
- cc-exception
- cc-dto