Microservices for the Masses

Spring Boot · JWT · JHipster

Conway’s Law

Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization’s communication structure.

Melvyn Conway 1967

"Do one thing and do it well."

The philosophy of a microservices architecture essentially equals to the Unix philosophy of "Do one thing and do it well".

It’s easier to work on small "do one thing well" services. No single program represents the whole application, so services can change frameworks (or even languages) without a massive cost. As long as the services use a language agnostic protocol (HTTP or lightweight messaging), can application can be written in several different platforms - Java, Ruby, Node, Go, .NET, etc. - without issues.

Platform-as-a-Service (PaaS) providers and containers have made it easy to deploy microservices. All the technologies needed to support a monolith (e.g. load balancing, discovery, process monitoring) are provided by the PaaS, outside of your container. Deployment effort becomes close to zero.

The Future?

You shouldn’t start with a microservices architecture. Instead begin with a monolith, keep it modular, and split it into microservices once the monolith becomes a problem.

Martin Fowler March 2014

start.spring.io

How We Migrated Our Backend to Spring Boot in 3 Weeks

Our application was a traditional Spring app secured by Apache Shiro and configured with both XML and Java Config. When we added Spring Boot, it didn’t replace Spring of course (since Spring Boot is built on top of Spring), but it simplified much of our architecture by adding a layer that helps automate configuration and deployment while making it easier to implement features, as well as prime our architecture for modular microservices (more on that later).

Because we have thousands of customers in production and are constantly developing new features, we did extensive testing to make sure everything still worked as expected. We also built some custom Spring Boot Starters, including a nifty one for real-time stream messaging with Apache Samza. And even though our software stack is a few years old and involves a lot of business edge cases and intricate code paths, we were able to make the transition in just three weeks.

In the process, we tried to use as much of the Spring Boot and Spring Cloud ecosystem to remove as much custom code as possible. Spring Boot allows us to do that in a clean, plugin-oriented way. Here’s what we did:

XML Config to Java Config
Boot Dictates Where Your Config Files Reside
Auto-Configuration in Spring Boot

The Spring Boot Starter ecosystem gives us a huge amount of out-of-the-box functionality that traditionally we used to build ourselves. Instead of defining beans and wiring them ourselves, we’re using Spring Boot Starters wherever possible.

We use the ecosystem integrations for Zookeeper, Kafka, Cassandra, JMS messaging, SMTP mail servers and many others. Historically, we’ve had to build, integrate and configure these services ourselves, but now we just drop in the necessary starter dependency, and boom: the starter is enabled and auto-configured!

Microservices are awesome, but they’re not free.

Les Hazlewood Stormpath CTO

Securing Your API

Choose the Right API Security Protocol
- Basic API Authentication with TLS (aka SSL)
- OAuth 1.0a, OAuth 2.0, OpenID Connect
API Keys vs. Username/Password Authentication
- Store Your API Security Key securely
Use globally unique IDs (e.g. Url62)
Avoid sessions, especially in URLs

JSON Web Tokens

Create a JWT in Java

String jwt = Jwts.builder()
    .setSubject("users/TzMUocMF4p")
    .setExpiration(new Date(1300819380))
    .claim("name", "Robert Token Man")
    .claim("scope", "self groups/admins")
    .signWith(
      SignatureAlgorithm.HS256,
      "secret".getBytes("UTF-8")
    )
    .compact();

Validating a JWT

String jwt = // get JWT from Authorization header
Jws<Claims> claims = Jwts.parser()
    .setSigningKey("secret".getBytes("UTF-8"))
    .parseClaimsJws(jwt)
String scope = claims.getBody().get("scope")
assertEquals(scope, "self groups/admins");

Better Secret

String b64EncodedSecret =
    "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=";

.signWith(SignatureAlgorithm.HS256,
    TextCodec.BASE64.decode(b64EncodedSecret))

Spring Boot is pretty hip. And so are microservices and JWTs! But what about the UI?

You know what another hot framework is/was? Angular!

Wouldn’t it be hip if someone combined these two frameworks? And if they added in another hot framework: Bootstrap!

JHipster is one of those open-source projects you stumble upon and immediately think, “Of course!” It combines three very successful frameworks in web development: Bootstrap, AngularJS, and Spring Boot. Bootstrap was one of the first dominant web-component frameworks. Its largest appeal was that it only required a bit of HTML and it worked! All the efforts we made in the Java community to develop web components were shown a better path by Bootstrap. It leveled the playing field in HTML/CSS development, much like Apple’s Human Interface Guidelines did for iOS apps.

JHipster was started by Julien Dubois in October 2013 (Julien’s first commit was on October 21, 2013). The first public release (version 0.3.1) was launched December 7, 2013. Since then, the project has had over 130 releases! It is an open-source, Apache 2.0-licensed project on GitHub. It has a core team of 18 developers and over 320 contributors. You can find its homepage at http://jhipster.github.io. Its Open HUB profile shows it’s mostly written in JavaScript (50%) and Java (35%).

At its core, JHipster is a Yeoman generator. Yeoman is a code generator that you run with a yo command to generate complete applications or useful pieces of an application. Yeoman generators promote what the Yeoman team calls the "Yeoman workflow". This is an opinionated client-side stack of tools that can help developers quickly build beautiful web applications. It takes care of providing everything needed to get working without the normal pains associated with a manual setup.

JHipster by the numbers

+250 contributors
+6800 Github stars
+480,000 installations
+150 companies officially using it

How to use JHipster

To install JHipster, you run an npm command:

$ npm install -g generator-jhipster

$ mkdir myapp && cd myapp
$ yo jhipster

What’s Generated?

Spring Boot application
Angular application
Liquibase changelog files
Configuration files

Security Screens

Several generated screens
- Login, logout, forgot password
- Account management
- User management
Useful for most applications
- Pages must be tweaked
- User roles will be added/extended
Provides good examples of working screens
- Forms, directives, validation…

Admin Screens

Monitoring
Health
- Spring Boot configuration
- Spring Security audits
- Log management
Very useful in production

Liquibase

Microservices with JHipster

JHipster on Google Cloud

https://youtu.be/dgVQOYEwleA

Automation and orchestration are key for deployment.

Define your exit criteria (e.g. maximum time for a request to execute) before implementing your microservices infrastructure. You’re likely going to have to custom build some things, so be prepared for that. Trial a few different platforms and then pick the one that meets your criteria and is the easiest to develop with. Don’t develop half of your system on one platform and then try moving to another.

Make sure and record the request id in all logging events for traceability.

If you have less than 20 people, start with a monolith, but build in async messaging asap. Use it for things like mail, notifications, logging, and archiving. Debugging, deployment, logging is much easier with a monolith.

Async Messaging or other non-blocking with automatic back pressure

Microservices are not free, but you get a deep discount on microservices with JHipster.

Matt Raible 2016

JHipster.next

JHipster CLI
gRPC Support
React Support
Spring 5 and Reactive
Improved Kafka Support

Do one thing and do it well.

Unix philosophy

This Presentation and Demos

https://github.com/mraible/microservices-for-the-masses

Image Credits

Fountain of colours - Paulius Malinovskis on Flickr
Ponte dell’Accademia at Sunrise - Trey Ratcliff on Stuck in Customs
Conway’s Law - Martin Fowler and James Lewis on Microservices
Good Morning Denver - Sheila Sund on Flickr
Monoliths - Arches National Park on Flickr
Mexico - Trish McGinity on McGinity Photo
Future - vivianhir on Flickr
Spring Runoff - Ian Sane on Flickr
The memory Seeker, Santa Monica Pier, CA - Pacheco on Flickr
San Francisco By Night - Trish McGinity on McGinity Photo