stytex Blog

topics all around development, DevOps and more

Build CD Pipeline With Gitlab + GitLab CI for Spring Cloud Microservices

| Comments

Today I am writing about a continuous delivery pipeline, built on top of GitLab and GitLab CI. As a very simple but production tested deployment solution, I will push to a Dokku cloud.

In short, we will:

  • setup GitLab with CI
  • secure connections with TLS certificates using LetsEncrypt and Certbot
  • setup GitLab Container Registry
  • configure a pipeline for staging and production using a Dokku host
  • run the pipeline

The first part will cover the configuration part of GitLab, the second will demonstrate one possible deployment configuration to zero-downtime-deploy a microservice application, built with JHipster. But before we dig into the details, I will discuss what this setup is supposed to achieve.

(CD pipeline with GitLab CI)

JHipster 3.7 Tutorial Pt 3: Secure Service Communication Using OAuth2

| Comments

This article introduces the core feature set of JHipster UAA, in particular building HTTP clients for service-to-service communication, security configuration and testing.

Intro

It has been a while since my last article. For those, who might be crazy enough to follow my blog should remember the statement of my last article on how to get started with JHipster microservices, which became a core feature since version 3.0.

Security in Applications: 2nd Order Privileging

| Comments

A word on security

While developing modern web or even cloud applications, using tools like Spring, JHipster or Rails or whatever, security comes in many different facets. This article is not bound on a specific framework. This is a general concept.

Today I am going to talk about how to bring access management in a easy business friendly, but mighty concept. It’s about, how to organize access grant to your business resources. You maybe think, this is “authorization”. While authorization is a technological implementation of bringing authorizing information when it’s needed, “privileging” is the way of what authorities exists and how they are related to the system users.

JHipster 3.0 Tutorial Pt 1+2: Intro + Basic Service Communication

| Comments

Introduction

It has been a while since my last post, so since JHipster 3.0 was releases during past week, it’s a perfect time to talk about microservices, and how JHipster can help.

The subtopics today are:

  1. scaffolding a microservice architecture with JHipster 3.0
  2. communication between services with decentralized load balancing (Ribbon) and optional circuit switching (Hystrix)
  3. (maybe in next article) applying the full power of OAuth2 client credential grant to apply fine-grained securing (with possible use cases for this)

Securing Spring Cloud Microservices With OAuth2

| Comments

update on 2016-10-19: more on JWT, fixed typos, clarified some aspects

From Zero to OAuth2 in Spring cloud

Today I am presenting hours of research about a (apparently) simple question: “How can I maintain security in my microservices architecture?”. The task is to enable a simple but mighty possibility to secure spring cloud services down to method invocation level, having a central point of where users and authorities can be assigned.

To achieve this as efficient as possible, OAuth2 is the solution.

In this article we are going to implement an authorization server, holding user authorities and client information, and a resource service with protected resources, using Spring OAuth2 and JSON Web Tokens (JWT). I will demonstrate, how the resource server can host a RESTful resource, having different security levels, which is defined in example authorities “FOO_READ” and “FOO_WRITE”.

The implementation can be downloaded and tested on my GitHub Repository.