update on 2016-10-19: more on JWT, fixed typos, clarified some aspects

From Zero to OAuth2 in Spring cloud

Today I am presenting hours of research about a (apparently) simple question: “How can I maintain security in my microservices architecture?”. The task is to enable a simple but mighty possibility to secure spring cloud services down to method invocation level, having a central point of where users and authorities can be assigned.

To achieve this as efficient as possible, OAuth2 is the solution.

In this article we are going to implement an authorization server, holding user authorities and client information, and a resource service with protected resources, using Spring OAuth2 and JSON Web Tokens (JWT). I will demonstrate, how the resource server can host a RESTful resource, having different security levels, which is defined in example authorities “FOO_READ” and “FOO_WRITE”.

The implementation can be downloaded and tested on my GitHub Repository.

Introduction

Today I am writing about log aggregation and analysis inside a Spring Cloud. When working with a lot of spring cloud services, you get a lot of logs out of the box. When analyzing one big log file coming from a monolith is something you can handle easely, doing the same for maybe 100 unique services is not.

To solve this in a elegant way, we must include an installation of a node including a database just for log, some kind of port for accepting incoming logs and a clear backend with capabilities of performing complex search over the entire log base.

Elasticsearch + Logstash + Kibana

Elasticsearch is a modern document based database, built on top of Apache Lucene, which is powerfull in searches on millions of records and is cluster scalable out of the box via REST.

Logstash is a tool wiring log streams our sources and saving them into elastichsearch. The very basic task logstash can be used, is to define a shared volume for all docker container and placing the logs there. Logstash allows to apply different filter on your input, to define how your logs are parsed. This is useful, when collecting logs from different sources, but I will only talk about letting all the services sending their logs to logstash directly in JSON format, to keep the configuration simple.

Kibana actually is a backend offering several tools for log analysis.

Introduction

You may were looking for:

• How can non-JVM application be plugged into a spring cloud microservice infrastructure?
• How can I integrate my Rails / NodeJS / Express / PHP application into a Spring Cloud?
• …and also give the (maybe legacy) applications all the feature a Spring Boot Service inside the cloud have
• …without big changes on the “outside” apps dependencies or even code?

So this what sidecar applications are for: integrating web applications outside the cloud infrastructure accessible in both directions.

What are Sidecar Applications?

Inside the Spring Cloud each Spring Boot application gains its power through dependencies and annotation magic performed on the classes. So things, which usualy consist of a lot of implementations behind, are adjustable through one annotation. But inside a microservice cloud there is also a need of enabling usage of other applications written in different frameworks, languages or even running on other plattforms. One central argument for using microservice architectures is, that there are no limitations (ideally) for which tools you use to build web applications.

Blog Launch

Hello Folks,

so today I - finally - launched this blog. First I was going to code it on my own, just for practice, but maintaining a blog system isn’t something I want to spend my time with. Instead I was looking for a solid solution, which fits my needs, and is not auto-hackable as WordPress.

So, first: sorry for my poor english, I am not a native. And then: I am going to write about general topics about development in many ways, because I feel I can someone tell things, I had to discover on my own.

Upcomming topics

Writing about nothing, is not my aim, so here are the core topics for the next time:

• How to evolve from a script developper to enterprise level with Java
• How to start through with microservices using Spring Cloud and NetflixOSS
• Something else I want to tell the world :)

More information

More information about who I am, the recent posts I am going to publish later in pages or blog posts.

I was stucked on the question: “What do I going todo now? SW:ToR or some music creation?”.

I just couldn’t decide. But I assumed, I had wish to play some SW:ToR PvPs to about 70%, and I would like to drop a 7/3 coin instead of a classic 1/1 coin.

A bit of quick JavaScript helped me through:

1

decide = function (x) { return Math.random() * 100 < x; }

This should return true with a probality of x %….

I was quite sure, the random number must be less then x, but did some tests to prove it:

1
2

n=100;l = []; for(i=0;i<n;i++) l[i] = decide(70); s=0; for(i=0;i<n;i++) s+=l[i]; s / n
=> 0.64

1
2
3
4

n=1000;l = []; for(i=0;i<n;i++) l[i] = decide(70); s=0; for(i=0;i<n;i++) s+=l[i]; s / n
=> 0.716
n=1000;l = []; for(i=0;i<n;i++) l[i] = decide(70); s=0; for(i=0;i<n;i++) s+=l[i]; s / n
=> 0.685

and the big ones :D

1
2
3
4
5
6

n=10000;l = []; for(i=0;i<n;i++) l[i] = decide(70); s=0; for(i=0;i<n;i++) s+=l[i]; s / n
=> 0.7039
n=10000;l = []; for(i=0;i<n;i++) l[i] = decide(70); s=0; for(i=0;i<n;i++) s+=l[i]; s / n
=> 0.6986
n=10000;l = []; for(i=0;i<n;i++) l[i] = decide(70); s=0; for(i=0;i<n;i++) s+=l[i]; s / n
=> 0.6971

And for fairness, my very first result of decide(70) is qualified for my final decision. Happily, it was

1
2
3
4

decide = function (x) { return Math.random() * 100 < x; }
decide(x)
decide(70)
true

:D

P.S.:

You can sometimes take a look at my twitch channel