Microservices

Microservices are a variant of software dev technique Service-Oriented architecture. 

• Collection of loosely coupled services
• Increases modularity
• Parallelises development
• Deploy and scale respective services independently
• Small and responsible for one thing
• By single domain OR single feature
•  
  

Developing a single application as a suite of small services, each running in its own process and communicating with light weight mechanisms, often an http resource api.

Fine grained SOA(Service oriented Architecture)

• why move to micro services
• New types of clients - smart phone, tablets, tvs,  watches...
• controllers designed for web interfaces are not designed for  new clients
• New persistence technologies
• We have specialized technologies which offer superior performance for specific use cases
• Search - Elastic Search
• Product reviews- can be stored in document store like MongoDB
• Shopping cart- simple key value store - redis
• legacy DB

Monolithic  Challenges

• Single codebase
• Deployment
• versioning 
• team size
• Feature implementation will be slow due to large code base with large team
• fixing and deploying defects
• Advantages
• easy to comprehend but not to comprehend millions of code
• single language
• Disadvanteges
• Language and framework lock
• Digesting large code base is difficult. Too many secrets/hacks, 
• Deploy as single unit

Microservices

• Small and independent applns built around individual functional areas. Each one uses the backend technologies best suited for its need
  
• APi Gateway
• Various client technlogies need to access our services. Having each client access each service will have issues. So we use api gateway
  
• It handles the complexity of talking to services
• Cloud native architechture
• Communicate via apis & not common DB
• Microservices encapsulate business capabilities by business function(cart, catalog, checkout)
  
• not based on technology stack - dao, db, 
• eg: Cart, checkout, REviews, Search
• Services are not Ochestrated but Choregraphed
• Challenges
• Few services may be unavailable
• Design for failure & curcuit breaker
• More monitoring required
• Remote calls expensive than in-process calls
• Must rely on Eventual Consistency over ACID
•  Features span multiple services
• Change management becomes a different challenge
• Refactoring module boundaries
• Network
• should be reliable
• latency 0
• bandwidth is infinete

How to break Monolyth into Micro services

• Primary consideration should be business funcitonality
• Nouns (Carts, customer, catalog)
  
• Verb based(Search, checkout, shipping)
  
• single responsibility service
• Bounded context
  

SOA vs Microservices

• SOA is integration of system. Microservices address individual applns
• soa relies on orchestration, Microservce rely on choregraphy
• soa is smart integration of dumb services, microserviews is dumb integration of smart services eg: pipes, filters in linux
  

Spring Cloud

• Spring cloud config
• Centralized, externalized, secured, easy to reach source of appl config.
• application.yml or application.properties to have location where config file is located
• @EnableConfigServer
  
• Spring Cloud bus
• provides simple way to notify clients about appln config changes
  
• Spring cloud netflix Eureka
• Service discovery- allows applications to register themselves as clients
  
• load balancing
• Circuit breaker
• zuul
• cacheing
• 
  

OAuth in SpringBoot

 

OAuth2

• Open Authroization
• Industry standard protocol for authorization
• DelegatedAuthorization framework
• Authorization given to limited amount of data and time

OAuth2 Roles

• Resource Owner
• Resource server-> restful micro service
  
• Client-> appln accessing data on users behalf
• Authorization server - issues tokens to client
  

OAuth2 Client Types

• Confidential client
• public client

OAuth2 Access token types

• Identifier -> used to get additional information like scope, user, expiry from db
  
• Self-contain the authorization information 
• Json object with base64 encoded
• Containes - Header section, payload section, signature

OAuth2 and OpenID Connect

• Access token - simple random char string with no information about user
• OpenID connect- Provides access token + ID token(ID token contains identity information

Grant Types

• Way in which applications get access tokens.
• Types
• Authorization code
• Serverside webapp
• Mobile native app
• Client appln should securely save the authorization code. 
• how it works
• Client website redirects to authorization server URL with response type parameter as code
  
• GET /authorize?response_type=code&state=&redirect_uri=&scope=&client_id=
• Authorization server validates data and presents login page
• ones user authenticates with authorization server, server generates authorization code and redirects to the redirect_uri
• POST /authorize/token
  ?grant_type=authorization_code&code={code}&redirect_uri=&client_id=&client_secret=
• authorizaiton server responds with json with access_token and expiry
  
•  Client Credentials
  
• Serverside script with no UI
• appln-appln requests  eg: spring boot micro service to micro service communication
  
• No user involved to provide user/pwd
• One Micro service sends POST request /authorize/token ?grant_type=client_credentials&client_id=&client_secret=&scope=email
• PKCE Enhanced Authorization code
• Java script single page app
• Mobile native app
• Proof key for code exchange
• This is same as Authorization code with few changes
• Send GET request with addln query params code_challenge=&code_challenge_method=
• flow
• client to generate code_verifier which is alpha numeric string. Base64 encoded
  
• Code challenge value- It is derived from code_verifier by converting to Hash value with SHA256 algorithm
  
• Device code
• device
• Password grant
• This should be used only when the appln doesn't support redirect
• This requires absolute trust for your appln 
•  
  
• Implicit flow
  

 Refreshing Access token

• To get refresh token that never expires we need to include additional scope offline_access
• send POST request to /token service with grant_type=refresh_token & client credentials along with refreshtoken
  

 Standalone authorization

• KeyCloak-> Open source Identity and access management server

 Scope based access control

 Resource server behind api gateway

• Spring cloud api gateway
• application.properties
• spring.cloud.gateway.routes[0].id=
  
• spring.cloud.gateway.routes[0].uri=
  
• spring.cloud.gateway.routes[0].predicates[0]=path=
• spring.cloud.gateway.routes[0].predicates[0]=method=GET
  
• spring.cloud.gateway.routes[0].filters[0]

Eureka discovery service

•  Spring Cloud Netflix Eureka
• When new instance of microservice starts - it registers itself with Eureka
• No manual configuration required in Eureka
• Create new spring boot project with Eurekha as dependency
• @EnableEurekaServer in main program
• Properties file
• eureka.client.registerwitheureka=false
• eureka.client.fetchRegistry=false
• Register Resource servers as Eureka clients
• pom.xml
• add netflix.eureka.client dependency
• applicartion.java
• @EnableDiscoveryClient
• application.properties
• eureka.client.serviceurl.defaultzone=
  

Configure API gateway routes

• application.properties
• spring.cloud.gateway.routes[0].id=
  
• spring.cloud.gateway.routes[0].uri=lb://<micro service name>
  
• spring.cloud.gateway.routes[0].predicates[0]=path=
• spring.cloud.gateway.routes[0].predicates[0]=method=GET
  
• spring.cloud.gateway.routes[0].filters[0]

 

Auth Server

API Gateway - Single entry point for a project

Eureka - Service Registry

Resource Servers

 

Role based, scope based access

 

Spring

 Why Spring

• Popular framework for building Enterprise applications

Inversion of Control

• Outsourcing construction and management of Objects

Spring Container 

• Primary Functions
• Create and manage objects(Inversion of control)
  
• Inject Objects dependencies (Dependency Injection)
• Constructor injection & Setter injection
  
• Configuring Spring Container
• XML configuraiton file-> applicationContext.xml
  
• Java annotations
• Java source code
• Development process
• Configure your spring beans
• Create Spring Container 
• ClassPathXmlApplicationContext
  
• Retrieve beans from container

 Bean Scopes

• Default Scope: Singleton
• Prototype - new object for each request
  
• Request
• Session
• globa-session

Bean LifeCycle methods

• Bean container started -> Bean instatiated -> dependencies injected -> Internal spring processing -> customer init method
• define init method in xml using <init-method=""> as part of bean definition
•  define destroy method in xml using <destroy-method=""> as part of bean definition

Configuration with Component Scanning

• Automatically register beans in spring container based on special annotations
• Steps
• Enable component scanning in spring config file and specify base package
  
• add @Component annotation to your java class
• @Component("beanid")
• Dependency injection
• @Autowired
• Constructor injection, Setter injection, Field injection
• @Qualifier to specify which exact bean when there exists multiple implemntations

Scope Annotations

• Lifecycle
• bean initialization, bean destruction using @PostContruct & @PreDestroy 
• @PostConstruct will execute after constructor & dependency injection
• @PreDestroy just before bean is destroyed
  
• how long it lives
• how many instances
• how is bean shared

@scope("singleton") , @scope("prototype"), @scope("singleton"), @scope("singleton") 

 

 Configuration with Java Code

• Create java class(MyConfig.java) with annotation @Configuration
• add @ComponentScan annotation OR create method with @Bean annotation and create and return bean objects
  
• In main method, read configuration class
  AnnotationConfigApplicationContext context = new
  AnnotationConfigApplicationContext("MyConfig.class");
• retrieve beans using method names.
  

 Reading properties file with Java config

• Provide following annotation on spring config class
• @PropertySource("classpath:source.properties")
• access values with
• @Value("${foo.team}")

Spring MVC

• Components
• UI Pages
• collection of spring beans(controllers, services etc)
• spring config(xml, annotations or Java)
• Front controller known as dispatcher servlet
• Controller contains business logic
• Model contains data
• View Template with jsp+jstl
• Configuration
• WEB-INF/web.xml
• configure dispatcher servlet & url mappings
  
• WEB-INF/spring-mvc-demo-servlet.xml
• support for component scanning, view resolver, conversion, validation
•  Development Process
• Controller Class -> @Controller inherits Component
  
• Controller Method
• add Request Mapping
• return viewName
• Form Tags and Data binding
• <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>

Hibernate

• Setting up Hybernate
• Eclipse->Java project
• Create lib folder and copy the required jars
• Add lib jars to project build path
• Test jdbc connection
• main(){
  Connection conn = DriverManager.getConnection(url,user,pwd);
• Hibernate configuration
• config file
• create hibernate.cfg.xml in src directory
  
• Annotate java class
• @Entity
  @Table(name="anyname")
  @ID
  @Column(name="anyname")
  
• perform db operations
• SessionFactory
• Reads hibernate config file
• creates session objects
• Heavy-weight object
• only create once in your app 
• SessionFactory factory = new Configuration().configure("hibernate.cfg.xml")
  .addAnnotatedClass(Student.class.buildSessionFacory()
  
• Session
• Wraps a jdbc connection
• Main object used to save/retrieve objects
• short-lived object
• Retrieved from session factory
• Session session = factory.getCurrentsession();
  
• session.beginTransaction()
• session.save(object)
• session.getTransaction().commit();
• Reading Objects
• Student std = session.get(Student.class, id);
• session.createQuery("from Student s where s.lastName='x').getResultList()
• @Repository
• DAO Implementations
• Provides translation for any jdbc exceptions
• AOP(Aspect-Oriented Programming)
  
• logging before start of the DAO methods and also all layers.
  
• add security to methods
• Issues
• Code Tangling
• Code Scattering
• AOP
• Programming based on aspect
• Aspect encapsulates cross-cutting logic/concerns
• This is also called infrastructure code
• Can be reused at multiple places
• Proxy design pattern
• Benefits
• code is resided in single place
• reuse
• Business code is cleaner
• Configurable
• No change to main appln code
• Usecases
• Logging
• Exception handlig
• API management
• Disadvantage
• minor perf
• too many aspects- app flow is hard to follow
• Terminology
• Aspect - Module of code for cross-cutting concerns
• Advice- What action is taken and when to apply 
• Joint Point-When to apply code during program execution
  
• Pointcut - A predicate expression for where advice should be applied
• Advice types
• Before- before method
  
• After- after method
  
• After returning advice- after method in success case
  
• after throwing advice - exception case
• Around - before and after
• Weaving
• Connecting aspects to target objects to create an adviced object
• Types
• compile time, run time, 
• Frameworkds
• Srping AOP(runtime weaving), AspectJ
• Development process
• Create Target Object/class
• Spring Java config
• @EnableAspectJAutoProxy
• Create an Aspect with @Before advice
• @Aspect -> class level annotation
• @Before("execution)public void addAccount())")   -> point cut expression
• Point Cuts
• Execution pointcut

 Security

• Config class with any name and following annotations & Bean(method) for viewResolver
  
• @Configuration
  @EnableWebMvc
  @ComponentScan(basepackages="")
  
• SpringDispatchServlet
• AbstractAnnotationConfigDispatcherServeletInitializer to replace web.xml
• overried following classes
• getRootConfigClasses
  getServletConfigClasses
  getServletMappings
• Basic security
• security initializer- class extending AbstractSecurityWebApplicationInitializer
  to register securitynfilters
  
• spring security configuration extends WebSecurityConfigureAdapter with following annotations
  
•  @Configuration
  @EnableWebSecurity
• override configure(AuthenticationManagerBuilder) method
• add users and pwd details for inmemory authenticator
  
• AbstractSecurityWebApplicationInitializer  -> to register security filters
• Add users and pwd
• Restrict access by roles
• antMatchers("path to match").hasRole("role name")
• antMatchers("path to match").hasAnyRole(<list of roles)

Spring Rest

• Json to Java pojo
• Jackson Object mapper
• mapper.readValue & mapper.writeValue are methods to be used
•  Exception Handling
• define a pojo for exception response
• Create Customexception extends RuntimeException
• Add Exception handler method with ExceptionHandler annotation
• return responseEntity with pojo for Exception response
• Global Exception Handling
• @ControllerAdvice - similar to filter/interceptor
•  API design
• Who will user, how will they use
• Identify main resources/Entiry

Spring Boot

• Spring Initializer
• Has embedded HTTP server. Tomcat, Jetty, Undertow
• No xml and java configuration required
  
• @SpringBootApplication
• Enables Auto configuration, component scanning, Additional configuration
  
• Project Structure
• mvnw -> maven wrapper files
• They download mvn incase system doesn't have it
• pom.xml
• Spring-boot-starter-web includes
• spring-web
• spring-webmvc
• hibernate-validator
• tomcat
• json
• application.properties
• Spring by default loads the properties from this file
• Values can be accessed using @Value(${propertyname}) - injection
  
• Spring boot will load static files from /static directory by default
• Auto configuration for template engines line Thymeleaf
• Starter parent
• dependency management version
• spring boot mvn plugin
• default properties like java version and so

Springboot dev tools

• add following dependency to pom for auto restart appln when code changes done
  <dependency>
  <groupId> org.springframework.boot
  <artifactId>spring-boot-devtools

Springboot Acutator

• exposes end points for metrics  /health, /info, /beans, /mappings
  <dependency>
  <groupId> org.springframework.boot
  <artifactId>spring-boot-starter-actuator
• application.properties
• info.app.name
• info.app.description
• info.app.version
•  management.endpoints.web.exposure.include=*

SpringJPA

• Hibernate is default implementation of JPA
• EntityManager is similar to Hibernate SessionFactory. It can serve as wrapper of Hibernate session object
  
• Version1- Use EntityManager but leverage native Hibernate api
• Version2-Use EntityManager and Standard JPA api
• Version3-SpringData JPA

SpringData JPA-> JPARepository

• SpringData JPA provides a interface JPARepository
• Extend JPARepository
• Use Respository in your code
• eg: public interface EmployeeRepository extends JPARepository<Employee, Integer>{

SpringDataRest

• Add Spring Data Rest to your pom
•  
  

H2 DB -> https://www.youtube.com/watch?v=9ME94z46fsU

• Dependencies
• H2 Database
• Spring Data JPA
• Spring web
• application.properties
• spring.h2.console.enabled=true
• spring.h2.console.path=/h2
• spring.datasource.url=jdbc:h2:mem:memdb; DB_CLOSE_DELAY=-1
  OR spring.datasource.url=jdbc:h2:file:/home/vdesu/apps
  spring.jpa.hibernate.ddl-auto=update
  
• spring.datasource.driverClassName=org.h2.Driver
• spring.datasource.username=sa
• spring.datasource.password=
• Create Entity Person
  
• PrimaryKey
• @Id
• @GeneratedValue(strategy=GenerationType.AUTO)
•  Create Repository
• @Repository
  public interface PersonRepository extends CrudRepository<Person, Long>{}
• main()
  
•  ConfigurableApplicationContext ctx = SpringApplication.run(...class,args);
  PersonRepository repository = ctx.getBean(PersonRepository.class)
  Person p= new Person(1,"a","b");
  repository.save(p);