In the first part we setup a local Keycloak instance. In this blog we will see how we can leverage Keycloak to secure our frontend. For this purpose we will create a small Spring Boot application that will serve a webpage. The next and last blog will show how authentication can be used between services.
As mentioned we will create a small Spring Boot microservice and secure it using Spring Security and Keycloak. The service that we will create in this blog is the "frontend" Spring Service. It serves a simple web page that displays a hello message including the users email adres as registered in Keycloak. The next blog we will build the service and propagate the authorization from to frontend to service we cal. This way we build a complete Single Sign-On solution.
Continue reading →
"We’re agile! Just build it!" Or on the other hand; "agile does not support Software Architecture so we should stop doing agile". Two very different opinions that you can sometimes hear within the same company. Which one is right? Or are they both wrong? Should we stop doing architecture to be more agile? Why do we even need architecture? In this post I’ll give my view on the matter and hope to inspire you to combine Agile and Architecture in your organisation.
So what is Architecture? I like the quote by Ralph Johnson because it’s a clear and succinct definition:
Architecture is the decisions that you wish you could get right early in a project
— Ralph Johnson
Another quote I like that stresses the importance of thinking ahead:
Big design up front is dumb, but doing no design up front is even dumber
— Dave Thomas
So, according to Johnson and Thomas we want to get some bits and pieces right early in the project. We do want to think ahead before we build something, but we don’t want to fall into the trap of designing a system that, by the time it’s built, won’t fit what the business needs anymore.
On the other hand we have an agile process where we need to deliver something 'of value' to the customer every couple of weeks. How do we reconcile these two, since sitting in front of a whiteboard for days doesn’t really produce anything of direct value to the customer?
Continue reading →
While many of the architectural challenges we have to deal with are big hard choices, there are also many smaller simpler ones.
From "don’t call repository classes from controllers" to "don’t have cyclic dependencies".
In most projects I’ve worked on these are unwritten rules.
But why not write them down in a way that we can also see if the rules get broken? Can we test these rules?
Continue reading →
gRPC is a high-performance RPC framework created by Google.
It runs on top of HTTP2 and defaults to the protocol buffers instead of JSON on the wire. As probably most developers,
I’ve also been creating microservices for the past several years.
These services usually communicate over HTTP with a JSON payload.
In this post I want to present gRPC as an alternative to REST when most of your API’s look like remote procedure calls.
In my time using REST API’s I have encountered many discussions about status codes (which do not map very well onto your application errors), API versioning, PUT vs PATCH, how to deal with optional fields, when to include things as query parameters etc.
This can lead to inconsistent API’s and requires clear documentation.
Continue reading →
We can add Micronaut beans to the application context of a Spring application.
Micronaut has a MicronautBeanProcessor class that we need to register as Spring bean in the Spring application context.
We can define which Micronaut bean types need to be added to the Spring application context via the constructor of the MicronautBeanProcessor class.
This way we can use Micronaut from inside a Spring application.
For example we can use the declarative HTTP client of Micronaut in our Spring applications.
First we need to add dependencies on Micronaut to our Spring application.
In this example we will use the Micronaut HTTP client in our Spring application and use Gradle as build tool.
We must add the following dependencies:
Continue reading →
These days companies gather and manage vast amounts of user data.
Loss of this data will expose companies to financial/legal liabilities or damages to their brand.
This is because over the last years, governments have introduced new regulations like the General Data Protection Regulation (GDPR).
Because of this, security is a major cross-cutting concern for application architecture.
This two-part blog post explains how you can leverage Keycloak to secure your Spring microservices.
The first blog will focus on how to install and configure Keycloak.
The second blog will show how to use Keycloak to secure your Spring Boot microservices.
Keycloak is a modern open source Identity and Access Management solution.
It enables us to secure all sorts of frontend applications (apps) / services and offers the following features:
A corporate version, known as Red Hat Single Sign-On (SSO), is also available from (and supported by) Redhat.
The support and the ability to connect to existing identity systems make it a good fit for large organisations.
Continue reading →
The Thoughtworks Technology Radar is well known for showing technology trends and choices.
For my project I wanted to have the same thing, not use the hosted public version from Thoughtworks, but a selfhosted option.
Therefore I choose to base it on the Zalando opensource tech radar, and create a way to use a CSV file as input so updating would be an easy thing to do.
To accomplish that I took the following steps:
-
Create a folder to put the tech radar into: ${project-folder}.
-
Start with the HTML5 Boilerplate index.html file and put it into the ${project-folder} file.
-
Insert the snippets as documented at Zalando Tech Radar, with one adjustment.
I don’t fill the entries array with entries, but will do that later on, from the input in the CSV file.
Note the names of the rings and quadrants, as they will be used in the next step, the CSV.
-
Create a CSV file (${project-folder}/data.csv) as input for the tech radar.
It has columns for the ring and quadrant where a technology should be put, and an indicator for movement.
The names of the rings and quadrant should equal those in the configuration copied from the Zalando example.
If you changed them, use those names instead.
The movement indicator is (up, none, down) and in the next step translated in to value understood by the radar.
The CSV will be translated into entries for the radar.
-
Add the following D3.js library to parse CSV:
This library provides functions to parse CSV file(s) into a map structure per row in the file.
-
Create a function to transform a row in the CSV into an entry for the tech radar:
-
This is the diversion from the steps in the Zalando tech radar description.
Wrap the radar_visualization() function a custom one, that takes an array of entry, to render the transformed rows, e.g. draw_radar(entries).
-
Finally glue everything together to fetch the CSV, parse and transform it, and draw the entries.
The code below uses the functions I defined in the previous steps
When you have followed the above steps, the result should look like this:
Continue reading →
There are those moments you wish you could just start up a real database or system for your (integration) test.
In many tests I’ve written I used H2 or HSQLDB to have a data storage for my tests.
It starts up quickly and almost supports everything you need to do your repository test or any other test needing data storage.
But when your project progresses you start using other ways to store your data other than standard SQL or you use dialect specifics to create your database.
This is the moment you discover H2 or HSQLDB is not supporting your database vendor specific features and you can’t get your test running.
For example the support for PostgreSQL in H2 or HSQLDB isn’t great, using TIMESTAMP in a SQL script already makes H2 or HSQLDB break.
Yes, there are workarounds, but you rather not apply them to keep your code clean and simple.
This is the moment you wish it is cheap to start up a real database instance you can test against, so you’re sure your code works in your production environment.
You could install the database software locally, make some scripts to initialise the database and clean up afterwards.
Or you can make scripts to do this in a Docker container.
But what if there’s something which makes this even cheaper to setup?
Well, there is something to help you: the TestContainers project.
With TestContainers you can startup your favourite database from a Docker container.
TestContainers made a wrapper around docker to have an easy setup for your tests.
And even better, is doesn’t only work with your favourite database, it works with any docker container you need in your test.
Okay, I have to admit, the startup time for your test is longer in comparison with H2 or HSQLDB, but on the other hand you get a fully functional database instance.
Continue reading →
There are a few ways to get your application version with Spring Boot.
One approach is using Maven resource filtering to add the version number as an enviroment variable in the application.yml during the build.
Another approach is to use the Implementation-Version stored in the manifest file.
First of all, you need to enable resource filtering for your application.yml
Then you need to add a maven parameter to the application.yml. @ is used here instead of the standard ${} notation to prevent conflicts
And we can then retrieve it using @Value
The upside of this approach is that you always have a version number even when you start your application from your IDE, also by putting your variable in info.app.version, if you use Spring boot actuator, your version will be automatically available under the /info endpoint.
However, this approach does require quite a bit of configuration.
Continue reading →
After the success of agile transformations that gave organisations the ability to respond to a change in the market more quickly and frequently, the last decade saw DevOps emerge as another magic wand.
While valuable by itself, DevOps should actually be treated as one of many aspects of the Shift Left paradigm applied to the full software delivery life cycle.
Patrick Debois, Andrew Shafer, John Allspaw and Paul Hammond coined the word DevOps around 2008.
It comes down to the insight that combining the disciplines of development and IT operations by removing the thresholds between them allows for the elimination of waste and improvement of quality and speed of software delivery.
The concept of Shift Left comes from the field of testing and boils down to the idea that the earlier in the software life cycle a fault is found, the cheaper it is to fix it.
The accompanying model for this concept is that the process for delivering software goes from left to right as it goes from concept to cash.
Traditional left to right view of a software delivery pipeline
Continue reading →
