Small question on how to create traceID, but when the app is not Spring-based please.
My application is the first, the initiator of a HTTP call. Therefore, the app can be considered as client.
The destinations, the servers, are all Spring Boot Spring Cloud based web applications. I would like to emphasize, while the servers are Spring-based, me, the client, I am not a Spring Boot app.
While my app, being a non-Spring app, I do use the Spring Webflux WebClient in order to create the HTTP requests to those servers. To emphasize, it is not because I use the Spring Webflux WebClient, that makes the app a Spring app!
Since I am the first of the call chain, I would like to create some kind of traceID, so the subsequent services will carry the traceID I created.
I am puzzled as what should come inside this piece of code that I tried:
final var response = webClient.post().uri("http://some-third-party-api.com/someroute").header("X-B3-TraceId", "How to create a traceID?").body(BodyInserters.fromValue(payload)).retrieve().bodyToMono(String.class).block();
Therefore, I would like to ask, being the first, the HTTP call initiator, using a Spring Webflux WebClient, but in a non-Spring app, how to create those traceID so the subsequent services get the one that I created?
By default Sleuth is using OpenZipkin's tracing library called Brave. If your application is java-based, you can use Brave, if not, you can find official implementations for other platforms in the
OpenZipkin org or official and non-official ones in https://zipkin.io/pages/tracers_instrumentation.html
Related
In an existing system, that is a spring boot cloud gateway I'm trying to switch out the code that generates the jwt tokens and manages users for Keycloak.
I found the rest endpoints via this link https://www.baeldung.com/postman-keycloak-endpoints. And that all works fine.
The problem is I can't find for the life of mine if Keycloak has a client for that in their managed code? Or do I need to write a custom client for this?
I can't really use the spring boot adapter because of the complexity of the already existing system.
Kind Regards,
I am trying to intercept a every request in zuul, I tried to follow Interceptor not getting called when zuul.routes configured in gateway link but in this case they are using WebMvcCounfigurerAdapter but I am not being able to use it since my application is not mvc application. Can we have some other approach to so that.
I have misunderstanding security in microservices in spring boot (and general). I want to build a project using Spring framework and microservices but in architecture planning I stuck. How should be security in microservices at all? In my opinion that in all project should be one component which all request go throw the component and spread to other components. What I could find it's Spring Cloud Zuul which is api gateway in microservices and I got idea to make a project which is response for gateway and add security in the component as well. I mean it will be something like a project that contains Spring Cloud Zuul, Spring Security, Spring Data JPA dependencies. How do you think is it good way to provide a security or not? Is it possible to build something like that?
In the project I was involved, we used security at a couple of different levels:
Security at individual route level in Zuul.
Security at each internal service
Here is the flowchart for the security model used in our Spring Cloud project,
When Zuul receives a request, it checks if a route exists for the request.
If a route exists, checks if the route is secured based on custom configuration.
If the route is secured, authenticates the request.
Once the request is authenticated at Zuul, Zuul again checks if the internal service, to which request is to be routed, is secured based on configuration.
If the internal service is secured, creates a new Authentication header based on the user credentials (stored in the custom configuration) before routing the service to the internal service.
Once the internal service receives the request from Zuul, it checks if the request needs to be authenticated.
Once authenticated, processes the request and sends the response back.
I think the answer here might help you, they are talking about using firewall to limit the access from the outbound IP and only allow zuul gateway to access all microservice.
Don't allow direct calls to Microservices. Only allow through API Gateway
I think you can consider using OAuth.
It uses JWT(Jason web token), which is a token passed along with all request/response.
you can find detailed information here: https://nordicapis.com/api-security-oauth-openid-connect-depth/
I am trying to build a new application with spring boot microservice framework. I have tried some demo. The existing demo is too simple, doesn't introduce how to call another service from one service. Should still going through http, or should going through RPC? If going RPC, which RPC framework support?
The way of integrating among services depends on numerous factors, like synchronicity/asynchronicity, load that will be generated, etc. The most popular (I guess) way of integration is REST-based one. Because you tagged your question with spring I would recommend using declarative REST client - Feign that is very well described here. You can use message brokers as well, which are also very well abstracted by Spring Cloud Stream - you can read more here. I think that more in depth discussion should be based on your needs.
If another micro-services are exposing the REST API , then you can simple use jersey client
or httpclient to call them.
I am new to Spring MVC3 framework in java but I am familiar with java coding.
I want to write two application using this framework.
First application recieves requests through a SOAP web services and sends response in form of SOAP XML Object.
Second application have a simple servlet to recieve request and send responces.
I have studied Java MVC3 framework. It requires view to be called who are mapped against which controller will handles its request. But,
How I can do this using a webservice, so that when a specific method using SOAP services is called, I can forward that request to its relevant servlet and sends response back as a SOAP xml file.
How can I do this for my second application as well that recieves request through a servlet.
I hope all this make sense.
regards,
Aqif
If you want to stick with Spring, you can use Spring Web Services for application 1. Application 2 would be a more traditonal Spring Web app (uses a servlet, but framework does not require you to work in the servlet...instead you will work in more fine grained components).
If you dont want to stick with Spring for the web services, you can always use something like Apache Axis
The usual structure is as follows:
you have spring-mvc controllers to handle your browser requests
you have other components that handle the SOAP requests
both of the above invoke the same underlying services which serve them with the data that is to be sent to the user. The data is in java objects, which are later transformed to whatever is required
For the 2nd point you can pick some JAX-WS implementation, like CXF (it has nice spring support as well)
Spring Web Services specifically supports a Spring MVC-like model for responding to SOAP calls, as you describe.
the second one is Spring MVC directly. Heck, it sounds like - though I can't be sure without more information - that you're trying to build RESTful web services. There, too, Spring MVC is the right choice.