Suppose i have a service that make multiple api calls to multiple micro services
Currently i am fetching all required endpoints from database and setting them as system property.
But i want to remove this db call and at the same time externalize the same.
Can you please suggest me best ways to externalize these endpoints?
In micro-service based architecture, ideally what you need is service registry and server side service discovery pattern to tackle multiple service calls.
If you are sure that your api calls are never gonna change, then keeping it in .properties file make sense, but again if they change you have to re-deploy your service.
You need to get the API end points from a Directory which will have the latest API end points. This has to be a global DB or Directory. Try using JNDI.
Related
I had some trouble wording the question, but basically, I have found it common, where I work, to create a Java Spring Rest API that connects to a database and a front end application uses that API (web-app -> service API -> database). This couples the application service api to the data store and is often specific use case for the front end application. I see many service APIs creating the same get calls to the same database. This seems wrong to me.
I believe it would be better to create an API for the database itself, then run the service API to that. (web-app -> service API -> datastore API -> database). This would allow all services to access the database without coupling to it directly and having to manage access to that database for 30 applications. It would also allow any application that doesn't need anything other than the data to just use the existing datastore API. I remember an article about how Amazon requires an API for every data store and this is how I would see that being handled.
Is the idea of having a data store API and connecting to that using a service API the right mindset? Or is there some other way I should be handling this?
Reading what you just wrote it seems to me that what you have is a "microservices done wrong", as I can understand you have a few applications accessing the same database/datastore, from a microservices perspective it's wrong.
Each application should have its own database split in boundaries if any application needs to query/update the other's application data it uses an API rather than accessing the database directly.
The bottom line is, instead of having an API to access a single database each application should limit itself to its own boundaries and access its own database.
Of course, one size doesn't fit all but I do belive it's a good guideline.
I have a scenario where i am hosting different java Rest Services on different Tomcat instances (different machines). These projects running on the tomcats do not have any UI. For simplicity's sake, lets assume that the user will directly enter some URL in the browser (or curl) to avail these services. Now I need this service to be able to talk to (call functions) the services available in the other tomcat instance.
For eg. If TomcatInstance1 gets the call, and all this does is act as a 'router' to the different services, i want it to be able to place the Rest call for the other 'service' available on, say, TomcatInstance2. Is this possible?. If so, how to achieve that? (Tried searching for similar questions on SO, couldnt find any). Are there any online reference for the same?
PS: Hosting the services in the same Tomcat Instance is against the requirement that I'm having.
That is completely possible. You can use (for example) Jersey-client (http://jersey.java.net/) to make the queries to the other RESTful web services in the other Tomcat instances. Only need to define the correct URIs of the end points and query them according the the API exposed and call it (like you were a client from a browser, or curl).
See here a nice example of using Jersey-client to do that: http://www.mkyong.com/webservices/jax-rs/restful-java-client-with-jersey-client/
I would suggest Spring Restful api ( http://static.springsource.org/spring/docs/3.0.0.M3/reference/html/ch18s02.html , http://www.mkyong.com/spring-mvc/spring-3-rest-hello-world-example/ ).
As #emgsilva mentioned the only thing you need to do is to point correct uris between each other.
The beauty of spring restful api is it is simple to use and you don't deal with any serialization - deserialization.
I would like to know how to set a timeout for a REST web service with Jersey, and being able to catch it within the service. I've read some approaches to achieve this, such as calling another service after the timeout to check if the current service is active, or verifying application credentials, etc.
I'd rather not to follow these approaches. In fact, I would like to know if is possible to set a listener to the HTTP request, or to the service itself, that would execute some procedure if
the timeout is reached.
I suppose that creating a thread within the service body to act as listener could be a solution, but I'd like to know if there is a solution closer to Jersey.
I'm pretty sure that Jersey like many other api's has client timeout functionality built in.
Don't want to give you loads of code so you can check out these posts
Not sure I remember correctly but I think you can set it using this clint api through setReadTimeout and setConnectTimeout*
https://jersey.java.net/apidocs/1.1.1-ea/jersey/com/sun/jersey/api/client/Client.html
Our business process invokes an external web service, we may need to change the web service URLs for different environments.
For Example:
For DEV server we will have one web service end point URL where as for PROD there will be a different one. So in this case we should be able to set the endpoint urls dynamically depending on the environment so that we do not need to change our EAR file for each environment.
How do we assign an end point URL dynamically to a web service in WebSphere Server?
Please help me because i am beginer for WebService.
If you are using Spring (or can use Spring) then I would suggest using PropertyPlaceholderConfigurer. Also please take a look at this post
for setting up different deployment environment settings.
Call javax.xml.ws.Service.setHandlerResolver. Pass an implementation that returns an implementation of LogicalHandler. In handleMessage, check MESSAGE_OUTBOUND_PROPERTY to update ENDPOINT_ADDRESS_PROPERTY.
I have a Java web application designed to be deployed on the internet. It needs a database connection. Depending upon hosting environments it may not be possible for the deployers of the web application to configure appropriate data sources so the application needs to store it's database connection information somewhere to be reloaded if the application is restarted.
I also need to give one user administrator privilileges. If this is just the first user account created there is the small possibility that the admin account could be hijacked in between the time that the application is deployed and the time that the installer logs in.
I need to do both of these tasks securely and in a way that is lowest common denominator for a web application.
Clarification: Upon first use I want the application to set up an admin user. That admin user will have all security access in the system. Somehow I need to determine what that user is called and what their password will be. If the application gets deployed on a shared web host the application will be live from the moment it is deployed. If I allow the site to be configured through a web interface there is the small possibility that an unauthorised person will do the web configuration before the site owner effectively hijacking the site. I am looking for an elegant way to avoid this.
Ok, to answer your revised question...
There isn't really that much you can do. If you don't want the admin to configure their account during installation on the server, then there will always be a small window where someone else might create it via the web before they do.
All the solutions involve modifying something on the server (as this is how they prove they are the real admin). Yes, that can mean a config file...
Upon first connect, give the user a
token. Basically a hash of some
salt+theirIP+theirUserAgent, etc.
Then ask them to log into the server
and feed this token to your app,
probably in a config file. If the
generated token next time matches the
one in the config, allow them to
proceed.
A simpler solution is to let them put
their IP address in the config from
the start, and just allow this IP. (Assumes they know what their IP address is)
Alternatively, allow account
creation, but refuse to do anything
else until some file is removed from
the server. Many PHP apps do this
with an install.php, but the file
could be anything you test for.
The most common way to do this is through a static configuration file, in some simple text format.
The file resides on the same system as the application, and should be just as secure as the code (eg. if someone has access to modify the configuration who shouldn't be able to, couldn't they just as easily modify the code?)
For one of our Java web apps, we're using Spring dependency injection to configure most of the app. If you create a "Configuration" class with all of the configurable properties exposed, you can wire up a bean in Java that is configured via Spring XML context file. You can then create different versions of the XML file for your different environments, and have them automatically built into specific packages, which can be deployed all-at-once. If you want to go all-out, you can basically configure every single class in your application using Spring, which is really useful.
There's a little bit of overhead to get Spring setup, but it's actually not too hard, there are plenty of tutorials out there.