book

Cloud Native Spring in Action

Name: Cloud Native Spring in Action
Author: Thomas Vitale
ISBN: 9781617298424

by Thomas Vitale

January 2023

Intermediate to advanced

664 pages

20h 10m

English

Manning Publications

Read now

Unlock full access

Cloud Native Spring in Action
Copyright
dedication
contents
front matter
forewordprefaceacknowledgmentsabout this bookWho should read this book?How this book is organized: A road mapAbout the codeliveBook discussion forumOther online resourcesabout the authorabout the cover illustration
Part 1 Cloud native fundamentals
1 Introduction to cloud native
1.1 What is cloud native?1.1.1 The Three Ps of Cloud Native1.2 The cloud and the cloud computing model1.2.1 Infrastructure as a Service (IaaS)1.2.2 Container as a Service (CaaS)1.2.3 Platform as a Service (PaaS)1.2.4 Function as a Service (FaaS)1.2.5 Software as a Service (SaaS)1.3 Properties of cloud native applications1.3.1 Scalability1.3.2 Loose coupling1.3.3 Resilience1.3.4 Observability1.3.5 Manageability1.4 Culture and practices supporting cloud native1.4.1 Automation1.4.2 Continuous delivery1.4.3 DevOps1.5 Is the cloud your best option?1.5.1 Speed1.5.2 Resilience1.5.3 Scale1.5.4 Cost1.6 Cloud native topologies1.6.1 Containers1.6.2 Orchestration1.6.3 Serverless1.7 Architectures for cloud native applications1.7.1 From multi-tiered to microservices architectures and beyond1.7.2 Service-based architecture for cloud native applicationsSummary
2 Cloud native patterns and technologies
2.1 Cloud native development principles: 12 Factors and beyond2.1.1 One codebase, one application2.1.2 API first2.1.3 Dependency management2.1.4 Design, build, release, run2.1.5 Configuration, credentials, and code2.1.6 Logs2.1.7 Disposability2.1.8 Backing services2.1.9 Environment parity2.1.10 Administrative processes2.1.11 Port binding2.1.12 Stateless processes2.1.13 Concurrency2.1.14 Telemetry2.1.15 Authentication and authorization2.2 Building cloud native applications with Spring2.2.1 Overview of the Spring landscape2.2.2 Building a Spring Boot application2.3 Containerizing applications with Docker2.3.1 Introducing Docker: Images and containers2.3.2 Running a Spring application as a container2.4 Managing containers with Kubernetes2.4.1 Introducing Kubernetes: Deployments, Pods, and Services2.4.2 Running a Spring application on Kubernetes2.5 Polar Bookshop: A cloud native application2.5.1 Understanding the requirements of the system2.5.2 Exploring patterns and technologies used in the projectSummary
Part 2 Cloud native development
3 Getting started with cloud native development
3.1 Bootstrapping a cloud native project3.1.1 One codebase, one application3.1.2 Dependency management with Gradle and Maven3.2 Working with embedded servers3.2.1 Executable JARs and embedded servers3.2.2 Understanding the thread-per-request model3.2.3 Configuring the embedded Tomcat3.3 Building a RESTful application with Spring MVC3.3.1 REST API first, business logic later3.3.2 Implementing a REST API with Spring MVC3.3.3 Data validation and error handling3.3.4 Evolving APIs for future requirements3.4 Testing a RESTful application with Spring3.4.1 Unit tests with JUnit 53.4.2 Integration tests with @SpringBootTest3.4.3 Testing REST controllers with @WebMvcTest3.4.4 Testing the JSON serialization with @JsonTest3.5 Deployment pipeline: Build and test3.5.1 Understanding the commit stage of the deployment pipeline3.5.2 Implementing the commit stage with GitHub ActionsSummary

4 Externalized configuration management
4.1 Configuration in Spring: Properties and profiles4.1.1 Properties: Key/value pairs for configuration4.1.2 Profiles: Feature flags and configuration groups4.2 Externalized configuration: One build, multiple configurations4.2.1 Configuring an application through command-line arguments4.2.2 Configuring an application through JVM system properties4.2.3 Configuring an application through environment variables4.3 Centralized configuration management with Spring Cloud Config Server4.3.1 Using Git to store your configuration data4.3.2 Setting up a configuration server4.3.3 Making the configuration server resilient4.3.4 Understanding the configuration server REST API4.4 Using a configuration server with Spring Cloud Config Client4.4.1 Setting up a configuration client4.4.2 Making the configuration client resilient4.4.3 Refreshing configuration at runtimeSummary
5 Persisting and managing data in the cloud
5.1 Databases for cloud native systems5.1.1 Data services in the cloud5.1.2 Running PostgreSQL as a container5.2 Data persistence with Spring Data JDBC5.2.1 Connecting to a database with JDBC5.2.2 Defining persistent entities with Spring Data5.2.3 Enabling and configuring JDBC auditing5.2.4 Data repositories with Spring Data5.3 Testing data persistence with Spring and Testcontainers5.3.1 Configuring Testcontainers for PostgreSQL5.3.2 Testing data persistence with @DataJdbcTest and Testcontainers5.3.3 Integration tests with @SpringBootTest and Testcontainers5.4 Managing databases in production with Flyway5.4.1 Understanding Flyway: Version control for your database5.4.2 Initializing a database schema with Flyway5.4.3 Evolving a database with FlywaySummary
6 Containerizing Spring Boot
6.1 Working with container images on Docker6.1.1 Understanding container images6.1.2 Creating images with Dockerfiles6.1.3 Publishing images on GitHub Container Registry6.2 Packaging Spring Boot applications as container images6.2.1 Preparing Spring Boot for containerization6.2.2 Containerizing Spring Boot with Dockerfiles6.2.3 Building container images for production6.2.4 Containerizing Spring Boot with Cloud Native Buildpacks6.3 Managing Spring Boot containers with Docker Compose6.3.1 Using Docker Compose to manage the container life cycle6.3.2 Debugging Spring Boot containers6.4 Deployment pipeline: Package and publish6.4.1 Building release candidates in the commit stage6.4.2 Publishing container images with GitHub ActionsSummary
7 Kubernetes fundamentals for Spring Boot
7.1 Moving from Docker to Kubernetes7.1.1 Working with a local Kubernetes cluster7.1.2 Managing data services in a local cluster7.2 Kubernetes Deployments for Spring Boot7.2.1 From containers to Pods7.2.2 Controlling Pods with Deployments7.2.3 Creating a Deployment for a Spring Boot application7.3 Service discovery and load balancing7.3.1 Understanding service discovery and load balancing7.3.2 Client-side service discovery and load balancing7.3.3 Server-side service discovery and load balancing7.3.4 Exposing Spring Boot applications with Kubernetes Services7.4 Scalability and disposability7.4.1 Ensuring disposability: Fast startup7.4.2 Ensuring disposability: Graceful shutdown7.4.3 Scaling Spring Boot applications7.5 Local Kubernetes development with Tilt7.5.1 Inner development loop with Tilt7.5.2 Visualizing your Kubernetes workloads with Octant7.6 Deployment pipeline: Validate Kubernetes manifests7.6.1 Validating Kubernetes manifests in the commit stage7.6.2 Automating Kubernetes manifests validation with GitHub ActionsSummary
Part 3 Cloud native distributed systems
8 Reactive Spring: Resilience and scalability
8.1 Asynchronous and non-blocking architectures with Reactor and Spring8.1.1 From thread-per-request to event loop8.1.2 Project Reactor: Reactive streams with Mono and Flux8.1.3 Understanding the Spring reactive stack8.2 Reactive servers with Spring WebFlux and Spring Data R2DBC8.2.1 Bootstrapping a reactive application with Spring Boot8.2.2 Persisting data reactively with Spring Data R2DBC8.2.3 Implementing the business logic with reactive streams8.2.4 Exposing a REST API with Spring WebFlux8.3 Reactive clients with Spring WebClient8.3.1 Service-to-service communication in Spring8.3.2 Understanding how to exchange data8.3.3 Implementing REST clients with WebClient8.4 Resilient applications with Reactive Spring8.4.1 Timeouts8.4.2 Retries8.4.3 Fallbacks and error handling8.5 Testing reactive applications with Spring, Reactor, and Testcontainers8.5.1 Testing REST clients with a mock web server8.5.2 Testing data persistence with @DataR2dbcTest and Testcontainers8.5.3 Testing REST controllers with @WebFluxTestSummary
9 API gateway and circuit breakers
9.1 Edge servers and Spring Cloud Gateway9.1.1 Bootstrapping an edge server with Spring Cloud Gateway9.1.2 Defining routes and predicates9.1.3 Processing requests and responses through filters9.2 Fault tolerance with Spring Cloud Circuit Breaker and Resilience4J9.2.1 Introducing circuit breakers with Spring Cloud Circuit Breaker9.2.2 Configuring a circuit breaker with Resilience4J9.2.3 Defining fallback REST APIs with Spring WebFlux9.2.4 Combining circuit breakers, retries, and time limiters9.3 Request rate limiting with Spring Cloud Gateway and Redis9.3.1 Running Redis as a container9.3.2 Integrating Spring with Redis9.3.3 Configuring a request rate limiter9.4 Distributed session management with Redis9.4.1 Handling sessions with Spring Session Data Redis9.5 Managing external access with Kubernetes Ingress9.5.1 Understanding Ingress API and Ingress Controller9.5.2 Working with Ingress objectsSummary
10 Event-driven applications and functions
10.1 Event-driven architectures10.1.1 Understanding the event-driven models10.1.2 Using the pub/sub model10.2 Message brokers with RabbitMQ10.2.1 Understanding AMQP for messaging systems10.2.2 Using RabbitMQ for publish/subscribe communications10.3 Functions with Spring Cloud Function10.3.1 Using the functional paradigm in Spring Cloud Function10.3.2 Composing and integrating functions: REST, serverless, data streams10.3.3 Writing integration tests with @FunctionalSpringBootTest10.4 Processing messages with Spring Cloud Stream10.4.1 Configuring the integration with RabbitMQ10.4.2 Binding functions to message channels10.4.3 Writing integration tests with a test binder10.4.4 Making messaging resilient to failures10.5 Producing and consuming messages with Spring Cloud Stream10.5.1 Implementing event consumers, and the problem of idempotency10.5.2 Implementing event producers, and the problem of atomicitySummary
11 Security: Authentication and SPA
11.1 Understanding the Spring Security fundamentals11.2 Managing user accounts with Keycloak11.2.1 Defining a security realm11.2.2 Managing users and roles11.3 Authentication with OpenID Connect, JWT, and Keycloak11.3.1 Authenticating users with OpenID Connect11.3.2 Exchanging user information with JWT11.3.3 Registering an application in Keycloak11.4 Authenticating users with Spring Security and OpenID Connect11.4.1 Adding the new dependencies11.4.2 Configuring the integration between Spring Security and Keycloak11.4.3 Basic Spring Security configuration11.4.4 Inspecting the authenticated user context11.4.5 Configuring user logout in Spring Security and Keycloak11.5 Integrating Spring Security with SPAs11.5.1 Running an Angular application11.5.2 Controlling the authentication flow11.5.3 Protecting against Cross-Site Request Forgery11.6 Testing Spring Security and OpenID Connect11.6.1 Testing OIDC authentication11.6.2 Testing CSRFSummary
12 Security: Authorization and auditing
12.1 Authorization and roles with Spring Cloud Gateway and OAuth212.1.1 Token relay from Spring Cloud Gateway to other services12.1.2 Customizing tokens and propagating user roles12.2 Protecting APIs with Spring Security and OAuth2 (imperative)12.2.1 Securing Spring Boot as an OAuth2 Resource Server12.2.2 Role-based access control with Spring Security and JWT12.2.3 Testing OAuth2 with Spring Security and Testcontainers12.3 Protecting APIs with Spring Security and OAuth2 (reactive)12.3.1 Securing Spring Boot as an OAuth2 Resource Server12.3.2 Testing OAuth2 with Spring Security and Testcontainers12.4 Protecting and auditing data with Spring Security and Spring Data12.4.1 Auditing data with Spring Security and Spring Data JDBC12.4.2 Testing data auditing with Spring Data and @WithMockUser12.4.3 Protecting user data with Spring Security and Spring Data R2DBC12.4.4 Testing data auditing and protection with @WithMockUser and Spring Data R2DBCSummary
Part 4 Cloud native production
13 Observability and monitoring
13.1 Logging with Spring Boot, Loki, and Fluent Bit13.1.1 Logging with Spring Boot13.1.2 Managing logs with Loki, Fluent Bit, and Grafana13.2 Health probes with Spring Boot Actuator and Kubernetes13.2.1 Defining health probes for Spring Boot applications using Actuator13.2.2 Configuring health probes in Spring Boot and Kubernetes13.3 Metrics and monitoring with Spring Boot Actuator, Prometheus, and Grafana13.3.1 Configuring metrics with Spring Boot Actuator and Micrometer13.3.2 Monitoring metrics with Prometheus and Grafana13.3.3 Configuring Prometheus metrics in Kubernetes13.4 Distributed tracing with OpenTelemetry and Tempo13.4.1 Managing traces with Tempo and Grafana13.4.2 Configuring tracing in Spring Boot with OpenTelemetry13.5 Application management and monitoring with Spring Boot Actuator13.5.1 Monitoring Flyway migrations in Spring Boot13.5.2 Exposing application information13.5.3 Generating and analyzing heap dumpsSummary
14 Configuration and secrets management
14.1 Configuring applications on Kubernetes14.1.1 Securing the configuration server with Spring Security14.1.2 Refreshing configuration at runtime with Spring Cloud Bus14.1.3 Managing secrets with Spring Cloud Config14.1.4 Disabling Spring Cloud Config14.2 Using ConfigMaps and Secrets in Kubernetes14.2.1 Configuring Spring Boot with ConfigMaps14.2.2 Storing sensitive information with Secrets (or not)14.2.3 Refreshing configuration at runtime with Spring Cloud Kubernetes14.3 Configuration management with Kustomize14.3.1 Using Kustomize to manage and configure Spring Boot applications14.3.2 Managing Kubernetes configuration for multiple environments with Kustomize14.3.3 Defining a configuration overlay for staging14.3.4 Customizing environment variables14.3.5 Customizing ConfigMaps14.3.6 Customizing image name and version14.3.7 Customizing the number of replicasSummary
15 Continuous delivery and GitOps
15.1 Deployment pipeline: Acceptance stage15.1.1 Versioning release candidates for continuous delivery15.1.2 Understanding the acceptance stage of the deployment pipeline15.1.3 Implementing the acceptance stage with GitHub Actions15.2 Configuring Spring Boot for production15.2.1 Defining a configuration overlay for production15.2.2 Configuring CPU and memory for Spring Boot containers15.2.3 Deploying Spring Boot in production15.3 Deployment pipeline: Production stage15.3.1 Understanding the production stage of the deployment pipeline15.3.2 Implementing the production stage with GitHub Actions15.4 Continuous deployment with GitOps15.4.1 Implementing GitOps with Argo CD15.4.2 Putting it all togetherSummary
16 Serverless, GraalVM, and Knative
16.1 Native images with Spring Native and GraalVM16.1.1 Understanding GraalVM and native images16.1.2 Introducing GraalVM support for Spring Boot with Spring Native16.1.3 Compiling Spring Boot applications as native images16.2 Serverless applications with Spring Cloud Function16.2.1 Building serverless applications with Spring Cloud Function16.2.2 Deployment pipeline: Build and publish16.2.3 Deploying serverless applications on the cloud16.3 Deploying serverless applications with Knative16.3.1 Setting up a local Knative platform16.3.2 Deploying applications with the Knative CLI16.3.3 Deploying applications with the Knative manifestsSummary
Appendix A Setting up your development environment
A.1 JavaA.2 DockerA.3 KubernetesA.4 Other toolsA.4.1 HTTPieA.4.2 GrypeA.4.3 TiltA.4.4 OctantA.4.5 KubevalA.4.6 Knative CLI
Appendix B Kubernetes in production with DigitalOcean
B.1 Running a Kubernetes cluster on DigitalOceanB.2 Running a PostgreSQL database on DigitalOceanB.3 Running Redis on DigitalOceanB.4 Running RabbitMQ using a Kubernetes OperatorB.5 Running Keycloak using a Helm chartB.6 Running Polar UIB.7 Deleting all cloud resources
index

Content preview from Cloud Native Spring in Action

12 Security: Authorization and auditing

This chapter covers

Authorization and roles with Spring Cloud Gateway and OAuth2
Protecting APIs with Spring Security and OAuth2 (imperative)
Protecting APIs with Spring Security and OAuth2 (reactive)
Protecting and auditing data with Spring Security and Spring Data

In the previous chapter, I introduced access control systems for cloud native applications. You saw how to add authentication to Edge Service with Spring Security and OpenID Connect, manage the user session life cycle, and address CORS and CSRF concerns when integrating an Angular frontend with Spring Boot.

By delegating the authentication step to Keycloak, Edge Service is not affected by the specific authentication strategy. For example, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hands-On Microservices with Spring Boot and Spring Cloud

Publisher Resources

ISBN: 9781617298424Publisher Support Publisher Website

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Cloud Native Spring in Action

by Thomas Vitale

12 Security: Authorization and auditing

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.