Eclipse Incubator. https://projects.eclipse.org/projects/technology.microprofile - ASLv2 License.

Similar documents
Optimizing Enterprise Java for a Microservices Architecture Otávio

Eclipse MicroProfile: Accelerating the adoption of Java Microservices

Open Java EE and Eclipse MicroProfile - A New Java Landscape for Cloud Native Apps

Eclipse MicroProfile with Thorntail (formerly WildFly Swarm)

Microprofile Fault Tolerance. Emily Jiang 1.0,

MicroProfile: Optimizing Java EE For a Microservices Architecture

Configuration for Microprofile. Mark Struberg, Emily Jiang 0.3,

Eclipse MicroProfile Interoperable JWT RBAC. Scott Stark; Pedro Igor Silva 1.0,

Configuration for Microprofile. Mark Struberg, Emily Jiang, John D. Ament 1.1,

Stateless Microservice Security via JWT, TomEE and MicroProfile

Configuration for Microprofile. Mark Struberg, Emily Jiang, John D. Ament

JakartaEE and the road ahead An ASF View. Mark Struberg, RISE GmbH, Apache Software Foundation, INSO TU Wien

Rest Client for MicroProfile. John D. Ament

CS144: Sessions. Cookie : CS144: Web Applications

Rest Client for MicroProfile. John D. Ament, Andy McCright

Connect. explained. Vladimir Dzhuvinov. :

Rest Client for MicroProfile. John D. Ament, Andy McCright

Microservices mit Java, Spring Boot & Spring Cloud. Eberhard Wolff

Rest Client for MicroProfile. John D. Ament, Andy McCright

Baking a Java EE 8 Micro Pi Mike Croft Ondrej Mihályi. Payara Support

From Java EE to Jakarta EE. A user experience

JVA-563. Developing RESTful Services in Java

Demystifying Microservices for Java EE Developers

FAS Authorization Server - OpenID Connect Onboarding

PyJWT Documentation. Release José Padilla

Authentication and Authorization of End User in Microservice Architecture

Nordea e-identification Service description

python-jose Documentation

Hands-On: Hystrix. Best practices & pitfalls

Going Reactive. Reactive Microservices based on Vert.x. JavaLand Kristian Kottke

openid connect all the things

ConfigJSR and Friends. Mark Struberg, RISE GmbH, Apache Software Foundation, INSO TU Wien

Designing Services for Resilience Experiments: Lessons from Netflix. Nora Jones, Senior Chaos

Istio. A modern service mesh. Louis Ryan Principal

Managing your microservices with Kubernetes and Istio. Craig Box

Introduction to reactive programming. Jonas Chapuis, Ph.D.

The Fallacies of Distributed Computing: What if the Network Fails?

FAS Authorization Server - OpenID Connect Onboarding

OpenID Connect Opens the Door to SAS Viya APIs

Update for JCP EC 24-MAY-2018

GAVIN KING RED HAT CEYLON SWARM

FAS Authorization Server - OpenID Connect Onboarding

Java EE 8 What s coming? David Delabassee Oracle May 17, 2017

Securing APIs and Microservices with OAuth and OpenID Connect

Four times Microservices: REST, Kubernetes, UI Integration, Async. Eberhard Fellow

Service Mesh with Istio on Kubernetes. Dmitry Burlea Software FlixCharter

Rest Services with Play Framework, and a Security Level with JWT (JSON Web Tokens) Community Day

Java EE Architecture, Part Two. Java EE architecture, part two 1

Easily Secure your Microservices with Keycloak. Sébastien Blanc Red

Create and Secure Your REST APIs with Apache CXF

Spring Cloud, Spring Boot and Netflix OSS

Fault Tolerance in Microservices

Using the Liberty JWT Feature with CICS

How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018

OAuth and OpenID Connect (IN PLAIN ENGLISH)

NexentaStor REST API QuickStart Guide

MicroProfile - New and Noteworthy

Microservices Implementations not only with Java. Eberhard Wolff Fellow

1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague

Liberty Right Fit for MicroProfile

SHORT NOTES / INTEGRATION AND MESSAGING

MSB to Support for Carrier Grade ONAP Microservice Architecture. Huabing Zhao, PTL of MSB Project, ZTE

How to write Cynical software

OpenID Connect Update

Starting the Avalanche:

BEAWebLogic Server. WebLogic Web Services: Advanced Programming

High performance reactive applications with Vert.x

Enterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions

Cloud Service Engine. Product Description. Issue 01 Date

Containers, Serverless and Functions in a nutshell. Eugene Fedorenko

We will resume at 3:30 pm Enjoy your break!

SQUASH. Debugger for microservices. Idit Levine solo.io

LEAN & MEAN - GO MICROSERVICES WITH DOCKER SWARM AND SPRING CLOUD

Keep Learning with Oracle University

Apache Tamaya Configuring your Containers...

<Insert Picture Here> Future<JavaEE>

Distributing Secrets. Securely? Simo Sorce. Presented by. Red Hat, Inc.

Application Resilience Engineering and Operations at Netflix. Ben Software Engineer on API Platform at Netflix

ISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio

Mobile Cloud Computing Challenges and Solutions

INTRODUCTION TO INTEGRATION STYLES

flask-jwt Documentation

Cloud Native Architecture 300. Copyright 2014 Pivotal. All rights reserved.

EDC Documentation. Release 1.0. ONS Digital

MuleSoft Certified Platform Architect Level 1 Certification Exam

Account Activity Migration guide & set up

JAX-RS and Jersey Paul Sandoz

PAS for OpenEdge Support for JWT and OAuth Samples -

Account Activity Migration guide & set up

Getting and Using a MapKit JS Key

ActiveVOS Technologies

Scaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization

Overview! Automated Certificate Management (ACME) Protocol! IP-NNI Task Force! Mary Barnes - iconectiv!

RESTFUL WEB SERVICES - INTERVIEW QUESTIONS

fredag 7 september 12 OpenID Connect

JSR 311: JAX-RS: The Java API for RESTful Web Services

Identity & Authorization Management (I.AM) Mobile integration Technical specifications. Version 1.1

Building a Secure PI Web API Environment

Cheat Sheet: Wildfly Swarm

Software Design COSC 4353/6353 DR. RAJ SINGH

Transcription:

Current Status 1

Eclipse Incubator https://projects.eclipse.org/projects/technology.microprofile - ASLv2 License http://microprofile.io/ - Home Page https://github.com/eclipse - Eclipse Foundation GitHub Organization microprofile Documentation microprofile-evolution-process Specification proposals microprofile-config Configuration API microprofile-health Health check API and support microprofile-fault-tolerance Standardizing fault tolerance policy API and integration microprofile-jwt-auth Standardizing JSON web token claims to support RBAC 2

MicroProfile Roadmap MicroProfile 1.1 (2Q 2017) Prioritized list of features Devoxx UK Config 1.0 Planning an official Eclipse release of Config 1.0 by Devoxx UK (early May) Fault Tolerance 1.0 Emily working closely with community to nail down programming models CDI-based vs standalone API Integration with (Hystrix) dashboard might get pushed out to FT 1.1 (MP 1.2) Planning an official Eclipse release of FT 1.0 by end of May/ early June MicroProfile project needs an official MicroProfile 1.1 content and release 3

MicroProfile Roadmap (cont) MicroProfile 1.2 (3Q 2017) Prioritized list of features JavaOne Fault Tolerance 1.1 w/ (Hystrix) Dashboard Security (JWT Propagation) Health Check / Metrics / Monitor (single feature or multiple?) OpenTracing (Relatively new community request, stretch goal) We would really like to push this for an August delivery to allow a bigger splash at JavaOne, like we did last year. Vendors would have some time to develop real code for demonstrations and presentations at JavaOne. Another stretch goal. 4

MicroProfile Roadmap (cont) MicroProfile 2.0 (3Q 2017) JavaOne Update to latest Java EE 8 specs CDI 2.0 JAX-RS 2.1 JSON-P 1.1 JSON-B 1.0 (???) Based on MP 1.0, 1.1, or 1.2 content? If MP 1.2 is announced, then MP 2.0 would contain the updated Java EE 8 specs plus the MP 1.2 content 5

MP Configuration GOAL: Standardize Configuration API so microservices can run in different environments seamlessly APIs/SPIs for: Configuration providers to introduce configuration sources with a priority for ordering, and type converters Accessing configuration information and values Injecting configuration values 6

Simple Programmatic Example public class ConfigUsageSample { public void usetheconfig() { // get access to the Config instance Config config = ConfigProvider.getConfig(); String serverurl = config.getvalue("acme.myprj.some.url", String.class); Integer serverport = config.getvalue("acme.myprj.some.port", Integer.class); calltoserver(serverurl, serverport); 7

Simple DI Style Example @ApplicationScoped public class InjectedConfigUsageSample { @Inject private Config config; // Access full Config object @Inject 1 @ConfigProperty(name= myprj.some.url") // Required to exist or DeploymentException private String someurl; @Inject 2 @ConfigProperty(name= myprj.some.port") // Not required private Optional<Integer> someport; @Inject 3 @ConfigProperty(name="myprj.some.dynamic.timeout", defaultvalue="100") private javax.inject.provider<long> timeout; // Dynamically resolved on each Provider#get() 8

MP Fault Tolerance Effort to standardize APIs for dealing with latency and failures Take popular concepts from libraries such as Hystrix and Failsafe Initial focus TimeOut: Define a duration for timeout RetryPolicy: Define a criteria on when to retry Fallback: provide an alternative solution for a failed execution. Bulkhead: isolate failures in part of the system while the rest of the system can still function. CircuitBreaker: offer a way of fail fast by automatically failing execution to prevent the system overloading and indefinite wait or timeout by the clients. 9

Requirements Loose coupling: Execution logic should not know anything about the execution status or fault tolerance. Failure handling strategy should be configured when the execution takes place. Support for synchronous and asynchronous execution Integration with 3rd party asynchronous APIs. This is necessary to handle executions that are completed at some time in the future, where retries will need to be explicitly scheduled from within the asynchronous execution. This is common when working with various 3rd party asynchronous tools such as Netty, RxJava, Vert.x, etc. Require immutable failure handling policy configuration Some Failure policy configurations, e.g. CircuitBreaker, RetryPolicy, can be used stand alone. For example, it has been very useful for circuit breakers to be standalone constructs which can be plugged into and intentionally shared across multiple executions. Likewise for retry policies. Additionally, an Execution construct can be offered that allows retry policies to be applied to some logic in a standalone, manually controlled way. 10

Possible CDI import javax.enterprise.context.applicationscoped; @ApplicationScoped public class FaultToleranceBean { int i = 0; @Retry(maxRetries = 2) public Runnable dowork() { // This unreliable service sometimes succeeds but // sometimes throws a RuntimeException Runnable mainservice = () -> servicea(); return mainservice; 11

Possible CDI // When `TimeOutException` was received, delay 2 seconds and then retry 2 more times. RetryPolicy rp = FaultToleranceFactory.getInstance(RetryPolicy.class).retryOn(TimeOutException.class).withDelay(2, TimeUnit.SECONDS).withMaxRetries(2); SyncExecutor se = Executor.with(rp); se.get(() -> somecallable()); 12

MP Health Check Goals MUST be compatibility with Kubernetes health checks: http://kubernetes.io/docs/user-guide/ liveness/ MUST be appropriate for machine-to-machine communication SHOULD give enough information for a human administrator 13

MP Health Check Goals MUST be compatibility with Kubernetes health checks: http://kubernetes.io/docs/user-guide/ liveness/ MUST be appropriate for machine-to-machine communication SHOULD give enough information for a human administrator 14

Concepts Producers (services, endpoints) expose at least a REST/HTTP /health endpoint Other protocols may be supported Producers have zero or more health check procedures configured Represent logical services whose health the producer depends on memory, disk space, bandwidth, database access, Must have an id, UP or DOWN status as well as procedure specific status properties Invocation of the /health endpoint results in the producer evaluating the configured health check procedures and returning a status and possibly a JSON payload representing the health check procedure information Overall health is logical combination of all procedures 15

Request Outcomes Request HTTP Status JSON Payload State Comment /health 200 Yes UP Check with payload /health 204 No UP Check without procedures installed /health 503 Yes Down Check failed /health 500 No No Request processing failed (i.e. error in procedure 16

Request Examples Status 200: { "outcome": "UP", "checks": [ { "id": "mycheck", "result": "UP", "data": { "key": "value", "foo": "bar", { id : memory, result : UP, data : { available : 32768 free : 4096, units : Mb ] Status 503: { "outcome": "DOWN", "checks": [ { "id": "mycheck", "result": "DOWN", "data": { "key": "value", "foo": "bar", { id : memory, result : UP, data : { available : 32768 free : 4096, units : Mb ] 17

Possible JAX-RS @Path("/app") public class HealthCheckResource { @GET @Path("/diskspace") @Health public HealthStatus checkdiskspace() { [...] @GET @Path("/something-else") @Health public HealthStatus checksomethingelse() { [...] 18

Possible CDI @ApplicationScoped() public class HealthChecks { @Produces @Health public HealthStatus checkdiskspace() { [...] @Produces @Health public HealthStatus checksomethingelse() { [...] 19

MP JWT RBAC Effort to standardize identity and access grants in a JSON Web Token (JWT, RFC 7519). Builds on the JWT minimal set of claims to define claims for: caller identity caller roles Independent of services Specific to a service Requires use of JSON Web Signature (JWS, RFC 7515) With header alg= RS256 ; RSA public key signature with SHA-256 hash algorithm 20

Example Token Header: { "alg": "RS256" "typ": "JWT" Payload: { "jti": "e64a4894-b181-4646-ab14-6d415a473749", "iss": "https://server.example.com", "sub": "24400320", "aud": "s6bhdrkqt3", "nonce": "n-0s6_wza2mj", "exp": 1311281970, "iat": 1311280970, "auth_time": 1311280969, "preferred_username": alice, 2 "realm_access": { "roles": ["role-in-realm", "user", shared-service-role ], "resource_access": { 3 "my-service": { "roles": ["role-in-my-service"], "my-service2": { "roles": [ role-in-my-service2"], 1 21

Proposed Principal package org.eclipse.microprofile.jwt; import java.security.principal; import java.util.set; public interface JWTPrincipal extends Principal { // Various standard claim accessors... String getissuer(); String getsubject(); long getexpiration(); long getissuedat(); long getnotbefore(); //... // Extension claims String getprincipalname(); Set<Principal> getrealmroles(); Set<String> getservicenames(); Set<Principal> getrolesforservice(string servicename); 22

JWTPrincipal Returned by various getcallerprincipal, getuserprincipal container and security context methods Available for injection 23

Community 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback