 Hello, developers! My name is Matt Raebel and this is a screencast showing you how to get started with Java microservices using Spring Boot and Spring Cloud. So the tutorial I'm going to run through today is based on this blog post here. If you'd like, you can go and read the blog post and it has all the code snippets you'll need to actually copy and paste and create your own microservices architecture. So down here, there is a GitHub repo. I'm going to navigate into that, go into the Spring Boot and Cloud directory and then this demo.adoc file is all the instructions that I'll be using to create this tutorial. So it's just an abbreviated version of the blog post. So it's an ASCII doctor and if I view the raw version, I have an ASCII doctor plugin that allows me to have this nice pretty web page. So I'll put those instructions on the left. I'll open up a terminal on the right. And I'll start by creating an Apps directory and seeding into that. And the first thing I'm going to do is create a Eureka server for a service discovery and the microservice apps will register with this and it'll allow them to communicate with each other just using the microservice name. So I have an alias for the Eureka server service. You can see there it matches what's on the left. So if I just type in Eureka service, it'll go ahead and create that app for me and download it. And then I also have one for car service that matches what's on the left and an API gateway. So I've created all of those. I'll make sure I'm running Java 11 and I am. And if you aren't, you can use SDKman from sdkman.io to easily install and switch Java versions. The first thing I'm going to do is in the Eureka service. So we call it discovery service. So open that up in IntelliJ and it'll modify its main application to enable the Eureka server. There we are. And then in the application.properties, I'm going to specify the port. Server port 8761 is the convention that most people use. And then Eureka client register with Eureka set that to false. I'm also going to need to add Jaxby for Java 11. And if you didn't add this and use Java 11, you would basically get a failure on startup. So Jaxby runtime. And then in the other directories, I'm going to need to enable Eureka client. So it registers with Eureka. So we're going to be car service first. We'll open that one up and it'll specify enable Eureka client. And we'll also go into the application.properties and set the server port to 8090. So it's not conflicting with the API gateway, which will run on 8080. And then I'll also set a name. So spring.application.name. And we'll call this one car service. Then the last one, I need to go into the API gateway. And I'll make similar changes here. So modify the API gateway class and specify enable Eureka client. We'll run this one 8080 so we don't need to specify that port, but we do need spring.application.name. And we'll specify API gateway. So at this point within the car service, we can create a simple CRUD API. So I'll start by creating an entity called car. And we'll be creating a car service that basically has a number of cars. And then on the API gateway, we'll filter out the cars that just aren't that cool. So we have a car entity to start with. We'll create a car repo. And if you're wondering how I spit out the code for this, I'm using IntelliJ's live templates feature. So that allows me to pre-record some code and then type something like boot repo. And it'll spit out something like this right here. And if you want my IntelliJ live templates, they're at mrable slash ideolive templates on GitHub. And you can import them into your IntelliJ instance and use them just like I am here. So we have an entity. We have a repository. And now let's populate it with some basic data to start with. So you can see here we have an application runner that when Spring Boot starts up, it'll go ahead and stream all those cars and create a new one. And then it'll print them out at the end. I also have a Lombok plugin installed. That's why everything will work if I run it from IntelliJ. So if you don't have Lombok installed, you'll need to do that. And if you were to go into plugins, that's where you'll see it. So plugins. And then if you were to search for a Lombok, there it is. And so you could install it and then everything will work as far as processing your annotations and making this whole thing compile. So now that that works, I'll go ahead and start it just to actually see if it enters those records into the database and prints them out. It looks like I already have something running, so make sure and kill all Java. And then try it again. So you can see there it's running and it entered all those cars in and printed out their two string method. So now what I can do is go into the API Gateway and filter out the cars that aren't so cool. So I'm going to start by configuring a couple things to make resilient server-to-server communication happen between microservices. So I'll enable Fane Clients. And I will enable Circuit Breaker. And that will allow me to communicate between microservices using Fane and to have fallback using Histrix in case the downstream microservice isn't available. So I'll start by creating a class called Car. And it will just be a private string name in here and that will be to hold the data from the back end and then also create a Fane Client. So you can see this is called Car Client. And it's annotated with Fane Client. And that'll tap to that back end, Car Service and its cars endpoint. And read from that. And then I'll create a cool car adapter. And with this we'll do, we have to add data to this so it has getters and setters. And then this cool car controller will use that car client. Pass it in as a dependency in the constructor. Call that cool cars endpoint, read from the cars, get the content, stream them, filter them to take out the ones that aren't so cool and then return the list. So we're removing the Gremlin, the Triumph, the Ford and the Ugo because those aren't as cool as the other ones. So the other thing you can do is you can also add Histrix for failover. And so what this annotation does is it says, hey, fallback to this fallback method and return just an empty list of cars. And so if the service isn't up for the car service then at least something will get returned even if it's just an empty array. So now we can start this one. And then we'll go into the Discovery Service and start this one as well. So we enable auto import to make sure and get that Jaxby run time. And then we can go to localhost 8761. And we'll see the car service has been registered. Let's check on the API gateway. So that one's running, should register itself shortly. So it usually takes about 30 seconds. You see there's a 204. So now if we refresh, it's there as well. So API gateway and car service are up and they should be able to talk to each other. So if we go to 8080, cool cars. You'll see the load balancer hasn't quite kicked in yet or it did fall back because it couldn't reach that car service. But if we refresh a couple of times, it'll eventually come through. And there we are. So now we're getting those cars and we're filtering out the ones that aren't so cool. Now the next thing I wanted to show you is how to secure your Java microservices with OAuth 2.0 and OpenID Connect. So we can do that by adding the Octa Spring Boot Starter. We go into the palm for the car service and we add the Spring Boot Starter there, version 1.2.1. Then we'll do it in the API gateway as well. And then you'll need to create an application on Octa. So I've already created a developer account. If you'd like to do that as well, you can go to developer.octa.com. Click on the big sign up button there and you'll get a forever free developer account that's good for up to 1,000 monthly active users. So I'll go to applications and create a new application. Make it a web application. And we'll call it Java microservices. And we'll set the redirect URI to localhost8080.login.octa.2.codes.octa. So if you're using authorization code flow with Spring Security, this is the Octa URL that you'll want to use. And the Spring Boot Starter from Octa just builds on top of Spring Security's OAuth support that already exists. So it's a thin layer on top of that. And then we can populate some Octa properties in our application.properties for both of those applications. So we'll go into the API gateway. And the issuer is available at API authorization servers. But I'm going to copy the client ID and secret first. And you could also set these as environment variables if you don't want to keep them in your properties file in case you're checking into some GitHub that's open source and people can see your keys. You don't want to make that possible or your client secrets. Never storm and source control. And then we can grab the issuer from API authorization servers. And now we've configured the API gateway. And we'll go ahead and configure the car service as well. So it's Secure 2. And then we need to configure Spring Security a bit. So we'll create a Spring Configuration class that enables OAuth login and a resource server. So you can see this is what it'll look like here. So we'll do this in the API gateway. Because this is where we want people to basically log in at. So I'll create a new class called Security Configuration. And I'm going to remove this. What this does, this line, is it basically says, hey, if access is denied, just return a 401. And that's useful when you have Spring just set up as a resource server in your Spring Boot app. But if you do want to redirect to octa to login, you'll need to remove that line. So that's what I want to do there. And then I'll change this to add login as well. So OAuth 2.0 login and a resource service. So this will act like both. If you wanted to hit the URL of localhost8080 cool cars, it would redirect you to octa make you login and then come back and show it to you. And if you were to obtain an access token using a different front end, for instance, Angular React and passed in the access token using this OAuth 2.0 resource server, will allow that to work as well. So then we will also do it in the car service. So in there, we'll create a new security configuration as well. And this one, we will leave the 401 there because we're not doing any login here. If people hit this, we just want it to actually stop the more they are and don't try to log in. And then what we'll need to do on the API gateway is configure a user feign interceptor that will basically pass the access token through the feign client and make sure it has an authorization header so that car service can act as a resource server and read the JWT or the access token from the header. So we'll call it user feign client interceptor. And this class implements request interceptor from feign and it basically takes an OAuth 2.0 authorized client service as a dependency and a REST template and it go ahead and it grabs the OAuth token from Spring Security and then it loads the octa client and it gets the access token that's already been set for that client and then it passes it as an authorization header so the downstream service will know that they're authorized and give them access. And then you need to configure this as a BEAN. So you see we have a request interceptor BEAN takes in that OAuth 2.0 authorized client service and returns that user feign client interceptor. And to make feign Spring Security aware you need feign, Histrix, Enabled True and you need Histrix, Share Security Context True. And that allows any of that fallback and any of the feign logic to actually work with Spring Security. So now we can restart the API gateway restart the car service and now if we hit cool cars I gotta do an incognito because we're already logged in there so localhost8080 cool cars it'll redirect us the octa to log in I can use one of my demo users and you'll see it hasn't quite registered that car service yet so it's still kicking in with that Histrix logic which just falls back to that fallback method and now we're getting those cars and we have a lockdown microservice architecture so that's all working. The next thing I want to show you is how to add Zool and do routing with Zool so you'll need to on the API gateway modify the dependencies to include the Netflix Zool starter and you don't need to specify the version because that's handled by Spring Boot and then you will need to create an authorization header filter to pass access token down on any routes to the back end so authorization header filter and this is very similar to the feign client interceptor where this basically just extends Zool filter and it takes in an OAuth to authorized client service the filter order is the lowest precedence and then it basically gets the context and the authorization header from there using similar logic that it did for the feign and basically if it's present then it goes ahead and adds that authorization header with the access token as a bearer token there just like feign we need to register that as a bean and then you'll need to develop some routes or establish some routes so I'm going to specify some routes here for Zool and we're going to basically proxy down to that car service to that car's endpoint and to a home path which I will create that basically just returns the user's name and you'll need to have these sensitive headers in there because cookies are sensitive and without this it won't quite work so now in the car service I'll create a home controller that'll handle that home route and you'll see all this does is it basically grabs the principal and the name from the principal and logs the claims that are in the jot and then says hello to the person so we'll save that and then restart and then restart our API gateway as well and now if we hit localhost 8080 cars maybe it's not running yet let's look at car service okay so that's going oh you know what we needed to add on the API gateway application enable Zool proxy so that's where I messed up and now if we restart those proxy URLs will work so there's the home and then if we hit cars we can see all the various cars and points so that is the tutorial to show you how to build a java microservices architecture using spring boot and spring cloud the github repo is at octa developer slash java microservices examples and the blog post is there, java microservices with spring boot and spring cloud I hope you've enjoyed watching this screencast today if you'd like to follow the octadev team and be alerted when more screencasts are published go ahead and follow us at octadev on twitter you can follow me at mrable on twitter you can also sign up for a free developer account at developer.octa.com and we encourage you to subscribe to our youtube channel where we try to post new videos about how to do stuff with octa and various open source frameworks every week thanks for listening thanks for watching and have a great day