Featured

Spring boot actuator

Actuator

An actuator is a spring boot sub-project that helps to expose production-ready support features against Spring boot application.

Key features offered by actuator

  • Health check : You can use health endpoint to check the status of your running application.
  • Monitoring and Management over HTTP/JMX : Actuator support HTTP endpoint as well as Java Management Extensions (JMX) to provide a standard mechanism to monitor and manage applications.
    • Logger: It provide feature to view and update the logs level.
    • Metrics: Spring Boot Actuator provides dependency management and auto-configuration for Micrometer, an application metrics facade that supports numerous monitoring systems.
    • Auditing: Once Spring Security is in play, Spring Boot Actuator has a flexible audit framework that publishes events (by default, “authentication success”, “failure” and “access denied” exceptions). This feature can be very useful for reporting and for implementing a lock-out policy based on authentication failures.
    • Http Tracing: HTTP Tracing can be enabled by providing a bean of type HttpTraceRepository in your application’s configuration. For convenience, Spring Boot offers an InMemoryHttpTraceRepository that stores traces for the last 100 request-response exchanges
    • Process Monitoring

Enable Actuator into Spring boot project

You can enable Actuator into Spring boot project by including below dependency.

//Gradle
org.springframework.boot:spring-boot-starter-actuator:2.3.1.RELEASE
//Maven
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
    <version>2.3.1.RELEASE</version>
</dependency>

Endpoint offer by Actuator

By default ‘health’ and ‘info’ endpoint are enabled

Default exposed endpoint

Other endpoints are sensitive and not advisable to expose to the production environment without security. As we are demonstrating, let’s expose all the APIs.

management.endpoints.web.exposure.include=*

Include and Exclude Endpoint

Even you can include or exclude endpoint by defining below properties

# wild card to include/exclude all
management.endpoints.web.exposure.include=* 
management.endpoints.web.exposure.exclude=* 

# you can include specific properties like below
management.endpoints.web.exposure.include=env,beans
management.endpoints.web.exposure.exclude=heapdump

Customise management server address

You can customize the management server port, it will help you define the limited scope to the ports.

management.server.port=8081
management.server.address=127.0.0.1

Expose custom endpoint

Any methods annotated with @ReadOperation@WriteOperation, or @DeleteOperation are automatically exposed over JMX and HTTP. Even you can expose technology specific endpoint by using @JmxEndpoint or @WebEndpoint.

Here i’m share you example for exposing endpoint using Spring boot 2.x

import org.springframework.boot.actuate.endpoint.annotation.ReadOperation;
import org.springframework.stereotype.Component;

@Component
@org.springframework.boot.actuate.endpoint.annotation.Endpoint(id = "say-hello")
public class Endpoint {

    @ReadOperation
    public String sayHello()
    {
        return "Hello World";
    }

}

Summary : Spring boot actuator is one of the best libraries you can add in your application to enable production-ready features in less effort. it offers key features that can be used in day to day production support.

Featured

Secure properties with spring cloud config

Overview: Earlier post I was demonstrating basic of spring cloud config. Now in this post, we will see how we can use secure properties in the spring cloud config. Before continuing on this, I recommend you to first go through the previous post.

Secure properties: Almost every application has some kind of configuration that can’t be exposable, some are very sensitive and should be limited access. we generally pronounce it secure properties. 

There are multiple ways you can secure your properties like using Cerberus, Hashicorp vault with consul backend, Cyberark password vault, and aim, confidant, Credstash etc. Here we are going to use the simplest way that may not as powerful as the above tools but secure and very easy to use.

Let’s implement this, in a sample code,

First, generate a key store. assuming you are aware of keytool.

keytool -genkeypair -alias mytestkey -keyalg RSA \ -dname "CN=Web Server,OU=Unit,O=Test,L=City,S=State,C=IN" \ -keypass changeme -keystore server.jks -storepass testPassword

Then place server.jks to resource folder in cloud config server project, after that edit bootstrap.properties(or .yaml). and add below properties.

Properties Description
encrypt.keyStore.locationContains a resource(.jks file) location
encrypt.keyStore.passwordHolds the password that unlocks the keystore
encrypt.keyStore.aliasIdentifies which key in the store to use
encrypt.keyStore.secret secret to encrypt or decrypt

e.g

encrypt.keyStore.location=server.jks encrypt.keyStore.password=testPassword encrypt.keyStore.alias=mytestkey encrypt.keyStore.secret=changeme

That’s it and now restart config server. 

There is encryption and decryption endpoint expose by config server. 

Let’s take a simple example, where we will try to encrypt and decrypt ‘testKey’.

#curl localhost:8888/encrypt --data-urlencode testKey

output:

AQAYqm8ax79kPFGT0sOvV8i8uN0GDLsToULmflVNYKf95bpyAKLIV4eCFVdNJpgb7SyS808a3uTjvQBj1SrIwFlQktRpln8ykpWUG3NdPM6aPf5k4yRhNkG43S5lCckmyLTH8CIzoSSFQeKoFuk4zPiAPTMchTP9qtAYG2EwbdWU1/a9xqoDJb9OQbSsEr0wp2Ud+HlG02NGF2qmhxL7kW5BJxTsGdZG2J8qwhkPYreYF6UQlehmheWCAJBzfBw4peT9LOxi7rA0sHD78xle7Bahziyc+WOETADloKfSowERNY5FCOe4/ywhcHpJuCk+6NPok3KVI+jMTXdSpqMmfxBNc764hHjlhpablwNcRPDv8XGCdstdy4Esb9/eXTZgh0g=

#curl localhost:8888/decrypt --data-urlencode AQAYqm8ax79kPFGT0sOvV8i8uN0GDLsToULmflVNYKf95bpyAKLIV4eCFVdNJpgb7SyS808a3uTjvQBj1SrIwFlQktRpln8ykpWUG3NdPM6aPf5k4yRhNkG43S5lCckmyLTH8CIzoSSFQeKoFuk4zPiAPTMchTP9qtAYG2EwbdWU1/a9xqoDJb9OQbSsEr0wp2Ud+HlG02NGF2qmhxL7kW5BJxTsGdZG2J8qwhkPYreYF6UQlehmheWCAJBzfBw4peT9LOxi7rA0sHD78xle7Bahziyc+WOETADloKfSowERNY5FCOe4/ywhcHpJuCk+6NPok3KVI+jMTXdSpqMmfxBNc764hHjlhpablwNcRPDv8XGCdstdy4Esb9/eXTZgh0g=

output:

testKey

As our keystore file containing public and private key so we can able to encrypt and decrypt properties.

In the case of config client, we do not have to do any extra step except below one, whenever we use encrypted property that has to start with ‘{cipher}’, for example

user.password={cipher}5lCckmyLTH8CIzoSSFQeKoFuk4zPiAPTMchTP9qtA

Caution: encrypted data should not be within single or double quotes.

In a case when a client wants to decrypt configuration locally

First,

If you want to encrypt and decrypt endpoint not work, Then comment all properties that start with encrypt.* and include the new line as below

spring.cloud.config.server.encrypt.enabled=false

Include keystore(.jks) file in client project and update below properties in bootstrap.properties(or .yaml) file

encrypt.keyStore.location=server.jks
encrypt.keyStore.password=testPassword
encrypt.keyStore.alias=mytestkey
encrypt.keyStore.secret=changeme

That’s all, now client project not going to connect with the server to decrypt properties.

Summary: We can secure our external properties using spring cloud config in fewer efforts, That may easily fulfill small or mid-scale project requirement.

Hope you like this 🙂

Featured

Spring cloud config

Overview: In this tutorial, we will cover the basics of Spring cloud config server and client, where you will set up your cloud config server and access configuration through client services.

What is Spring cloud config?

Spring cloud config provides server and client side support for externalized configuration a distributed system.

Why Spring cloud config?

External configuration is the basic need of almost any application. Now we are leaving in the microservices world, that need external configuration more often. Almost every individual application has some external and dynamic properties that keep updating based on the environment or some period of time.  In case of the massive size of services, it is hard to manage or left with creating a custom solution for it.

The dilemma is how we can make our application to adopt dynamic changes more often without investing time into it and with zero downtime. Here spring cloud config comes into the picture. It will help a user to manage their external properties from multiple sources like git, local file system etc. Transfer data into encrypted form and lot more.

How it works?

Screen Shot 2018-08-26 at 9.22.06 PM.png

Above diagram, you can see multiple services that get configuration from config server where config server sync with GIT or any other VCS to get new changes.

Let’s create a simple application, that will take a message from the config server and return through the endpoint.

Implementation of spring cloud config server:

Now I’m going to visit  spring initializer page to generate demo project, where I’ve included dependencies of spring ‘web’ and ‘config server’.

Once project imported into IDE, enable config server with ‘@EnableConfigServer’ annotation

@SpringBootApplication
@EnableConfigServer
public class DemoApplication {

   public static void main(String[] args) {
      SpringApplication.run(DemoApplication.class, args);
   }
}

In this example, I’m using local git  for demo purpose

#mkdir cloud-config
#git init
#touch config-client-demo.properties
#vi config-client-demo.properties 
message=Hello World
//wq (write and quite vi editor)
#git add config-client-demo.properties
#git commit -m "initial config"

By default, config server starts on port 8080 as spring boot application.

Here is config server application.properties

server.port=8888
spring.cloud.config.server.git.uri=${HOME}/Desktop/cloud-config

server.port: We use this property to define server port if you do not define it will set 8080 as a default port. Here I’m using the same machine for client and server so one of the port needs to be updated.

spirng.cloud.config.server.git.uri: We define this property to fetch configuration detail from git repository.

Implementation of client application:

Now I’m again going to generate a template application using spring initializer where included ‘web’, ‘client config’ and ‘actuator’ as dependencies. Here ‘actuator’ help us to refresh configuration.

Below is message controller that return message and that message came from config properties, you will notice @RefreshScope annotation that helps to refresh configuration.

@RestController
@RefreshScope
public class MessageRestController {

    @Value("${message}")
    private String message;

    @GetMapping("/message")
    String getMessage() {
        return this.message;
    }
}

Then rename your ‘applcation.properties‘ file to ‘bootstrap.properties‘ and include below config,  I’ve defined application name(name of application should accurate to fetch specific data), Configuration URI(which your config server URL that holds properties details) and expose all actuator endpoint that by default disabled

spring.application.name=config-client-demo
spring.cloud.config.uri=http://localhost:8888

management.endpoints.web.exposure.include=*

spring.application.name: Accurate name of the configuration file that defined on config server.

spring.cloud.config.uri: Base url of config server

management.endpoints.web.exposure.include: By default actuator’s most features are disabled so use a wildcard to enable all. That actually not needed in case of production.

Run your application and you will see below message.

GET http://localhost:8080/message

Response :
Hello world

Let’s update the properties file, I’m going to update ‘Hello World’ to ‘Hello Test’

#vi config-client-demo.properties
message= Hello Test
...
#git add config-client-demo.properties
#git commit -m "update message"
//Once file updated then 'refresh' configuration

Once you included the @RefreshScope annotation that will expose endpoint for you to refresh application, check below.

POST http://localhost:8080/actuator/refresh

Now again hit your message API

GET http://localhost:8080/message
Response:
Hello Test

checkout example at git

Conclusion: We can use spring cloud config to any kind of application for external, distributed and centralized configuration server. There is no limitation of technology and programming languages. You can apply spring cloud config in other languages as well.

Hope you like this tutorial.

 

Install spring boot application on linux

Today most of the people prefer to deploy the standalone application and easy to manageable instead of doing too much overhead or get expert advice on it to manage a specific web server for rest application.

dilemma: When we have a standalone jar there are few minor hacks we have to do this with it. like, configure log path, start with a specific promised user. run it with standalone process instead of inline execution.

A fully executable jar can be executed like any other executable binary or it can be registered with ‘systemd‘.  This makes it very easy to install and manage spring boot applications in common production environments.

#systemd: systemd is system and service manager for linux operating system. When run as the first process on boot (as PID 1), it acts as init system that brings up and maintains userspace services. it is a replacement of ‘Unix system v’ and BSD (Berkeley Software Distribution) init system. for more detail #man systemd

Assume that you have a linux server that has Java installed, now place your executable spring boot jar file in a /opt/apps/ directory

Now create a app.service file in a /etc/systemd/system
directory and execute below command also make sure your permission before creating a file at a particular location
#vi /etc/systemd/system/app.service

and paste script

[Unit]
Description=sample application
After=syslog.target

[Service]
User=appUser
ExecStart=/opt/apps/app.jar
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

now save above script using “:wq” for more detail check vi editor helps(#man vi)

let’s enable service

#systemctl enable app.service
(check #man systemctl for more detail.)

once service enables now you can start, stop and check status of your service.

#systemctl start app.service
#systemctl stop app.service

Hope you like this. Thanks for reading 🙂

Expose RESTful APIs using spring boot in 7 minutes

Hello Friends,

Today we are going to see how to expose standalone RESTful web services, the purpose of a post is to enable a reader to write their own restful web services.

Yes, that’s right! , I’m sure if you see complete video of this post you can write your RESTful web service.. ok enough talk 🙂 let’s start.

 

Hope you like this post. Thanks 🙂

 

 

Create spring beans using YAML

Spring highly adopted annotation based configuration and it is happily accepted by developer communities and why not, no one wants to struggle with XML tags but that’s not enough somewhere we still miss XML configuration or you can say external file configuration as powerful as XML configuration. especially when we write an application that has to alter behaviors without compilation.

But still writing an XML configuration is not readable and not easily understandable for beginners, so I’ve written experimental plugins for spring boot that convert YAML definition to Spring Beans.

here is an example of bean definition in XML and same in YAML.

Spring-beans.xml

Screen Shot 2017-11-04 at 6.45.07 PM

Spring-beans.yaml

Screen Shot 2017-11-04 at 6.44.14 PM

above code snippet, you can see a line of code and readability, let jump in a code example.

below code snippet, only need to add annotation “@ImportYamlResource” that will work same as “@ImportResource”

Screen Shot 2017-11-05 at 10.38.22 AM

below an example link, you can check out a project from git

yaml-beans-example

download library 

 

Note ->  YAML-spring-beans is a just experimental library, still there are lots of features not included

feedback will be much appreciated 🙂