Recently, I am learning Java's microservice framework, and I don't understand some of the concepts.
In what form is the exposed service exposed? For example, the mall system includes order service and payment service. In what form are these services exposed? Is it the form of the previous http request? If it is an http request, should these services include the controller layer in the MVC three-tier architecture.
What is the difference between the gateway and the controller in springmvc. It feels that they all distribute the received requests to the service. Does that mean that the controller is no longer needed with the gateway?
These questions have been bothering me for a day,I need your help.
I found some posts, they are all talking about the function of the gateway, but few people mentioned the difference between the gateway and the controller.
I even feel like nginx + controller is the same as the gateway
Related
I am using Yarp to reverse Proxy into internal apps. The authentication is handled by another service and I want to challenge certain request by using api keys assertion. Having gone through the documentation and the sample project here,I have trouble implementing it. I went the route of middleware but it is applying to all sets of routes and I do not need that.
I was looking a lot about the capability for Istio to have programmable routes at the ingress controller as a solid replacement for Kong API Gateway plugins. A simple example would be to have a rule in the Istio Virtual Service that rejects API calls when the user has a license expired in the application that is behind.
That means, the Ingress Controller to be capable enough to query something inside the app to determine the license status, and based on that response, block/allow traffic that is coming from a particular customer (which are being identified by a header)
This is something I do with Kong plugins, but I didnĀ“t find anything similar on Istio.
The simplest solution to rejecting requests of a user is to attach that information in the authentication process (to the cookie or the jwt token), and then use Virtual Services to reject requests with those.
Another solution (more complex) would be to use Envoy Filters with Lua scripting, in which you can add custom logic and decide if you want to proceed with the request or not.
Question
Can I get nginx to call another microservice inside of AKS k8s prior to it routing to the requested api? - the goal being to speed up requests (fewer hops) and simplify build and deployment (fewer services).
Explanation
In our currently deployed Azure AKS (Kubernetes) cluster, we have an additional service I was hoping to replace with nginx. It's a routing microservice that calls out to a identity API prior to doing the routing.
The reason is a common one I'd imagine, we recieve some kind of authentication token via some pre-defined header(s) (the standard Authorization header, or sometimes some bespoke ones used for debug tokens, and impersonation), we call from the routing API into the identity API with those pre-defined headers and get a user identity object in return.
We then pass on this basic user identity object into the microservices so they have quick and easy access to the user and roles.
A brief explanation would be:
Nginx receives a request, off-loads SSL and route to the requested service.
Routing API takes the authorization headers and makes a call to the Identity API.
Identity API validations the authorization information and returns either an authorization error (when auth fails), or a serialized user identity object.
Router API either returns there and then, for failure, or routes to the requested microservice (by cracking the request path), and attaches the user identity object as a header.
Requested microservice can then turn that user identity object into a Claims Principal in the case of .NET Core for example.
There are obviously options for merging the Router.API and the UserIdentity.API, but keeping the separation of concerns seems like a better move. I'd just to remove the Route.API, in-order to maintain that separation, but get nginx to do that work for me.
ProxyKit (https://github.com/damianh/ProxyKit) could be a good alternative to nginx - it allows you to easily add custom logic to certain requests (for example I lookup API keys based on a tenant in URL) and you can cache the responses using CacheCow (see a recipe in ProxyKit source)
I have a message service that is responsible for pushing the correct messages to a UITableView. Some of these messages are system messages and whilst their content is generic they should for example, include a user's name.
This data is currently requested and available via my profile service.
I have been trying to write a service per API, but now I am wondering, should I inject my profile service into message service? I feel this violates SOLID if my service starts doing more than just talking to messages, but then as I understand, a service should not depend on another?
Apologies for the broad question, I am still learning everyday,
Your Message Service can call your Profile Service, that does not violate any principles, however your Message Service should not break if the underlying code in your Profile Service changes.
I would not have your Message Service talk to your Profile API.
Imagine if the contract or implementation of your Profile API changed, now your Message Service AND Profile Service potentially are broken.
By having your Message Service talk to your Profile Service, you can be sure (through unit / integration tests) any changes to your API / Service do not break your other services and views.
I am new to web application development, I am learning many things from many tutorial, currently I am learning SOAP and REST.
My confusion is regarding SOAP , in SOAP based architecture when a user enters a URL, it takes him/her to SOAP client and then that is the page that the client sees ? and then this SOAP-client will actually communicate to another application SOAP server ??
Not understanding it at all? Can someone please explain?
SOAP is meant for communication between machine over HTTP/HTTPS with common interoperable format i.e XML.
Think like you are payment gateway provider, someone's would like to use your payment gateway for transactions.
So as payment gateway provider, you may create webservice, and whoever wants to use it could create SOAP client to use your payment gateway service.
So in your case the HTML page is party would like to utilise the payment gateway service (by calling the SOAP service).
Do some googling, you will find lots of practical SOAP use cases.