Archive: October 2018

Spring Boot: LocalDateTime not parsing to JSON correctly

Posted on by  
Deniz Turan

When creating a Spring Boot Rest service, you can configure Spring to convert a LocalDateTime to display as a ISO-8601 date string when returning a JSON response. To get this working you have to do a few things. Firstly, you need the following dependency: com.fasterxml.jackson.datatype:jackson-datatype-jsr310

This dependency has all the JSON serialisers and deserialisers for the Java 8 time API, and when you use Spring Boot with auto configuration, it should load all the correct serialisers. Secondly, you need to add the following to your application properties:

Continue reading →

Compliance as code using Ansible

Posted on by  
Jasper Bogers

Most companies have security compliance requirements that you need to take into account when creating your software. Similarly to how you can express infrastructure and tests as code, you can shift left security compliance concerns into your development team. This blog shows how a team I worked in used Ansible in a (GitLab) delivery pipeline to create compliant Amazon Machine Images (AMI) containing our application.

There are institutions that have taken it upon themselves to come up with security benchmarks that companies can start from. For example:

  • The Center for Internet Security (CIS) offers benchmarks for oft-used applications and operations systems.

  • The Defense Information Systems Agency (DISA) offers “technical guidance to lock down information systems/software that might otherwise be vulnerable to a malicious computer attack“ through their Security Technical Implementation Guides (STIGs).

Both contain builds of compliant operating systems that you could use as the basis of your machine image. The company I worked for required CentOS 7, and I went and looked for a CIS benchmark for that. The CIS website has a list of hardened images, but I took a different route for several reasons.

  1. We had to pick from a predefined list of (hardened) in-company images.

  2. I wanted to understand the CIS benchmark and be able to deviate where desirable, for example, if required in order for a COTS application to run.

  3. We had to make sure that once our development team was done making changes, the resulting image could be checked once more for CIS compliance. This was part of the compliance requirement for autonomy, meaning that if your team can prove it can manage compliance, it gets the seal of approval.

Continue reading →

Reduce the code to noise ratio of maven POMs

Posted on by  
Sander Smeman

I really like maven for the structured way it provides for defining and building a project. But sometimes I wish for a less verbose notation than the XML of the Project Object Model (POM). For example, gradles dependency notation is far shorter than mavens dependency declaration. Looking for a less verbose way to declare a maven POM, I discovered polyglot maven. It are maven extensions that allow the maven POM to eb written in another dialect than XML. Since you see YAML more and more I decided to try that dialect, and see if my maven descriptor would be clearer.

  1. Create a directory to work in, {projectdir}, and change into it.

  2. To register the extensions for maven, create a file {projectdir}/.mvn/extensions.xml and add the extension:

  3. Now it’s possile to write the maven POM in YAML, {projectdir}/pom.yml:

    By using the yaml inline map. or dictionary notation declaring a dependency uses way less characters then when using XML.

Continue reading →

Java's difficulties with Functional Programming

Posted on by  
Ties van de Ven

In my early days I spent most of my time fixing bugs on a huge enterprise application, so by now I learned from experience that a lot of bugs could have been easily prevented. This is why I prefer a Functional Programming style, I love how FP handles state. As a software consultant I get to switch companies and teams quite regularly and most projects I have been working on use java 7 or 8. This almost always leads to a few dicussions regarding programming style. So today I would like to talk about good FP principles, and how Java makes them hard (and why languages like Kotlin are awesome).

Most of my variables (95%+) are usually immutable, and I would like my compiler to check this for me. In Kotlin we have val and var to declare variables, val being immutable and val being mutable. To make a variable non-mutable in Java, we need to use the final keyword before all variables, including parameters to get the behaviour I desire.

Continue reading →

Infrastructure Automation on Google Cloud Platform

Posted on by  
Erik Pronk

Infrastructure automation basically is the process of scripting environments — from installing an OS to installing and configuring servers on instances. It also includes configuring how the instances and software communicate with one another, and much more. Automation allows you to redeploy your infrastructure or rebuild it from scratch, because you have a repeatable documented process. It also allows you to scale the same configuration to a single node or to thousands of nodes. In the past years, several open source and commercial tools have emerged to support infrastructure automation. These tools include Ansible, Chef, Terraform and Puppet. They support cloud platforms, but also virtual and physical environments. On Google Cloud Platform you have the possibility to use Cloud Deployment Manager. The Cloud Deployment Manager allows you to automate the configuration and deployment of your Google Cloud with parallel, repeatable deployments and template-driven configurations.

Continue reading →

Micronaut Mastery: Consuming Server-Sent Events (SSE)

Posted on by  
Hubert Klein Ikkink

Normally we would consume server-sent events (SSE) in a web browser, but we can also consume them in our code on the server. Micronaut has a low-level HTTP client with a SseClient interface that we can use to get server-sent events. The interface has an eventStream method with different arguments that return a Publisher type of the Reactive Streams API. We can use the RxSseClient interface to get back RxJava2 Flowable return type instead of Publisher type. We can also use Micronaut’s declarative HTTP client, which we define using the @Client annotation, that supports server-sent events with the correct annotation attributes.

In our example we first create a controller in Micronaut to send out server-sent events. We must create method that returns a Publisher type with Event objects. These Event objects can contains some attributes like id and name, but also the actual object we want to send:

Continue reading →

Securing Spring Microservices with Keycloak – Part 2

Posted on by  
Joost van Weenen

In the first part we setup a local Keycloak instance. In this blog we will see how we can leverage Keycloak to secure our frontend. For this purpose we will create a small Spring Boot application that will serve a webpage. The next and last blog will show how authentication can be used between services.

As mentioned we will create a small Spring Boot microservice and secure it using Spring Security and Keycloak. The service that we will create in this blog is the "frontend" Spring Service. It serves a simple web page that displays a hello message including the users email adres as registered in Keycloak. The next blog we will build the service and propagate the authorization from to frontend to service we cal. This way we build a complete Single Sign-On solution.

Continue reading →

Software Architecture in an Agile World

Posted on by  
Niels Dommerholt

"We’re agile! Just build it!" Or on the other hand; "agile does not support Software Architecture so we should stop doing agile". Two very different opinions that you can sometimes hear within the same company. Which one is right? Or are they both wrong? Should we stop doing architecture to be more agile? Why do we even need architecture? In this post I’ll give my view on the matter and hope to inspire you to combine Agile and Architecture in your organisation.

So what is Architecture? I like the quote by Ralph Johnson because it’s a clear and succinct definition:

Architecture is the decisions that you wish you could get right early in a project
— Ralph Johnson

Another quote I like that stresses the importance of thinking ahead:

Big design up front is dumb, but doing no design up front is even dumber
— Dave Thomas

So, according to Johnson and Thomas we want to get some bits and pieces right early in the project. We do want to think ahead before we build something, but we don’t want to fall into the trap of designing a system that, by the time it’s built, won’t fit what the business needs anymore.

On the other hand we have an agile process where we need to deliver something 'of value' to the customer every couple of weeks. How do we reconcile these two, since sitting in front of a whiteboard for days doesn’t really produce anything of direct value to the customer?

Continue reading →

Testing the Architecture: ArchUnit in Practice

Posted on by  
Niels Dommerholt

While many of the architectural challenges we have to deal with are big hard choices, there are also many smaller simpler ones.

From "don’t call repository classes from controllers" to "don’t have cyclic dependencies". In most projects I’ve worked on these are unwritten rules. But why not write them down in a way that we can also see if the rules get broken? Can we test these rules?

Continue reading →

gRPC as an alternative to REST

Posted on by  
Christophe Hesters

gRPC is a high-performance RPC framework created by Google. It runs on top of HTTP2 and defaults to the protocol buffers instead of JSON on the wire. As probably most developers, I’ve also been creating microservices for the past several years. These services usually communicate over HTTP with a JSON payload. In this post I want to present gRPC as an alternative to REST when most of your API’s look like remote procedure calls. In my time using REST API’s I have encountered many discussions about status codes (which do not map very well onto your application errors), API versioning, PUT vs PATCH, how to deal with optional fields, when to include things as query parameters etc. This can lead to inconsistent API’s and requires clear documentation.

Continue reading →

Micronaut Mastery: Use Micronaut Beans In Spring Applications

Posted on by  
Hubert Klein Ikkink

We can add Micronaut beans to the application context of a Spring application. Micronaut has a MicronautBeanProcessor class that we need to register as Spring bean in the Spring application context. We can define which Micronaut bean types need to be added to the Spring application context via the constructor of the MicronautBeanProcessor class. This way we can use Micronaut from inside a Spring application. For example we can use the declarative HTTP client of Micronaut in our Spring applications.

First we need to add dependencies on Micronaut to our Spring application. In this example we will use the Micronaut HTTP client in our Spring application and use Gradle as build tool. We must add the following dependencies:

Continue reading →

shadow-left