読者です 読者をやめる 読者になる 読者になる

Memo: Reactive Streams and Project Reactor

Reactive Streams

http://www.reactive-streams.org/

a standard for asynchronous stream processing with non-blocking back pressure

  • asynchronous
  • stream processing
  • non-blocking
  • back pressure

Java API

http://www.reactive-streams.org/reactive-streams-1.0.0-javadoc/

Mainly only 3 interfaces:

  • Publisher<T> : Data provider following the demand from Subscriber
  • Subscriber<T> : Subscribe data from Publisher
  • Subscription : used to both signal desire for data and cancel demand between a Publisher and a Subscriber

And there's one more:

  • Processor<T,R> : Subscriber and Publisher

Specification

https://github.com/reactive-streams/reactive-streams-jvm/blob/v1.0.0/README.md#specification

Flux & Mono ( Project Reactor )

In my understandings, the interfaces of Reactive Streams are low level contracts for standardization. Therefore we need more convenient implementations on top of them. One of them is Project Reactor.

https://projectreactor.io/

Both Mono and Flux implements Publisher.

Now it seems a bit clear for me. I'm feeling like Reactor provides definition of flow. I will continue to check Mono & Flux.

How to make the world better with Java ( SpringOne Platform 2016 )

Spring

I joined SpringOne Platform 2016 last week. It was really great experience for me. I would like to write some comments for myself.


Theme: How to make the world better with Java

Initially I imagined that the main theme of the conference was "Spring Framework", but when the time table was open I felt that it's a kind of "Pivotal conference", because there're many DevOps and CloudFoundry topics. But I was wrong. Now I'm convinced that the theme was "How to make the world better with Java". Pivotal is just supporting the theme by Pivotal's way. It was impressive to hear "It's not Pivotal pushing Spring, it's Spring pushing Pivotal".

Better World <-(want to make)- Java Community <-(support)- Spring Community <-(support)- Pivotal

Ignite Talk

I had a Ignite Talk. I was very nervous, but it was a great experience for me.

bufferings.hatenablog.com

Categories

  • Technology
    • Cloud environment -> Cloud Native App with Spring Boot
    • Microservices -> Spring Cloud
    • Data Microservices -> Spring Cloud Data Flow
    • Resource Efficient Programming -> Reactor / Spring5 / Reactive Programming
  • Company Culture
  • Platform
    • Pivotal Cloud Foundry

What I would like to do in this year

My goal is to make a service that can survive for 10 years while adapting to changes and speeding up the development. So I will try to create a private app with Spring Cloud + DDD + CQRS. I'm also interested in creating app with Docker on Azure.

The most important part: English

I managed to be able to understand presentation English, but couldn't understand usual conversation at all. The better my English become, the larger my world becomes. I would like to start from improving my listening skill.

TODO

  • Technology
    • Understand Spring Integration/Spring Cloud Stream with Kafka
    • Understand Project Reactor
    • Try Spring Cloud Data Flow
    • Try Apache Geode
    • Try Hazelcast
  • English
    • Watch American TV shows/Movies everyday
    • Write blog and twitter in English as much as possible
  • Health
    • Jog to be healthy programmer 2,3 times in a week (I'm getting bigger recently...

Thanks!

I appreciate everyone who supported me. I hope to join it as a speaker next year:)

#s1p An Evolutionary Approach with DDD and CQRS on Spring Cloud

DDD Spring

Now at SpringOne Platform 2016! Everyday I enjoy this great conference. BTW, I had an Ignite Talk on 1st Aug. So today, I’m gonna write what’s in my mind with my talk material here.

Motivation

I wanna create a web service that can survive for 10 years without slowing down development speed.

Legacy Services

In the past, I’ve seen several web services that are so-called “legacy” web services. I found that many of them started with well-designed layered-architectures. But as time went by, they lost their original idea and became complicated.

A few years ago, I was assigned to launch a new service. Then I wondered what I should do to avoid falling into the same trap. Should I think about how to create a perfect system from the beginning?

No. Only a system that can adapt to change can survive. But based on this idea, we need to control the risks of bugs caused by changes. How can we control them?

Microservice Architecture

It seems good to break down a system into several small pieces. To do so, we can utilize DDD and Microservices. So this architecture seems good.

But should I start from here? No, we don’t need it at the beginning.

An Evolutionary Approach

That’s why I think it’s good to adapt an evolutionary approach. There are mainly 2 phases: the Boot phase and the Cloud phase.

Let’s start from the Boot phase with 5 to 7 team members.

The Boot Phase

First, we make a simple CRUD application with Spring Boot, message queue, and a database to launch our service as soon as possible.

Then, as we grow to better understand the business, the domain model will start to appear gradually. After refactoring the model and the code again and again, we will be able to make simple and condensed aggregates.

Each aggregate is loosely coupled with domain events. On the way to create aggregates, you will discover that you are free from the database because data-related logic will be separated into repositories.

Actually, my team is now in this stage. And we feel that UI related logic should be removed, too. For that purpose, CQRS might be a good choice. With CQRS, we can separate query logic from our domain model. Users can search data from the query model, and update data with the domain model.

Thanks to DDD and CQRS, we can create loosely coupled web application. This is the Boot phase. Until our service needs further expansion, I think it’s ok to stay here and keep refactoring it.

The Cloud Phase

So when do we need to move to Microservices?

If we can't feed a team with two pizzas, it’s time to move on to the Cloud phase. Before creating the actual microservices, we should prepare the environment for it. Let’s surround our application with Spring Cloud.

Spring Cloud provides many features which are common when building microservices. Examples include ConfigServer, DiscoveryServer, and so on.

When the team get used to the environment, it’s time to separate one aggregate as a microservice. It’s still ok to keep using the same message queue and database during this time.

After we find that it all works well, we will also separate the message queue and the database for the new microservice. Then the team will split into two and become loosely coupled to maintain good development speed, even though the service became bigger.

Finally, the system will be something like this.

I believe with this architecture, the system will be able to survive for 10 years while adapting to changes and speeding up the development.

Summary

To maximize the business value, an evolutionary approach is very useful. That is because it evolves along with both the business growth and the team’s growth. The most important thing when adopting an evolutionary approach is to draw paths in which our system can grow step by step.

f:id:bufferings:20160803223350p:plain

I’m sure Spring Boot and Spring Cloud will give us the flexibility of these choices. That’s why I’m here. I would like to learn a lot about Spring Cloud and Microservices for our future growth.

Thank you!

Ignite SpringOne Platformで喋ってくるー

Spring

来週ラスベガスでSpringOne Platformが開催されるんだけど。

それに、会社の海外カンファレンス参加プログラムで行かせてもらえることになって喜んだ。

で、サイト見てたらIgniteの申し込みフォームがあったので申し込んだ、ら、通った!

ので喋ってきまーす!初めて海外のカンファレンスで喋るー。(∩´∀`)∩ワーイ

Schedule: Ignite SpringOne Platform - SpringOne Platform

f:id:bufferings:20160728221246p:plain:w500

Igniteってのは、1枚15秒で自動的にめくられるスライドx 20枚で5分間喋るスタイル。

さっきスライドができたから、あとは何回も読んで暗記するのみ!がんばるー。

マイクロサービスで必要になるかなぁって思って僕がOAuth2とOpenID Connectをなんとなく分かるようになるまでの物語

Auth

プライベートの勉強は気が向くままにふらふらと。梅田の地下街を歩いてる感じで!(←つまり迷ってる)

元々は、Pivotal Japanさんの、この「今日から君もヒーローだ!」的なタイトルに惹かれてJava(Spring Cloud)でマイクロサービス作るぞーって進めてみたのであった。が、早速その2の「認可サーバーを立ち上げよう!」で「あー、これ知らない。分かんない。もう寝たい。」となってしまったのだった。

そんな僕が「なんとなく分かった!」になるまでの物語。・・・になるはず(ここを書いてる今はまだ分かってない)。

たぶん1ヶ月したら何を読んだか忘れてると思うので記録しとくことにした。

github.com

ゴール

OAuth 2.0って聞いたことあるけど、よく知らない。この辺、マイクロサービスの認証・認可部分で必要そうだなーって思うので、OpenID 2.0とOpenID Connectも含めて勉強してみることにした。

  • OpenIDとかOAuthとかを提供する側じゃなくて、使う側の知識を勉強する。
  • シングルページのアプリとかネイティブアプリとかじゃなくて、普通のWebアプリ限定でいいかな。

まずはじめに

これ↓を見つけて見てみて、・・・うむ、わからん!

www.slideshare.net

一気に進みすぎた!一歩ずついこう!

認証と認可とID連携って何?

そもそもID連携って何なんだっけってのはこちら↓が分かりやすかった。

www.slideshare.net

OpenIDとOAuthとOpenID Connectってどういう関係?

んで、どういう経緯があるんだろう?ってのはこちら↓が分かりやすかった。めっちゃ長いけど、今の僕に必要なのは「ここまでは前置きです」の部分までかな。

qiita.com

もうちょっと噛み砕いて理解したいなと思ってたところで、こちら↓を読んだ。ふむふむ。うーむ、なんとなく分かってきた気がするー。でも、最後のOpenID Connectのところはまだ全くピンときてないなー。ちょこちょこ見かけてたJWT(ジョットって読むらしい)も最後に少しだけ登場。

www.sakimura.org

まずはOAuth 2.0からいってみよう!

これ↓が分かりやすかった。僕が知りたいのはAuthorization Code Grantってのみたいね。

www.slideshare.net

それから、これ↓も分かりやすかったな。

www.atmarkit.co.jp

www.atmarkit.co.jp

OAuth認証

ここまで勉強してたら、OAuthは認可だよってのをよく見るんだけど、OAuth認証とかも聞くよなぁって思ったところでこちら↓を読んでふむふむ。

oauth.jp

OAuthを認証に使うと?

でもこれ↓を見ると Implicit grant flow 使った場合には気をつけなきゃってことかな。ふむふむ。

www.sakimura.org

OAuth 1.0 と OAuth 2.0 の違い

そういえば、1と2でどう違うんだろう?ってのが気になって調べてみた。ふむふむ。OAuth 2.0だけ勉強すれば良さそう。

OAuth 2.0でWebサービスの利用方法はどう変わるか(1/3)- @IT

次はOpenID

おぉ。こちら↓は、これまで見てきたもののまとめになってて、分かりやすい。

www.atmarkit.co.jp

からの OpenID Connect!

やっとここまできたか。これまで「OpenID ConnectはOAuth 2.0の拡張だよ!」というような記述を見て「?」ってなってたけど、なんか分かってきた。

www.atmarkit.co.jp

OAuth 2.0の仕組みに、IDトークンと、UserInfoエンドポイントが加わったってことなのかな。で、IDトークンには発行元とか発行先とか署名とかがある。と。クレームの部分はよく分かんないけど、まいっか。

ID Tokenって?

JWT形式なんだっけ?と思ってこちら↓を見てみた。なるほど。

www.ogis-ri.co.jp

JWTについて

JWTとかJWEとかJWSとか出てきたので頭の整理。

oauth.jp

openid-foundation-japan.github.io

からの、もう一度トライ!

www.slideshare.net

うぉー。だいぶ分かるようになってたよー!

結局、僕が分かりたかったものは分かりそうなのか!?

と思っておそるおそる見てみた。

github.com

security.oauth2.client.client-id=demo
security.oauth2.client.client-secret=demo
security.oauth2.client.scope=openid
security.oauth2.client.authorized-grant-types=password,authorization_code
@RequestMapping(path = "/userinfo", method = RequestMethod.GET)
Object userinfo(Authentication authentication) {
  return authentication;
}

あぁ、なんとなく分かるぞー!!(∩´∀`)∩ワーイ

おわりに

まだ正直、頭の中に「?」はいっぱいあるのだけど。例えば、どうしてOpenID Connectだとバスが通れないのか、とかがちゃんと自分の中で考えられてない。なので、これからもOpenID Connect周りは勉強していこう。でも一旦、Spring CloudのAuth周りは読み進められそうなので、良かった。

Spring Securityを入れたら自動でCSRF対応も入ってきた。おー!

Spring

Spring Securityを勉強中

このへんを読んだりしながら、Spring Securityを勉強中。

spring.io

AngularJSには今は興味がないので、スルーしながら読んでる。

スライド分かりやすい

↑の記事はAPIな感じなので、↓のスライドも見たりしながら、分かりやすいなーと思いながら。

www.slideshare.net

CSRF対応がデフォルトで入ってるっぽい

18. Cross Site Request Forgery (CSRF)

Thymeleaf 2.1+ and are using @EnableWebSecurity, the CsrfToken is automatically included for you

ほう。

f:id:bufferings:20160708080118p:plain

ほんまや。。。ってかソース見たらいいか。

テンプレートはこんな感じ

	<form th:action="@{/login}" method="post">
		<div>
			<label> User Name : <input type="text" name="username" />
			</label>
		</div>
		<div>
			<label> Password: <input type="password" name="password" />
			</label>
		</div>
		<div>
			<input type="submit" value="Sign In" />
		</div>
	</form>

動かしたらこんな感じ。

	<form method="post" action="/login">
		<div>
			<label> User Name : <input type="text" name="username" />
			</label>
		</div>
		<div>
			<label> Password: <input type="password" name="password" />
			</label>
		</div>
		<div>
			<input type="submit" value="Sign In" />
		</div>
	<input type="hidden" name="_csrf" value="d00212b4-eaca-40cb-b223-c572ed1d5725" /></form>

へー!

さて

今日の夜はJoshのライブコーディングだー楽しみー(∩´∀`)∩ワーイ

kanjava.connpass.com