Book Image

Cloud-Native Applications in Java

By : Andreas Olsson, Ajay Mahajan, Munish Kumar Gupta, Shyam Sundar S
Book Image

Cloud-Native Applications in Java

By: Andreas Olsson, Ajay Mahajan, Munish Kumar Gupta, Shyam Sundar S

Overview of this book

Businesses today are evolving so rapidly that they are resorting to the elasticity of the cloud to provide a platform to build and deploy their highly scalable applications. This means developers now are faced with the challenge of building build applications that are native to the cloud. For this, they need to be aware of the environment, tools, and resources they’re coding against. If you’re a Java developer who wants to build secure, resilient, robust, and scalable applications that are targeted for cloud-based deployment, this is the book for you. It will be your one stop guide to building cloud-native applications in Java Spring that are hosted in On-prem or cloud providers - AWS and Azure The book begins by explaining the driving factors for cloud adoption and shows you how cloud deployment is different from regular application deployment on a standard data centre. You will learn about design patterns specific to applications running in the cloud and find out how you can build a microservice in Java Spring using REST APIs You will then take a deep dive into the lifecycle of building, testing, and deploying applications with maximum automation to reduce the deployment cycle time. Gradually, you will move on to configuring the AWS and Azure platforms and working with their APIs to deploy your application. Finally, you’ll take a look at API design concerns and their best practices. You’ll also learn how to migrate an existing monolithic application into distributed cloud native applications. By the end, you will understand how to build and monitor a scalable, resilient, and robust cloud native application that is always available and fault tolerant.
Table of Contents (20 chapters)
Title Page
Packt Upsell

The role of security

With the proliferation of microservices, the challenges of managing security for these services becomes a challenge. Some of the questions that need to be answered, besides the Open Web Application Security Project (OWASP) top ten web vulnerabilities, are as follows:

  • Does the service require the client to authenticate before service invocation (such as OAuth)?
  • Can a client call any service or only the service for which it is authorized?
  • Does the service know the identity of the client from where the request originated and does it get passed down to the downstream services? Do the downstream services have a mechanism to verify the authorization of their invocation?
  • Is the traffic between service to service invocation secured (HTTPS)?
  • How do we verify that a request received from an authenticated user hasn't been tampered with?
  • How do we detect and reject a replay of a request?

In the distributed microservice model, we need to control and limit the privileges the calling party...