Book Image

Microservices with Clojure

By : Anuj Kumar
Book Image

Microservices with Clojure

By: Anuj Kumar

Overview of this book

The microservice architecture is sweeping the world as the de facto pattern with which to design and build scalable, easy-tomaintain web applications. This book will teach you common patterns and practices, and will show you how to apply these using the Clojure programming language. This book will teach you the fundamental concepts of architectural design and RESTful communication, and show you patterns that provide manageable code that is supportable in development and at scale in production. We will provide you with examples of how to put these concepts and patterns into practice with Clojure. This book will explain and illustrate, with practical examples, how teams of all sizes can start solving problems with microservices. You will learn the importance of writing code that is asynchronous and non-blocking and how Pedestal helps us do this. Later, the book explains how to build Reactive microservices in Clojure that adhere to the principles underlying the Reactive Manifesto. We finish off by showing you various ways to monitor, test, and secure your microservices. By the end, you will be fully capable of setting up, modifying, and deploying a microservice with Clojure and Pedestal.
Table of Contents (18 chapters)
Title Page
Dedication
Packt Upsell
Contributors
Preface
Index

Enabling authentication and authorization


Authentication is the process of identifying who the user is, whereas authorization is the process of verifying what the authenticated user has access to. The most common way of achieving authentication is by asking users to specify their username and password that can then be validated against the backend database of user credentials.

The passwords should never be stored in plaintext in the backend database. It is recommended to compute a one-way hash of the password and store that instead. To reset the password, the system can just generate a random password, store its hash, and share the random password in plaintext with the user. Alternatively, a unique URL can be sent to the user to reset the password through a form that can validate a user's identity via methods such as preset questions and answers and one-time password (OTP).

Authenticating the users is not enough for an application if the application has multiple security boundaries. For example...