There is virtually no situation in software architecture that entirely frees you from security considerations. With microservices, some issues become more distinct and a lot harder. However, there are also a few features of microservices that can bolster security.
With microservices, the network is still a bottleneck. Things like access control, which the industry already understands thoroughly within the realm of monolithic applications, assumes a new, almost unexpected, level of complexity. This paves the way for debates and scrutiny over whether a microservices architecture actually solves more problems than it creates. Your decision to use microservices should always be conditional.
When you’ve done your due diligence and decided that microservices are right for you, it’s time to make sure that all of your applications’ security demands are met. Here are eight best practices for securing your microservices. Read more ›
This is a quick code example on how to extend the Symfony security extension in your bundle so you could have rules on the controller’s class as annotation and also inherit those and merge with the action method annotations.
Read more ›
There’s one situation where we need to help ElasticSearch to understand the structure of our data in order to be able to query it fully – when dealing with arrays of complex objects.
ElasticSearch has one great feature that it allows us to search in nested properties of complex JSON objects. It’s normally used for list of objects inside the parent document. Just to mention I am using ElasticSearch 1.4 for legacy reasons. Here is an example of the model we have stored locally in ES: Read more ›
I’ve upgraded my dev server to latest version of Debian. Everything was going smoothly until I’ve got an error from mysql-server that it cannot be installed due to an error. I checked few websites that I have there running and all of them were down. Checked the logs but nothing obvious was there, eventually I realised the MySQL process was not running at all which was understandable considering the previous failure to install myslq server. So this was my error:
Read more ›
I was playing with PHP the other day and was trying to fetch and rename 1000s of files I have stored locally on my machine. Seemingly PHP isn’t the best language to that operation Python or even BASH could do the job though it was nice to give it a try. So this is what I came up, simple and straightforward.
Read more ›
Dates as a concept are seamingly simple and straight forward. Though in programming world those could be rather complex starting from format, representation, time zones, machine default configuration going through different calendars and date manipulations.
In this post I won’t to give a quick tip on handling dates in an application that I am building. It will be short post, I promise.
Read more ›
Posted in API
, Small Tips
, Spring MVC
Tagged with: API
Polymorphic type handling based on JSON property
Building an API that supports inheritance could be quite crucial. Imagine the case where you want to have an endpoint that stores a profile data for a given provider and that provider could be your main website or any 3rd party platform that can provide the data. We might have a base Profile class which in our case would be abstract class with firstName and lastName fields and an abstract method to provide the name of the actual profile provider getProfile().
You can do all of that quite easily with few Jackson annotations, for polymorphic types, on the base class and on the children that extend the base class. No more words here is an example: Read more ›
Many people go for different solutions and sometimes overcomplicate their applciation with message queues like ActiveMQ, RabbitMQ and other options out there. Though this is yet another part in the application architecture that would require maintenance and support and it’s also a possible failiure point.
There are good reasons to use this approach but in most cases you can get through with normal in-memmory queue with multi-threading. Read more ›
What happens if you need to make changes to your API?
If you’re making additions to the API – e.g., adding services or adding fields to your services – you likely don’t need to do anything more to notify users than to tell them about the changes.
But what happens if you need to make a change that will affect users?
- Adding authentication
- Adding authorization rules
- Removing a service
- Removing or renaming fields inside services
Such changes as these impact your existing users. At times like these, you need to create a new version of your API.
But how do you do that? Read more ›