• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Spring Microservices in Action: Session management

 
Ranch Hand
Posts: 572
2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi John,

I was wondering if your book covered issues like session management when using a micro service architecture ?
I haven't worked with Micro services so I am unsure of how you retain context between service calls.
ie. In a shopping application, I assume you wouldn't want to pass authentication info via url between service calls .

thanks,
Paul
 
Author
Posts: 93
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Paul,

I do not cover it session management in my book other then dealing with OAUTH in chapter 7 of the book.  With a microservice architecture, you are usually striving to carry as little session information with you as you are making your service calls.  Context is usually passed in the HTTP header values or in a token of some form.  (OAuth with JWT (Javascript WebTokens) allows you encode custom context in the token).  Personally, if you look at the application I work with we carry a few basic pieces of information in our HTTP headers (organization-id (since we are multi-tenant), user-id and then then OAuth token).  We then use cache for storing any additional context.  We do very little session management beyond that.  

Thats probably one of the bigger mindshift's that we moved away from as Java J2EE developers to multi-language microservice developers.  State is not carried around in the container in the session.  Instead, it is captured as state within the data layer and we use caching to help minimize the number of calls.  Let me know if that answered your question.

  Thanks,
     John
 
paul nisset
Ranch Hand
Posts: 572
2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Thanks John,
That is useful info.

By caching do you  mean storing the data as cookies or is it some other form of cache?
Does your book work through using microservices  as an application solution?

cheers,
Paul
 
Enthuware Software Support
Posts: 4810
52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

paul nisset wrote:
Thanks John,
That is useful info.

By caching do you  mean storing the data as cookies or is it some other form of cache?
Does your book work through using microservices  as an application solution?

cheers,
Paul


I had the same question. Making micro services cookie aware would make the services tied to HTTP. I suspect the sharing has to be done through the database or, if the data layer itself is a micro service, through caching mechanisms provided by persistence layers such as JPA.
 
John Carnell
Author
Posts: 93
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul and Paul :-)

Yes I am talking about a cookie with some sort of session id that is managed in a distributed cache or a database.
My book focuses on building the services and the surrounding technologies (like Service Discovery, Routing, Messaging ) that are using by the application to use the services.

Thanks.  Hope that was useful.

   - John
 
paul nisset
Ranch Hand
Posts: 572
2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for the clarification John.
 
Ranch Hand
Posts: 112
3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I haven't read your book yet though from the outline it looks like you have not addressed the use case I have, which is to have a Spring OAuth2 Authorization Server behind an edge server (Zuul) granting tokens.

John Carnell wrote:Hi Paul,

... dealing with OAUTH in chapter 7 of the book. ...

Thats probably one of the bigger mindshift's that we moved away from as Java J2EE developers to multi-language microservice developers.  ...




I'd be interested to see if you tried that yourself and if you haven't then have you considered it?

I wanted to have only one public facing server, the edge service, and then the auth server behind that. It sounds simple but was hard to figure out. If you are interested in that then I can show you the code on how I did that. I would be interested in co-authoring a security chapter with you in a future version of this book if you are interested
 
Power corrupts. Absolute power xxxxxxxxxxxxxxxx is kinda neat.
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic