Create a boostrap.properties file that will define discovery and config info:
Create an application.properties file and copy it to the config-repo with a file name format of: <appname>-<spring.profile>.properties
Add each endpoint as a permission in the ACL database. Refer to the schema-mysql.sql script for an example.
Include the adservice starter dependency in the pom.xml
<dependency> <groupId>com.activedevsolutions.cloud</groupId> <artifactId>adservice-spring-boot-starter</artifactId> <version>version#</version> </dependency> NOTE: If you wish to test your microservice through the gateway with security turned on, it will also be necessary to map the permissions to a role --> group --> user.
Template Service The template service project serves as an example for a custom microservice. It can be found here: services/templateservice
It already contains the bootstrap.properties file, an application.properties file in the config repo, and the starter project so steps 1, 2, 3, and 5 above are already covered. Lets go ahead and start it up:
Check the Eureka Dashbaord. It should now be registered.
Check the Hystrix Dashboard. Its not showing up there. This is because we have to run at least one request through before it will.
Lets run a request through the gateway: http://localhost:8080/gateway/template-service/template/v1.0/items?access_token=<token>
Now we receive an error that we don't have permission. This is because we haven't executed step 4 from "Creating a Microservice" yet. But. It's great to see that we have security enforced with minimal effort.
Lets add some permissions to our existing roles:
INSERT INTO sec_permission (name, endpoint) VALUES ('Template Get Items', '^/template-service/template/v1.0/items.GET$'); INSERT INTO sec_role_permission (role_id, permission_id) VALUES ((SELECT id FROM sec_role WHERE name = 'READ-ONLY'), (SELECT id FROM sec_permission WHERE name = 'Template Get Items')); INSERT INTO sec_role_permission (role_id, permission_id) VALUES ((SELECT id FROM sec_role WHERE name = 'READ-WRITE'), (SELECT id FROM sec_permission WHERE name = 'Template Get Items'));
Lets run a request through the gateway again: http://localhost:8080/gateway/template-service/template/v1.0/items?access_token=<token>
Check the Hystrix Dashboard. It should look something like this:
Conclusion This demonstrates what Spring Cloud, Netflix OSS, and ADCloud have to offer. With just a few steps, custom microservices can have RBAC, Discovery, Central configuration, and Circuit breaking functionality.
Of course, it doesn't just stop here. Custom Zuul filters and additional functionality in the adservice layer open up possibilities