General Information
The repository for this application (open on GitHub) has 398 stars and was forked 308 times. The codebase consists of 2786 lines of code and makes use of the following technologies:
Docker Compose Elasticsearch Eureka Gradle Hystrix Kibana Logstash RabbitMQ Ribbon Spring Config Spring OAuth Turbine Zipkin Zuul
Data Flow Diagram
Download the following model file here. Other formats are provided below.
{
"services": [
{
"name": "elasticsearch",
"stereotypes": [
"infrastructural",
"search_engine"
],
"tagged_values": {
"Port": 9200,
"Search Engine": "Elasticsearch"
}
},
{
"name": "kibana",
"stereotypes": [
"infrastructural",
"monitoring_dashboard"
],
"tagged_values": {
"Port": 5601,
"Monitoring Dashboard": "Kibana"
}
},
{
"name": "logstash",
"stereotypes": [
"infrastructural",
"logging_server"
],
"tagged_values": {
"Port": 25826,
"Logging Server": "Logstash"
}
},
{
"name": "rabbitmq",
"stereotypes": [
"infrastructural",
"message_broker"
],
"tagged_values": {
"Port": 15672,
"Message Broker": "RabbitMQ"
}
},
{
"name": "discovery_server",
"stereotypes": [
"infrastructural",
"service_discovery",
"plaintext_credentials"
],
"tagged_values": {
"Port": 8762,
"Service Discovery": "Eureka",
"Username": "user",
"Password": "password"
}
},
{
"name": "config_server",
"stereotypes": [
"infrastructural",
"configuration_server",
"local_logging"
],
"tagged_values": {
"Port": 8888,
"Configuration Server": "Spring Cloud Config"
}
},
{
"name": "auth_server",
"stereotypes": [
"infrastructural",
"authorization_server",
"resource_server",
"local_logging",
"plaintext_credentials"
],
"tagged_values": {
"Port": 9999,
"Authorization Server": "Spring OAuth2",
"Endpoints": [
"/user"
],
"Username": "acme",
"Password": "acmesecret"
}
},
{
"name": "monitor_dashboard",
"stereotypes": [
"infrastructural",
"monitoring_dashboard",
"local_logging"
],
"tagged_values": {
"Port": 7979,
"Monitoring Dashboard": "Hystrix",
"Endpoints": [
"/"
]
}
},
{
"name": "turbine_server",
"stereotypes": [
"infrastructural",
"monitoring_server",
"local_logging"
],
"tagged_values": {
"Port": 8989,
"Monitoring Server": "Turbine"
}
},
{
"name": "zipkin_server",
"stereotypes": [
"infrastructural",
"tracing_server"
],
"tagged_values": {
"Port": 9411,
"Tracing Server": "Zipkin"
}
},
{
"name": "product_service",
"stereotypes": [
"internal",
"local_logging"
],
"tagged_values": {
"Port": 8080,
"Endpoints": [
"/product/{productId}",
"/set-processing-time"
]
}
},
{
"name": "recommendation_service",
"stereotypes": [
"internal",
"local_logging"
],
"tagged_values": {
"Port": 8080,
"Endpoints": [
"/recommendation",
"/set-processing-time"
]
}
},
{
"name": "review_service",
"stereotypes": [
"internal",
"local_logging"
],
"tagged_values": {
"Port": 8080,
"Endpoints": [
"/review",
"/set-processing-time"
]
}
},
{
"name": "composite_service",
"stereotypes": [
"internal",
"local_logging",
"load_balancer",
"circuit_breaker",
"resource_server"
],
"tagged_values": {
"Port": 8080,
"Endpoints": [
"/",
"/{productId}"
],
"Load Balancer": "Spring Cloud"
}
},
{
"name": "edge_server",
"stereotypes": [
"infrastructural",
"gateway",
"resource_server",
"local_logging",
"circuit_breaker",
"load_balancer"
],
"tagged_values": {
"Port": 8765,
"Gateway": "Zuul",
"Load Balancer": "Ribbon"
}
}
],
"information_flows": [
{
"sender": "elasticsearch",
"receiver": "kibana",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "logstash",
"receiver": "elasticsearch",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "github_repository",
"receiver": "config_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "discovery_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "rabbitmq",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "auth_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "monitor_dashboard",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "monitor_dashboard",
"receiver": "discovery_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "rabbitmq",
"receiver": "turbine_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "turbine_server",
"receiver": "discovery_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "turbine_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "turbine_server",
"receiver": "monitor_dashboard",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "rabbitmq",
"receiver": "zipkin_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "product_service",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "product_service",
"receiver": "discovery_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "recommendation_service",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "recommendation_service",
"receiver": "discovery_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "review_service",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "review_service",
"receiver": "discovery_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "composite_service",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "auth_server",
"receiver": "composite_service",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "composite_service",
"receiver": "discovery_server",
"stereotypes": [
"restful_http",
"circuit_breaker_link",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "composite_service",
"receiver": "rabbitmq",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "composite_service",
"receiver": "product_service",
"stereotypes": [
"restful_http",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "composite_service",
"receiver": "recommendation_service",
"stereotypes": [
"restful_http",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "composite_service",
"receiver": "review_service",
"stereotypes": [
"restful_http",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "edge_server",
"receiver": "user",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "user",
"receiver": "edge_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "edge_server",
"receiver": "composite_service",
"stereotypes": [
"restful_http",
"circuit_breaker_link"
],
"tagged_values": {}
},
{
"sender": "discovery_server",
"receiver": "edge_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "edge_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "edge_server",
"receiver": "auth_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "discovery_server",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "auth_server",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "product_service",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "recommendation_service",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "review_service",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "composite_service",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "monitor_dashboard",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "edge_server",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "zipkin_server",
"receiver": "logstash",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
}
],
"external_entities": [
{
"name": "github_repository",
"stereotypes": [
"github_repository",
"entrypoint"
],
"tagged_values": {
"URL": "https://github.com/callistaenterprise/blog-microservices-config"
}
},
{
"name": "user",
"stereotypes": [
"user_stereotype",
"entrypoint",
"exitpoint"
],
"tagged_values": {}
}
]
}
Model Items
The Application consists of a total of 175 elements:
| Element | Count |
|---|---|
| Services | 15 |
| External Entities | 2 |
| Information Flows | 32 |
| Annotations | 126 |
| Total Items | 175 |
Model Representations
Open the model in the following formats:
Traceability
Open the traceability information for all model items:
Security Rules
The following table shows the application’s adherence to the 17 architectural security rules. The last column provides model variants that adhere to the rule for each rule that is initially violated.
| Rule ID | Verdict | Evidence | Model Variant | |
|---|---|---|---|---|
| R1 | Evidence | |||
| R2 | Evidence | Variant | ||
| R3 | Evidence | |||
| R4 | Evidence | Variant | ||
| R5 | Evidence | |||
| R6 | Evidence | Variant | ||
| R7 | Evidence | |||
| R8 | Evidence | Variant | ||
| R9 | Evidence | |||
| R10 | Evidence | |||
| R11 | Evidence | Variant | ||
| R12 | Evidence | Variant | ||
| R13 | Evidence | |||
| R14 | Evidence | |||
| R16 | Evidence | |||
| R17 | Evidence | Variant | ||
| R18 | Evidence | Variant |
Evidence and explanations for rule decisions
R1
Rule is partially adhered to:
- The @EnableZuulProxy annotation is present,
- The @EnableResourceServer annotation is present,
- Article of application does access authorization server directly instead over Gateway.
Artifacts:
- ZuulApplication.java: Line: 18
R2
Rule is violated: Only API gateway, product composite service and authorization server (which is accesses by other services) have @EnableResourceServer, other downstream services do not authorize the requests
Artifacts:
- AuthserverApplication.java: Line: 16
- ZuulApplication.java: Line: 19
- ProductCompositeServiceApplication.java: Line: 21
R3
This rule is adhered to:
- The @EnableAuthorizationServer annotation is present,
- No JwtAccessTokenConverter, thus issues opaque token,
- Endpoint for validating token present,
- Endpoint mentioned at YML-Configuration of Resource Server.
Artifacts:
R4
Rule is violated:
- Identity representations are present in form of opaque tokens per Rule 3,
- No transformation present,
- No @EnableResourceServer present at every downstream service.
R5
Rule is adhered to: Token are being validated on endpoint at authorization server and endpoint specified at server with @EnableResourceServer annotation.
R6
Rule is violated: No mechanism in place for multiple failed login attempts.
R7
Rule is adhered to: Keystore and Truststore of API Gateway has certificate included.
Artifacts:
- edge-server.yml: Line: 4
R8
This rule is violated: Only edge-server, auth-server and config service have keystores included in their yml-configuration.
Artifacts:
R9
Rule is adhered to: This microservice application deploys the ELK stack (Elasticsearch, Logstash, Kibana) as a logging mechanism. Logstash is deployed as a central logging subsystem. Logstash then sends the formatted data to an Elasticsearch indexing server. Additionally Kibana is deployed as a monitoring dashboard on top of the indexing server.
Artifacts:
- docker-compose-with-elk.yml: Line: 5
R10
Rule is adhered to: The syslog driver at docker containers present.
Artifacts:
- docker-compose-with-elk.yml: Line: 81
R11
Rule is violated: Logs are not explicitly sanitized.
R12
Rule is violated: RabbitMQ present but not used for logging subsystem.
R13
Rule is adhered to: The @EnableZuulProxy annotation at the API Gateway enables Hystrix and its circuit breaker functionality.
Artifacts:
- ZuulApplication.java: Line: 18
R14
Rule is adhered to: The @EnableZuulProxy annotation at the API Gateway enables Ribbon and its load balancing functionality.
Artifacts:
- ZuulApplication.java: Line: 18
R15
This rule is not applicable: Not a service mesh deployment.
R16
Rule is adhered to:
- Registry Service (Eureka Server) with @EnableEurekaServer present.
- Started in Docker Container through Compose, thus deployable on dedicated server
Artifacts:
R17
Rule is violated: No HTTP basic password listed in any YML-Configuration of format username:password@here-location-of-eureka-server at “eureka.client.serviceUrl.defaultZone”.
Artifacts:
R18
Rule is violated: No secret manager is deployed.