georgwittberger/apache-spring-boot-microservice-example

General Information

The repository for this application (open on GitHub) has 7 stars and was forked 9 times. The codebase consists of 604 lines of code and makes use of the following technologies:

Apache httpd Maven

Data Flow Diagram

Dataflow Diagram

Download the following model file here. Other formats are provided below.

{
    "services": [
        {
            "name": "apache_server",
            "stereotypes": [
                "web_server",
                "infrastructural"
            ],
            "tagged_values": {
                "Web Server": "Apache httpd"
            }
        },
        {
            "name": "content_service",
            "stereotypes": [
                "internal"
            ],
            "tagged_values": {
                "Port": 11080
            }
        },
        {
            "name": "product_service",
            "stereotypes": [
                "internal"
            ],
            "tagged_values": {
                "Port": 11081
            }
        },
        {
            "name": "cart_service",
            "stereotypes": [
                "internal"
            ],
            "tagged_values": {
                "Port": 11082
            }
        }
    ],
    "external_entities": [
        {
            "name": "user",
            "stereotypes": [
                "user_stereotype",
                "entrypoint",
                "exitpoint"
            ],
            "tagged_values": {}
        }
    ],
    "information_flows": [
        {
            "sender": "user",
            "receiver": "apache_server",
            "stereotypes": [
                "restful_http"
            ],
            "tagged_values": {}
        },
        {
            "sender": "apache_server",
            "receiver": "user",
            "stereotypes": [
                "restful_http"
            ],
            "tagged_values": {}
        },
        {
            "sender": "cart_service",
            "receiver": "product_service",
            "stereotypes": [
                "restful_http"
            ],
            "tagged_values": {}
        },
        {
            "sender": "apache_server",
            "receiver": "cart_service",
            "stereotypes": [
                "restful_http"
            ],
            "tagged_values": {}
        },
        {
            "sender": "apache_server",
            "receiver": "product_service",
            "stereotypes": [
                "restful_http"
            ],
            "tagged_values": {}
        },
        {
            "sender": "apache_server",
            "receiver": "content_service",
            "stereotypes": [
                "restful_http"
            ],
            "tagged_values": {}
        }
    ]
}

Model Items

The Application consists of a total of 29 elements:

Element	Count
Services	4
External Entities	1
Information Flows	6
Annotations	18
Total Items	29

Model Representations

Open the model in the following formats:

Traceability

Open the traceability information for all model items:

Traceability

Security Rules

The following table shows the application’s adherence to the 17 architectural security rules. The last column provides model variants that adhere to the rule for each rule that is initially violated.

Rule ID	Evidence	Model Variant
R1	Evidence
R2	Evidence	Variant
R3	Evidence	Variant
R4	Evidence	Variant
R5	Evidence	Variant
R6	Evidence	Variant
R7	Evidence	Variant
R8	Evidence	Variant
R9	Evidence	Variant
R10	Evidence	Variant
R11	Evidence	Variant
R12	Evidence	Variant
R13	Evidence	Variant
R14	Evidence	Variant
R16	Evidence	Variant
R17	Evidence	Variant
R18	Evidence	Variant

Evidence and explanations for rule decisions

R1

Rule is partially adhered to: The application uses Apache httpd as a gateway server. The gateway does not perform authentication/authorization of incoming requests.

Artifacts:

httpd-microservice-example.conf: Line: 22

R2

Rule is violated: Services communicate internally over plain HTTP (See example artifacts). The communication is not authenticated.

Artifacts:

httpd-microservice-example.conf: Lines: 27, 31, 35

R3

Rule is violated: No authentication mechanism is deployed.

R4

Rule is violated: External entities are not represented in the application. Users behave transparent to the server. Note, that the server has a user-service, that is not used for authentication purposes.

R5

Rule is violated: No authentication tokens are used.

R6

Rule is violated: No rate limiting of any means is deployed.

R7

Rule is violated: User external entities can call the gateway service using an unencrypted HTTP connection.

Artifacts:

httpd-microservice-example.conf: Line: 22

R8

Rule is violated: All internal services communicate over insecure HTTP connections.

Artifacts:

application.yml: Line: 2
application.yml: Line: 2
application.yml: Line: 2

R9

Rule is violated: No central logging system is deployed.

R10

Rule is violated: No central logging system is deployed.

R11

Rule is violated: No logs are generated by the application.

R12

Rule is violated: No message broker is deployed and no logging is performed.

R13

Rule is violated: No explicit circuit breaker is deployed.

R14

Rule is violated: No load balancing is deployed.

R15

This rule is not applicable: Not a service mesh deployment.

R16

Rule is violated: No service registry service is deployed. Services are statically linked.

Artifacts:

httpd-microservice-example.conf: Lines: 27, 31, 35

R17

Rule is violated: No service registry service is deployed. Services are statically linked.

Artifacts:

httpd-microservice-example.conf: Lines: 27, 31, 35

R18

Rule is violated: No secret manager is deployed.

Tags: