General Information
The repository for this application (open on GitHub) has 272 stars and was forked 570 times. The codebase consists of 879 lines of code and makes use of the following technologies:
Eureka Hystrix Maven Spring Config Spring Gateway Zipkin
Data Flow Diagram
Download the following model file here. Other formats are provided below.
{
"services": [
{
"name": "service_registry",
"stereotypes": [
"infrastructural",
"service_discovery"
],
"tagged_values": {
"Port": 8761,
"Service Discovery": "Eureka"
}
},
{
"name": "config_server",
"stereotypes": [
"infrastructural",
"configuration_server"
],
"tagged_values": {
"Port": 9296,
"Configuration Server": "Spring Cloud Config"
}
},
{
"name": "zipkin_server",
"stereotypes": [
"infrastructural",
"tracing_server"
],
"tagged_values": {
"Port": 9411,
"Tracing Server": "Zipkin"
}
},
{
"name": "department_service",
"stereotypes": [
"internal",
"local_logging"
],
"tagged_values": {
"Port": 9001,
"Endpoints": [
"/departments",
"/departments/{id}"
],
"Logging Technology": "Lombok"
}
},
{
"name": "user_service",
"stereotypes": [
"internal",
"local_logging",
"load_balancer"
],
"tagged_values": {
"Port": 9002,
"Endpoints": [
"/users",
"/users/{id}"
],
"Load Balancer": "Spring Cloud",
"Logging Technology": "Lombok"
}
},
{
"name": "hystrix_dashboard",
"stereotypes": [
"infrastructural",
"monitoring_dashboard",
"local_logging"
],
"tagged_values": {
"Port": 9295,
"Monitoring Dashboard": "Hystrix"
}
},
{
"name": "api_gateway",
"stereotypes": [
"infrastructural",
"gateway",
"circuit_breaker",
"load_balancer"
],
"tagged_values": {
"Port": 9191,
"Gateway": "Spring Cloud Gateway",
"Circuit Breaker": "Hystrix",
"Endpoints": [
"/userServiceFallBack",
"/departmentServiceFallBack"
]
}
}
],
"external_entities": [
{
"name": "github_repository",
"stereotypes": [
"github_repository",
"entrypoint"
],
"tagged_values": {
"URL": "https://github.com/shabbirdwd53/config-server"
}
},
{
"name": "user",
"stereotypes": [
"user_stereotype",
"entrypoint",
"exitpoint"
],
"tagged_values": {}
}
],
"information_flows": [
{
"sender": "github_repository",
"receiver": "config_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "service_registry",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "department_service",
"receiver": "zipkin_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "department_service",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "department_service",
"receiver": "service_registry",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "user_service",
"receiver": "zipkin_server",
"stereotypes": [
"restful_http",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "user_service",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "user_service",
"receiver": "service_registry",
"stereotypes": [
"restful_http",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "user_service",
"receiver": "department_service",
"stereotypes": [
"restful_http",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "hystrix_dashboard",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "hystrix_dashboard",
"receiver": "service_registry",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "api_gateway",
"receiver": "user",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "user",
"receiver": "api_gateway",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_registry",
"receiver": "api_gateway",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "api_gateway",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "api_gateway",
"receiver": "user_service",
"stereotypes": [
"restful_http",
"circuit_breaker_link",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "api_gateway",
"receiver": "department_service",
"stereotypes": [
"restful_http",
"circuit_breaker_link",
"load_balanced_link"
],
"tagged_values": {}
},
{
"sender": "zipkin_server",
"receiver": "hystrix_dashboard",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
}
]
}
Model Items
The Application consists of a total of 92 elements:
| Element | Count |
|---|---|
| Services | 7 |
| External Entities | 2 |
| Information Flows | 18 |
| Annotations | 65 |
| Total Items | 92 |
Model Representations
Open the model in the following formats:
Traceability
Open the traceability information for all model items:
Security Rules
The following table shows the application’s adherence to the 17 architectural security rules. The last column provides model variants that adhere to the rule for each rule that is initially violated.
| Rule ID | Verdict | Evidence | Model Variant |
|---|---|---|---|
| R1 | Evidence | ||
| R2 | Evidence | Variant | |
| R3 | Evidence | Variant | |
| R4 | Evidence | Variant | |
| R5 | Evidence | Variant | |
| R6 | Evidence | Variant | |
| R7 | Evidence | Variant | |
| R8 | Evidence | Variant | |
| R9 | Evidence | Variant | |
| R10 | Evidence | Variant | |
| R11 | Evidence | Variant | |
| R12 | Evidence | Variant | |
| R13 | Evidence | ||
| R14 | Evidence | ||
| R16 | Evidence | ||
| R17 | Evidence | Variant | |
| R18 | Evidence | Variant |
Evidence and explanations for rule decisions
R1
Rule is partially adhered to: User only communicates with the Spring Cloud gateway server. The API gateway does not indicate, that requests are being authenticated/authorized at all.
Artifacts:
- application.yml: Line: 2
R2
Rule is violated: Services communicate internally over plain HTTP. The communication is not authenticated.
Artifacts:
R3
Rule is violated: No authentication mechanism is deployed.
R4
Rule is violated: Users are represented by IDs in the user registry. However, these user representations are not used to authenticate incoming connections.
R5
Rule is violated: No authentication tokens are used.
R6
Rule is violated: No rate limiting of any means is deployed.
R7
Rule is violated: User external entities can call the gateway service using an unencrypted HTTP connection.
Artifacts:
- application.yml: Line: 2
R8
Rule is violated: All internal services communicate over insecure HTTP connections.
Artifacts:
R9
Rule is violated: No central logging system is deployed. This application uses the Hystrix monitoring dashboard to traces reported by the Zipkin tracing server.
R10
Rule is violated: No central logging system is deployed. All internal services do perform local logging using Lombok, however none of the logs are consumed and accessed through monitoring software.
Artifacts:
- UserController.java: Lines: 21, 27
- UserService.java: Lines: 23, 28
- DepartmentController.java: Lines: 19, 25
- DepartmentService.java: Lines: 17, 22
R11
Rule is violated: Logs are not explicitly sanitized. All services write constant log messages without structured logging or template parameters. No PII or secrets will be leaked by the logging messages (see example artifact).
Artifacts:
- InvoiceService.java: Line: 25
R12
Rule is violated: No logs are collected and no message broker is deployed.
R13
Rule is adhered to: Hystrix is deployed as a circuit breaker on the gateway server.
Artifacts:
R14
Rule is violated: The gateway server uses load balancing to access dependent services.
Artifacts:
R15
This rule is not applicable: Not a service mesh deployment.
R16
Rule is adhered to:
- Registry Service (Eureka Server) with @EnableEurekaServer present.
- Eureka is started on Port 8761 and can be deployed on a dedicated server.
Artifacts:
R17
Rule is violated: No HTTP basic password listed in any YML-Configuration of format username:password@here-location-of-eureka-server at “eureka.client.serviceUrl.defaultZone”.
Artifacts:
R18
Rule is violated: No secret manager is deployed.