General Information
The repository for this application (open on GitHub) has 782 stars and was forked 370 times. The codebase consists of 1182 lines of code and makes use of the following technologies:
Docker Docker Compose Eureka Gradle Hystrix RabbitMQ Ribbon Spring Admin Spring Config Turbine Zipkin Zuul
Data Flow Diagram
Download the following model file here. Other formats are provided below.
{
"services": [
{
"name": "admin_dashboard",
"stereotypes": [
"administration_server",
"infrastructural",
"csrf_disabled"
],
"tagged_values": {
"Administration Server": "Spring Boot Admin",
"Port": 8040
}
},
{
"name": "eureka_server",
"stereotypes": [
"service_discovery",
"infrastructural",
"csrf_disabled"
],
"tagged_values": {
"Service Discovery": "Eureka",
"Port": 8761
}
},
{
"name": "rabbitmq",
"stereotypes": [
"message_broker",
"infrastructural"
],
"tagged_values": {
"Message Broker": "RabbitMQ",
"Port": 4369
}
},
{
"name": "config_server",
"stereotypes": [
"configuration_server",
"infrastructural",
"csrf_disabled"
],
"tagged_values": {
"Configuration Server": "Spring Cloud Config",
"Port": 8100
}
},
{
"name": "hystrix_dashboard",
"stereotypes": [
"monitoring_dashboard",
"monitoring_server",
"infrastructural",
"csrf_disabled"
],
"tagged_values": {
"Monitoring Dashboard": "Hystrix",
"Monitoring Server": "Turbine",
"Port": 8050
}
},
{
"name": "service_a",
"stereotypes": [
"internal",
"circuit_breaker",
"csrf_disabled"
],
"tagged_values": {
"Port": 8080,
"Endpoints": [
"/"
],
"Circuit Breaker": "Hystrix"
}
},
{
"name": "service_b",
"stereotypes": [
"internal",
"csrf_disabled"
],
"tagged_values": {
"Port": 8070,
"Endpoints": [
"/"
]
}
},
{
"name": "zuul",
"stereotypes": [
"gateway",
"infrastructural",
"load_balancer",
"csrf_disabled"
],
"tagged_values": {
"Gateway": "Zuul",
"Port": 8060,
"Load Balancer": "Ribbon"
}
},
{
"name": "zipkin",
"stereotypes": [
"tracing_server",
"infrastructural"
],
"tagged_values": {
"Tracing Server": "Zipkin",
"Port": 9411
}
}
],
"information_flows": [
{
"sender": "admin_dashboard",
"receiver": "config_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "eureka_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "rabbitmq",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "admin_dashboard",
"receiver": "eureka_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "admin_dashboard",
"receiver": "hystrix_dashboard",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "hystrix_dashboard",
"receiver": "eureka_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "admin_dashboard",
"receiver": "service_a",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_a",
"receiver": "rabbitmq",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "service_a",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_a",
"receiver": "eureka_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_a",
"receiver": "hystrix_dashboard",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "admin_dashboard",
"receiver": "service_b",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_b",
"receiver": "rabbitmq",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "config_server",
"receiver": "service_b",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_b",
"receiver": "eureka_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_a",
"receiver": "service_b",
"stereotypes": [
"restful_http",
"feign_connection"
],
"tagged_values": {}
},
{
"sender": "zuul",
"receiver": "user",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "user",
"receiver": "zuul",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "zuul",
"receiver": "service_a",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "eureka_server",
"receiver": "zuul",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "rabbitmq",
"receiver": "zipkin",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_b",
"receiver": "zipkin",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_b",
"receiver": "hystrix_dashboard",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "service_a",
"receiver": "zipkin",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "admin_dashboard",
"receiver": "rabbitmq",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "admin_dashboard",
"receiver": "zuul",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "zuul",
"receiver": "rabbitmq",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "zuul",
"receiver": "zipkin",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "zuul",
"receiver": "config_server",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
}
],
"external_entities": [
{
"name": "user",
"stereotypes": [
"user_stereotype",
"entrypoint",
"exitpoint"
],
"tagged_values": {}
}
]
}
Model Items
The Application consists of a total of 121 elements:
| Element | Count |
|---|---|
| Services | 9 |
| External Entities | 1 |
| Information Flows | 30 |
| Annotations | 81 |
| Total Items | 121 |
Model Representations
Open the model in the following formats:
Traceability
Open the traceability information for all model items:
Security Rules
The following table shows the application’s adherence to the 17 architectural security rules. The last column provides model variants that adhere to the rule for each rule that is initially violated.
| Rule ID | Verdict | Evidence | Model Variant |
|---|---|---|---|
| R1 | Evidence | ||
| R2 | Evidence | Variant | |
| R3 | Evidence | Variant | |
| R4 | Evidence | Variant | |
| R5 | Evidence | Variant | |
| R6 | Evidence | Variant | |
| R7 | Evidence | Variant | |
| R8 | Evidence | Variant | |
| R9 | Evidence | Variant | |
| R10 | Evidence | Variant | |
| R11 | Evidence | Variant | |
| R12 | Evidence | Variant | |
| R13 | Evidence | ||
| R14 | Evidence | ||
| R16 | Evidence | ||
| R17 | Evidence | Variant | |
| R18 | Evidence | Variant |
Evidence and explanations for rule decisions
R1
Rule is partially adhered to: User only communicates with the Zuul gateway service. The gateway does not perform authentication/authorization.
Artifacts:
R2
Rule is violated: The services do not authenticate requests mutually. Internal requests are sent via plain HTTP.
R3
Rule is violated: No authentication mechanism is deployed.
R4
Rule is violated: External entities are not represented in the application. Users behave transparent to the server.
R5
Rule is violated: No authentication tokens are used.
R6
Rule is violated: No rate limiting of any means is deployed.
R7
Rule is violated: User external entities can call the gateway service using an unencrypted HTTP connection.
Artifacts:
- bootstrap.yml: Line: 2
R8
Rule is violated: All internal services communicate over insecure HTTP connections.
Artifacts:
- bootstrap.yml: Line: 2
R9
Rule is violated: No central logging system is deployed.
R10
Rule is violated: No central logging system is deployed.
R11
Rule is violated: Logs are not explicitly sanitized.
R12
Rule is violated: No explicit logging mechanism is deployed.
R13
Rule is adhered to: The API gateway enables Hystrix’s circuit breaker functionality through the @EnableZuulProxy annotation.
Artifacts:
- ZuulApplication.java: Line: 17
R14
Rule is adhered to: The Zuul API gateway performs load balancing using Ribbon by default.
Artifacts:
- ZuulApplication.java: Line: 17
R15
This rule is not applicable: Not a service mesh deployment.
R16
Rule is adhered to:
- Registry Service (Eureka Server) with @EnableEurekaServer present.
- Started in Docker Container through Compose, thus deployable on dedicated server
Artifacts:
R17
Rule is violated: No HTTP basic password listed in any YML-Configuration of format username:password@here-location-of-eureka-server at “eureka.client.serviceUrl.defaultZone”.
Artifacts:
R18
Rule is violated: No secret manager is deployed.