Downloaded 25 times
![@mraible
Build with Docker
Create a Dockerfile
FROM openjdk:15-alpine
ARG JAR_FILE=target/*.jar
COPY ${JAR_FILE} app.jar
EXPOSE 8080
ENTRYPOINT ["java","-jar","/app.jar"]](https://cdn.statically.io/img/image.slidesharecdn.com/comparingjavarestapiframeworks-jconf-200930184724/75/Java-REST-API-Comparison-Micronaut-Quarkus-and-Spring-Boot-jconf-dev-2020-42-2048.jpg)
![@mraible
Go Native with GraalVM and Spring Boot
Upgrade to Spring 2.4.0-M2
<version>2.4.0-M2</version>
Update configuration to avoid proxies
https://tanzu.vmware.com/content/slides/the-path-towards-spring-boot-native-applications-2
@SpringBootApplication(proxyBeanMethods = false)
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}](https://cdn.statically.io/img/image.slidesharecdn.com/comparingjavarestapiframeworks-jconf-200930184724/75/Java-REST-API-Comparison-Micronaut-Quarkus-and-Spring-Boot-jconf-dev-2020-49-2048.jpg)
Uploaded byMatt Raible
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Matt Raible compares the Java web frameworks Micronaut, Quarkus, and Spring Boot for building REST APIs. He demonstrates how to quickly get started with each framework, secure APIs with OAuth 2.1 and JWTs, build Docker images, and go native with GraalVM. Performance tests show Quarkus has the fastest startup time while Spring Boot has the largest community support in areas like Stack Overflow questions, GitHub stars, and jobs on Indeed.
In this document
Powered by AI
Matt Raible introduces himself and the topic of Java REST APIs, focusing on Micronaut, Quarkus, and Spring Boot.
The presentation discusses the advantages of Java, including its popularity, open-source nature, and new features in Java 15.
Instructions for getting started with Micronaut, including creating an app, implementing JWT security, and testing APIs.
Instructions for creating a Quarkus application, implementing API security using JWT, and conducting tests.
Instructions for setting up Spring Boot, implementing security, and testing, as well as relevant dependencies.
Comparison of startup performance in milliseconds for Micronaut, Quarkus, and Spring Boot.
Discussion on building GraphQL APIs with Java frameworks like Micronaut, Quarkus, and Spring Boot.
Overview of securing APIs with OAuth 2.0 and 2.1, including key requirements and OpenID Connect.
Guidance on creating Docker containers for applications using Dockerfiles, Jib, and support in frameworks.
Instructions for creating native images in Micronaut, Quarkus, and Spring Boot using GraalVM.
Overview of community support for frameworks with statistics on Stack Overflow tags, GitHub stars, and job listings.
Overview of JHipster support for Micronaut and Quarkus as well as slides for resources on microservice security and contact information.
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
- 1. Matt Raible |@mraible September 30, 2020 Java REST API Comparison Micronaut, Quarkus, and Spring Boot Photo by Matt Duncan on https://unsplash.com/photos/IUY_3DvM__w
- 2. Matt Raible Developer Advocate Okta @mraible I❤ Java AND JavaScript! 🤓 https://jconf.dev
- 3. @mraible Who is MattRaible? Father, Husband, Skier, Mountain Biker, Whitewater Rafter Bus Lover Web Developer and Java Champion Okta Developer Advocate Blogger on raibledesigns.com and developer.okta.com/blog @mraible
- 7. @mraible Today’s Agenda Why Java? Build{ REST, GraphQL } APIs with Java Secure your APIs with OAuth 2.1 Build with Docker Go Native with GraalVM https://unsplash.com/photos/JsTmUnHdVYQ
- 8. @mraible Why Java? 25 Years ofuse, abuse, and improvements Open Source code is available; many popular open source frameworks and tools Hugely Popular and widely used by many enterprises and web-scale companies
- 9. @mraible Download the JDKfrom OpenJDK https://jdk.java.net/15 Or from AdoptOpenJDK https://adoptopenjdk.net Get Started with Java 15
- 10. @mraible Get Started withJava 15 Better yet, use SDKMAN! curl -s https://get.sdkman.io | bash sdk install java 15.0.0.hs-adpt
- 11. What’s New inJava 15 https://blogs.oracle.com/java-platform-group/the-arrival-of-java-15
- 12.
- 13.
- 14. @mraible sdk install micronaut mncreate-app com.okta.rest.app -b maven -f security-jwt Get Started with Micronaut
- 15.
- 16. package com.okta.rest.controller; import io.micronaut.http.MediaType; importio.micronaut.http.annotation.Controller; import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Produces; import io.micronaut.security.annotation.Secured; import io.micronaut.security.rules.SecurityRule; import java.security.Principal; @Controller("/hello") public class HelloController { @Get @Secured(SecurityRule.IS_AUTHENTICATED) @Produces(MediaType.TEXT_PLAIN) public String hello(Principal principal) { return "Hello, " + principal.getName() + "!"; } }
- 17.
- 18.
- 19. Install HTTPie (abetter cURL) $ <tool> install httpie https://httpie.org
- 20. Test Micronaut withHTTPie https://httpie.org mvn mn:run http :8080/hello TOKEN=eyJraWQiOiJxOE1QMjFNNHZCVmxOSkxGbFFWNlN... http :8080/hello Authorization:"Bearer $TOKEN"
- 21. Verify Micronaut APIwith HTTPie
- 22. @mraible Get Started withQuarkus mvn io.quarkus:quarkus-maven-plugin:1.8.1.Final:create -DprojectGroupId=com.okta.rest -DprojectArtifactId=quarkus -DclassName="com.okta.rest.quarkus.HelloResource" -Dpath="/hello" -Dextensions="jwt"
- 23.
- 24. package com.okta.rest.quarkus; import io.quarkus.security.Authenticated; importjavax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.SecurityContext; import java.security.Principal; @Path("/hello") public class HelloResource { @GET @Path("/") @Authenticated @Produces(MediaType.TEXT_PLAIN) public String hello(@Context SecurityContext context) { Principal userPrincipal = context.getUserPrincipal(); return "Hello, " + userPrincipal.getName() + "!"; } }
- 25.
- 26.
- 28. Test Quarkus withHTTPie https://httpie.org mvn compile quarkus:dev http :8080/hello TOKEN=eyJraWQiOiJxOE1QMjFNNHZCVmxOSkxGbFFWNlN... http :8080/hello Authorization:"Bearer $TOKEN"
- 29. Verify Quarkus APIwith HTTPie
- 30. @mraible Get Started withSpring Boot http https://start.spring.io/starter.zip dependencies==web,okta packageName==com.okta.rest name=spring-boot type=maven-project -o spring-boot.zip
- 31.
- 32. package com.okta.rest.controller; import org.springframework.security.core.annotation.AuthenticationPrincipal; importorg.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import java.security.Principal; @RestController public class HelloController { @GetMapping("/hello") public String hello(@AuthenticationPrincipal Principal principal) { return "Hello, " + principal.getName() + "!"; } }
- 33. Spring Security OAuth2.0 Resource Server https://docs.spring.io/spring-security/site/docs/5.4.0/reference/html5/#oauth2resourceserver okta.oauth2.issuer=https://dev-133337.okta.com/ oauth2/default
- 34. Test Spring Bootwith HTTPie https://httpie.org mvn spring-boot:run http :8080/hello TOKEN=eyJraWQiOiJxOE1QMjFNNHZCVmxOSkxGbFFWNlN... http :8080/hello Authorization:"Bearer $TOKEN"
- 35. Verify Spring BootAPI with HTTPie
- 36. @mraible Startup PerformanceMilliseconds 0 525 1050 1575 2100 Micronaut QuarkusSpring Boot 1,878 658596 1,014 1,132 474 Dev Startup (mvn) Packaged Startup (java -jar)
- 37. @mraible Build GraphQL APIswith Java Why GraphQL? Does your favorite framework support GraphQL? Micronaut https://micronaut-projects.github.io/micronaut-graphql/latest/guide Quarkus https://quarkus.io/guides/microprofile-graphql Spring Boot https://github.com/leangen/graphql-spqr-spring-boot-starter
- 38. @mraible Secure your APIwith OAuth 2.0 https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
- 39. @mraible Secure your APIwith OAuth 2.1 https://oauth.net/2.1 PKCE is required for all clients using the authorization code flow Redirect URIs must be compared using exact string matching The Implicit grant is omitted from this specification The Resource Owner Password Credentials grant is omitted from this specification Bearer token usage omits the use of bearer tokens in the query string of URIs Refresh tokens for public clients must either be sender-constrained or one-time use
- 40. @mraible Authenticate with OpenIDConnect (OIDC) What is OpenID Connect? Does your favorite framework support OIDC authentication? Micronaut https://guides.micronaut.io/micronaut-oauth2-okta/guide Quarkus https://quarkus.io/guides/security-openid-connect-web-authentication Spring Boot https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2login
- 41.
- 42. @mraible Build with Docker Createa Dockerfile FROM openjdk:15-alpine ARG JAR_FILE=target/*.jar COPY ${JAR_FILE} app.jar EXPOSE 8080 ENTRYPOINT ["java","-jar","/app.jar"]
- 43. @mraible Build with Docker Buildyour image docker build -t <tag-name> . Run your image docker run -i --rm -p 8080:8080 <tag-name>
- 44. @mraible Build with Docker:Jib Get Jibby with it! mvn verify jib:build Or build directly to your Docker daemon mvn verify jib:dockerBuild https://github.com/GoogleContainerTools/jib
- 45. @mraible Build with Docker Micronautgenerates a Dockerfile Quarkus generates three Docker-related files Dockerfile.fast-jar Dockerfile.jvm Dockerfile.native Quarkus + Jib mvn quarkus:add-extension -Dextensions="container-image-jib"
- 46. @mraible Build with Docker SpringBoot 2.3+ has built-in support mvn spring-boot:build-image Uses layered JARs for for faster builds dependencies snapshot-dependencies resources application https://spring.io/blog/2020/01/27/creating-docker-images-with-spring-boot-2-3-0-m1
- 47. @mraible Use Micronaut CLI mncreate-app ... -f graalvm mn feature-diff --features=graalvm mvn package ./docker-build.sh Go Native with GraalVM and Micronaut https://docs.micronaut.io/latest/guide/#graal
- 48. @mraible Go Native withGraalVM and Quarkus It’s built-in to Quarkus! mvn package -Pnative -Dquarkus.native.container-build=true Then build the image docker build -f src/main/docker/Dockerfile.native -t <tag- name> . And run it docker run -i --rm -p 8080:8080 <tag-name> https://quarkus.io/guides/building-native-image
- 49. @mraible Go Native withGraalVM and Spring Boot Upgrade to Spring 2.4.0-M2 <version>2.4.0-M2</version> Update configuration to avoid proxies https://tanzu.vmware.com/content/slides/the-path-towards-spring-boot-native-applications-2 @SpringBootApplication(proxyBeanMethods = false) public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } }
- 50. @mraible Go Native withGraalVM and Spring Boot Add Milestone repositories to your pom.xml <repositories> <repository> <id>spring-milestones</id> <name>Spring Milestones</name> <url>https://repo.spring.io/milestone</url> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>spring-milestones</id> <name>Spring Milestones</name> <url>https://repo.spring.io/milestone</url> </pluginRepository> </pluginRepositories>
- 51. @mraible Go Native withGraalVM and Spring Boot Configure your Spring Boot Maven Plugin <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <configuration> <image> <env> <BP_BOOT_NATIVE_IMAGE>1</BP_BOOT_NATIVE_IMAGE> <BP_BOOT_NATIVE_IMAGE_BUILD_ARGUMENTS> -Dspring.native.remove-yaml-support=true -Dspring.spel.ignore=true --enable-https </BP_BOOT_NATIVE_IMAGE_BUILD_ARGUMENTS> </env> </image> </configuration> </plugin> https://www.graalvm.org/reference-manual/native-image/JCASecurityServices/
- 52. @mraible Go Native withGraalVM and Spring Boot Add Spring GraalVM dependency <dependency> <groupId>org.springframework.experimental</groupId> <artifactId>spring-graalvm-native</artifactId> <version>0.8.0</version> </dependency> Build the native application mvn spring-boot:build-image
- 53. @mraible Go Native withGraalVM and Spring Boot Run your native Spring Boot app! docker run -p 8080:8080 docker.io/library/demo:0.0.1-SNAPSHOT 💣 🐛 https://github.com/okta/okta-spring-boot/issues/192
- 54. @mraible Attempted Workaround forOkta + GraalVM Use Spring Security’s resource server <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-resource-server</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-jose</artifactId> </dependency> spring.security.oauth2.resourceserver.jwt.issuer-uri=https://...
- 55. @mraible Native Startup Performance Milliseconds 0 12.5 25 37.5 50 September21, 2020 13 26 Micronaut Quarkus
- 56. @mraible Tests Run ona 2019 MacBook Pro
- 57.
- 58. @mraible Stack Overflow Tags 0 26250 52500 78750 105000 September20, 2020 91,030 919732 Micronaut Quarkus Spring Boot
- 59. @mraible GitHub Stars 0 15000 30000 45000 60000 September 20,2020 50,600 5,9004,100 Micronaut Quarkus Spring Boot
- 60.
- 61. @mraible Jobs on Indeed(US) 0 1050 2100 3150 4200 September 20, 2020 3,745 1012 Micronaut Quarkus Spring Boot
- 62.
- 63. @mraible JHipster Support 🤓 MicronautBlueprint - github.com/jhipster/generator-jhipster-micronaut - v0.3.8, 15 releases, 12 contributors, 289 commits // TODO: NoSQL, Reactive, Microservices, Graal VM native images Quarkus Blueprint - github.com/jhipster/jhipster-quarkus - v0.1.6, 7 releases, 7 contributors, 80 commits // TODO: Gradle, OAuth / OIDC, NoSQL, Reactive, Microservices
- 64.
- 65.
- 66.
- 67. Curious about MicroserviceSecurity? https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
- 68.
- 69.