These are chat archives for spring-cloud/spring-cloud

2nd
Jan 2015
William Gorder
@wgorder
Jan 02 2015 14:38
Hey @dsyer I guess I was thinking that you don't want to share databases across services. At least I thought that was the best practice. In this case I am trying to implement a registration service which needs to change the database backing the auth server, so I thought that logic should live there
Like I said very much a wip but I would love your input so far. You can see it here: https://github.com/wgorder/auth-server and here https://github.com/wgorder/api-gateway
William Gorder
@wgorder
Jan 02 2015 14:44
As I get into the product/order stuff I was planning on using the auth-server db as the source of truth for membership and having teh auth=server add new customers(or updates) to an rabbit mq, to update a mongo instance
perhaps a similar type thing for registrations?
Dave Syer
@dsyer
Jan 02 2015 14:46
OK. I guess that's defensible. Not sure why you need the rabbit layer though.
I thought you might be proxying calls to /oauth/* endpoints (which wouldn't be a great idea)
You could equally well make an argument that the auth server's single responsibility is minting tokens
User and client registration would then logically live somewhere else. But since you called it "uaa" I guess you might be following ( or using) the Cloud Foundry UAA, which has all that stuff co-located.
William Gorder
@wgorder
Jan 02 2015 14:49
Yes I did look a bit at cloud foundry UAA as an example although that was a bit more then what I was looking for in this
Dave Syer
@dsyer
Jan 02 2015 14:50
Of what?
What did you mean by "membership"?
William Gorder
@wgorder
Jan 02 2015 14:50
Well the sample (once its done) is going to be a store front. It will have a shopping cart etc and products
so new users can register and then purchase goods
that kind of thing
Dave Syer
@dsyer
Jan 02 2015 14:51
Users are "members"?
William Gorder
@wgorder
Jan 02 2015 14:51
but the customer/order mongo store will need to know who the customers are
yeah I shoudl just stick with users :)
sorry for the confusion
In any event it seems inevitable that the mongo store will need to duplicate user data that is managed by UAA in order to handle orders etc.
Dave Syer
@dsyer
Jan 02 2015 14:53
Probably. Unless you want a lot of network chatter.
William Gorder
@wgorder
Jan 02 2015 14:54
Thats where I was wondering if an mq would make sense. Have the UAA publish new user/ or updated user information so those services could update their local copies.
or do you think the UAA is doing to much in that case.
Dave Syer
@dsyer
Jan 02 2015 14:55
I see
No it makes sense now. I had read that sentence wrong.
In fact the messaging bit is sort of generic
I wonder if Spring Cloud Bus might help (or a common abstraction)
William Gorder
@wgorder
Jan 02 2015 14:57
I was going to look at it :) I was trying to do an application that has everything to get a feel how it all fits together in a more applied sense. I plan on having an admin page that can view the hystrix and eureka dashboards as well.
Dave Syer
@dsyer
Jan 02 2015 14:57
So far we haven't developed the Bus much - just a handful of well-known events emitted by Cloud components.
But in all those cases I like the way it works for an application developer - you just publish an ApplicationEvent without having to know or configure anything much else
William Gorder
@wgorder
Jan 02 2015 14:58
Yeah I have been pretty happy at how easy everything is
I was a little confused on the login bit if you look at my code I actually have the api-gateway layer to a rest template call to login
just because i don't want my client secret in my angular app for everyone to see.
Dave Syer
@dsyer
Jan 02 2015 14:59
You shoudl never have to do that
Use auth code grant
William Gorder
@wgorder
Jan 02 2015 15:00
although at the end of the day I guess it does not much matter because they get the token anyway
Dave Syer
@dsyer
Jan 02 2015 15:00
The token is much less valuable than a client secret (that's the whole point of it)
William Gorder
@wgorder
Jan 02 2015 15:00
yup I have a note in my code to try to get the auth code working but I don't want the user to have to approve anything
Dave Syer
@dsyer
Jan 02 2015 15:00
That sample I posted a link to in github issue uses auth code
William Gorder
@wgorder
Jan 02 2015 15:00
since technically all the applications are pieces of the one
Dave Syer
@dsyer
Jan 02 2015 15:01
You just need a custom UserApprovalHandler
William Gorder
@wgorder
Jan 02 2015 15:01
Ok Ill look at switching that, it sounds better.
Dave Syer
@dsyer
Jan 02 2015 15:01
Or I believe you can do it in the client registration now (just set autoApprove=* or autoApprove=true I think)
I like the approval page for demos because it shows that there is an external auth server
William Gorder
@wgorder
Jan 02 2015 15:02
right and for an application like github or some 3rd party it makes good sense too
Dave Syer
@dsyer
Jan 02 2015 15:02
And you wouldn't expect Facebook or Google to approve an external app automatically
William Gorder
@wgorder
Jan 02 2015 15:02
yup
Handing the redirects is one more level of indirection too. I was kind of new to oauth2 but now that I have the password grant working I think I have a better idea of what is going on
Ill keep plugging away and keep you posted. I have a lot of cleanup to do on whats there an more to add, I was just putting in Spring Session for CSRF and cart data
William Gorder
@wgorder
Jan 02 2015 15:05
I have to get a good dockerized version going too.
Dave Syer
@dsyer
Jan 02 2015 15:05
No, that's the wrong link
Dockerized Spring Boot is trivial I think. I'd be interested in getting some samples of gradle or maven builds that work though.
There's some maven tooling that doesn't quite work with docker.io I think
William Gorder
@wgorder
Jan 02 2015 15:07
yup everything I posted above is working in docker (minus the pita that it is having boot2docker ips on a mac)
We should probably make that the default
William Gorder
@wgorder
Jan 02 2015 15:07
cool thanks
This whole project is gradle. Hopefully once its done if your interested we can move it to the samples repo
Dave Syer
@dsyer
Jan 02 2015 15:09
I'd want to offer a Maven alternative, but that sounds like a good idea. We need more samples with integration tests.
William Gorder
@wgorder
Jan 02 2015 15:10
I can add maven POM's to everything as well. Actually I think maven seems to work better most of the time
but I wanted to get it working with Gradle since there were not alot of examples there
Ok sounds good Ill keep you posted thanks for the links and feedback.