{"id":20307466,"url":"https://github.com/oktadev/java-microservices-examples","last_synced_at":"2025-04-04T08:09:39.840Z","repository":{"id":40200780,"uuid":"187124580","full_name":"oktadev/java-microservices-examples","owner":"oktadev","description":"Java Microservices: Spring Boot, Spring Cloud, JHipster, Spring Cloud Config, and Spring Cloud Gateway","archived":false,"fork":false,"pushed_at":"2022-09-18T02:40:51.000Z","size":3169,"stargazers_count":575,"open_issues_count":0,"forks_count":309,"subscribers_count":23,"default_branch":"main","last_synced_at":"2025-03-28T07:09:17.904Z","etag":null,"topics":["java","jhipster","jhipster-microservices","kubernetes","microservices","microservices-architecture","netflix-zuul","oauth2","reactive-microservices","spring-boot","spring-cloud","spring-cloud-config","spring-cloud-gateway"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oktadev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-05-17T01:19:39.000Z","updated_at":"2025-03-23T21:24:25.000Z","dependencies_parsed_at":"2023-01-17T19:00:44.452Z","dependency_job_id":null,"html_url":"https://github.com/oktadev/java-microservices-examples","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fjava-microservices-examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fjava-microservices-examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fjava-microservices-examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fjava-microservices-examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oktadev","download_url":"https://codeload.github.com/oktadev/java-microservices-examples/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247142074,"owners_count":20890653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jhipster","jhipster-microservices","kubernetes","microservices","microservices-architecture","netflix-zuul","oauth2","reactive-microservices","spring-boot","spring-cloud","spring-cloud-config","spring-cloud-gateway"],"created_at":"2024-11-14T17:17:48.871Z","updated_at":"2025-04-04T08:09:39.821Z","avatar_url":"https://github.com/oktadev.png","language":"Java","readme":"# Java Microservices with Spring Boot \u0026 Spring Cloud 🍃☁️\n \nThis repository contains examples of how to build a Java microservices architecture with Spring Boot, Spring Cloud, and Netflix Eureka.\n\nThis repository has five examples in it:\n\n1. A bare-bones microservices architecture with Spring Boot, Spring Cloud, Eureka Server, and Zuul. \n2. A microservices architecture that's generated with JHipster and configured centrally with Spring Cloud Config. \n3. A microservices architecture that uses Spring Cloud Gateway and Spring WebFlux to show reactive microservices.\n4. A JHipster-generated reactive microservices architecture with Spring Cloud Gateway and Spring WebFlux.\n5. A JHipster 7 + Kubernetes example that deploys to Google Cloud with sealed secrets. \n\nWe think you'll enjoy them all!\n\n1. See [Java Microservices with Spring Boot and Spring Cloud][blog-spring-boot-spring-cloud] for an overview of the first example.\n2. Read [Java Microservices with Spring Cloud Config and JHipster][blog-spring-cloud-config] to learn about microservices with JHipster.\n3. Refer to [Secure Reactive Microservices with Spring Cloud Gateway][blog-spring-cloud-gateway] to learn about Spring Cloud Gateway and reactive microservices.\n4. Refer to [Reactive Java Microservices with Spring Boot and JHipster][blog-reactive-jhipster] to see how JHipster makes reactive microservices a breeze.\n5. Peruse [Kubernetes to the Cloud with Spring Boot and JHipster][blog-k8s] to see how JHipster simplifies Kubernetes deployments.\n\n**Prerequisites:** [Java 11](https://sdkman.io/sdks#java) and an internet connection.\n\n* [Spring Boot + Spring Cloud Example](#spring-boot--spring-cloud-example)\n* [JHipster + Spring Cloud Config Example](#jhipster--spring-cloud-config-example)\n* [Spring Cloud Gateway Example](#spring-cloud-gateway-example)\n* [Reactive Microservices with JHipster Example](#reactive-microservices-with-jhipster-example)\n* [Kubernetes to the Cloud Example](#kubernetes--reactive-java-with-jhipster-example)\n* [Links](#links)\n* [Help](#help)\n* [License](#license)\n\n## Spring Boot + Spring Cloud Example\n\nTo install this example, run the following commands:\n\n```bash\ngit clone https://github.com/oktadev/java-microservices-examples.git\ncd java-microservices-examples/spring-boot+cloud\n```\n\nThe `api-gateway` and `car-service` projects are already pre-configured to be locked down with OAuth 2.0 and Okta. That means if you try to run them, you won't be able to login until you create an account, and an application in it.\n\n### Create a Web Application in Okta\n\nLog in to your Okta Developer account (or [sign up](https://developer.okta.com/signup/) if you don't have an account).\n\n1. From the **Applications** page, choose **Add Application**.\n2. On the Create New Application page, select **Web**.\n3. Give your app a memorable name, add `http://localhost:8080/login/oauth2/code/okta` as a Login redirect URI, select **Refresh Token** (in addition to **Authorization Code**), and click **Done**.\n\nCopy the issuer (found under **API** \u003e **Authorization Servers**), client ID, and client secret into the `application.properties` of the `api-gateway` and `car-service` projects.\n\n```properties\nokta.oauth2.issuer=https://{yourOktaDomain}/oauth2/default\nokta.oauth2.client-id=$clientId\nokta.oauth2.client-secret=$clientSecret\n```\n\nThen, run all the projects with `./mvnw` in separate terminal windows. You should be able to navigate to `http://localhost:8761` and see the apps have been registered with Eureka.\n\nThen, navigate to `http://localhost:8080/cool-cars` in your browser, log in with Okta, and see the resulting JSON.\n\n## JHipster + Spring Cloud Config Example\n\nTo install this example, run the following commands:\n\n```bash\ngit clone https://github.com/oktadev/java-microservices-examples.git\ncd java-microservices-examples/jhipster\n```\n\nCreate Docker containers for all gateway and microservice applications:\n\n```bash\nmvn -Pprod verify com.google.cloud.tools:jib-maven-plugin:dockerBuild\n```\n\n### Create a Web Application in Okta\n\nLog in to your Okta Developer account (or [sign up](https://developer.okta.com/signup/) if you don't have an account).\n\n1. From the **Applications** page, choose **Add Application**.\n2. On the Create New Application page, select **Web**.\n3. Give your app a memorable name, add `http://localhost:8080/login/oauth2/code/okta` as a Login redirect URI, select **Refresh Token** (in addition to **Authorization Code**), and click **Done**.\n4. To configure Logout to work in JHipster, **Edit** your app, add `http://localhost:8080` as a Logout redirect URI, then click **Save**.\n\nRather than modifying each of your apps for Okta, you can use Spring Cloud Config in JHipster Registry to do it. Open `docker-compose/central-server-config/application.yml` and add your Okta settings.\n\nThe client ID and secret are available on your app settings page. You can find the issuer under **API** \u003e **Authorization Servers**.\n\n```yaml\nspring:\n  security:\n    oauth2:\n      client:\n        provider:\n          oidc:\n            issuer-uri: https://{yourOktaDomain}/oauth2/default\n        registration:\n          oidc:\n            client-id: {yourClientId}\n            client-secret: {yourClientSecret}\n```\n\nThe registry, gateway, blog, and store applications are all configured to read this configuration on startup.\n\nStart all your containers from the `docker-compose` directory:\n\n```bash\ndocker-compose up -d\n```\n\nBefore you can log in to the registry, you'll need to add redirect URIs for JHipster Registry, ensure your user is in a `ROLE_ADMIN` group and that groups are included in the ID token.\n\nLog in to your Okta dashboard, edit your OIDC app, and add the following Login redirect URI:\n\n* `http://localhost:8761/login/oauth2/code/oidc`\n\nYou'll also need to add a Logout redirect URI:\n\n* `http://localhost:8761`\n\nThen, click **Save**.\n\n### Create Groups and Add Them as Claims to the ID Token\n\nJHipster is configured by default to work with two types of users: administrators and users. Keycloak is configured with users and groups automatically, but you need to do some one-time configuration for your Okta organization.\n\nCreate a `ROLE_ADMIN` group (**Users** \u003e **Groups** \u003e **Add Group**) and add your user to it. Navigate to **API** \u003e **Authorization Servers**, and click on the the `default` server. Click the **Claims** tab and **Add Claim**. Name it `groups`, and include it in the ID Token. Set the value type to `Groups` and set the filter to be a Regex of `.*`. Click **Create**.\n\nNow when you hit `http://localhost:8761` or `http://localhost:8080`, you should be able to log in with Okta!\n\n## Spring Cloud Gateway Example\n\nTo install this example, run the following commands:\n\n```bash\ngit clone https://github.com/oktadev/java-microservices-examples.git\ncd java-microservices-examples/spring-cloud-gateway\n```\n\nThe `api-gateway` and `car-service` projects are already pre-configured to be locked down with OAuth 2.0 and Okta. That means if you try to run them, you won't be able to login until you create an account, and an application in it.\n\nIf you already have an Okta account, see the **Create a Web Application in Okta** section below. Otherwise, we created a Maven plugin that configures a free Okta developer account + an OIDC app (in under a minute!).\n\nTo use it, run `./mvnw com.okta:okta-maven-plugin:setup` to create an account and configure the gateway to work with Okta.\n\nCopy the `okta.*` properties from the gateway's `src/main/resources/application.properties` to the same file in the `car-service` project.\n\nThen, run all the projects with `./mvnw` in separate terminal windows. You should be able to navigate to `http://localhost:8761` and see the apps have been registered with Eureka.\n\nThen, navigate to `http://localhost:8080/cars` in your browser, log in with Okta, and see the resulting JSON.\n\n### Create a Web Application in Okta\n\nLog in to your Okta Developer account (or [sign up](https://developer.okta.com/signup/) if you don't have an account).\n\n1. From the **Applications** page, choose **Add Application**.\n2. On the Create New Application page, select **Web**.\n3. Give your app a memorable name, add `http://localhost:8080/login/oauth2/code/okta` as a Login redirect URI and click **Done**.\n\nCopy the issuer (found under **API** \u003e **Authorization Servers**), client ID, and client secret into the `application.properties` of the `api-gateway` and `car-service` projects.\n\n```properties\nokta.oauth2.issuer=https://{yourOktaDomain}/oauth2/default\nokta.oauth2.client-id=$clientId\nokta.oauth2.client-secret=$clientSecret\n```\n\n## Reactive Microservices with JHipster Example\n\nTo install this example, run the following commands:\n\n```bash\ngit clone https://github.com/oktadev/java-microservices-examples.git\ncd java-microservices-examples/reactive-jhipster\n```\n\nThe JHipster Registry and Spring Cloud Config are pre-configured to use Okta. That means if you try to run them, you won't be able to login until you create an account, and an application in it.\n\nInstall the Okta CLI using the instructions on [cli.okta.com](https://cli.okta.com) and come back here when you're done. If you don't have an Okta developer account, run `okta register`.\n\n**NOTE**: You can also use your browser and Okta's developer console to register an app. See [JHipster's security documentation](https://www.jhipster.tech/security/#okta) for those instructions.\n\nFrom the gateway project's directory, run `okta apps create jhipster`. Accept the default redirect URIs.\n\nThis process does several things:\n\n1. Registers an OIDC app in Okta with JHipster's configured redirect URIs.\n2. Creates `ROLE_ADMIN` and `ROLE_USER` groups and adds your user to both.\n3. Creates a `groups` claim and adds it to ID tokens.\n4. Creates a `.okta.env` file with the values you'll need to talk to Okta.\n\nSpring Cloud Config allows you to distribute Spring's configuration between apps. Update `gateway/src/main/docker/central-server-config/localhost-config/application.yml` to use your Okta app settings. You can find the values for each property in the `.okta.env` file.\n\n```yaml\nspring:\n  security:\n    oauth2:\n      client:\n        provider:\n          oidc:\n            issuer-uri: https://\u003cyour-okta-domain\u003e/oauth2/default\n        registration:\n          oidc:\n            client-id: \u003cclient-id\u003e\n            client-secret: \u003cclient-secret\u003e\n```\n\nSave your changes. These values will be distributed to the JHipster Registry, gateway, blog, and store apps. Start all the services and apps using the following commands:\n\n```shell\ncd gateway\ndocker-compose -f src/main/docker/keycloak.yml up -d #jhkeycloakup\ndocker-compose -f src/main/docker/postgresql.yml up -d #jhpostgresqlup\ndocker-compose -f src/main/docker/jhipster-registery up -d #jhregistryup\n./gradlew\n```\n\nOpen a new terminal window, start the blog app's Neo4j database, and then the app itself.\n\n```shell\ncd ../blog\ndocker-compose -f src/main/docker/neo4j.yml up -d #jhneo4jup\n./gradlew\n```\n\nThen, open another terminal window, start the store app's MongoDB database, and the microservice.\n\n```shell\ncd ../store\ndocker-compose -f src/main/docker/mongodb.yml up -d #jhmongoup\n./gradlew\n```\n\nNow, open a new incognito browser window, go to `http://localhost:8080`, and sign in. Rejoice that using Okta for authentication works!\n\n**TIP**: You can also run everything using Docker Compose. See the [blog post](https://developer.okta.com/blog/2021/01/20/reactive-java-microservices#run-your-microservices-stack-with-docker-compose) for how to do that.\n\n## Kubernetes + Reactive Java with JHipster Example\n\nTo install this example, run the following commands:\n\n```bash\ngit clone https://github.com/oktadev/java-microservices-examples.git\ncd java-microservices-examples/jhipster-k8s/k8s\n```\n\nIf you don't have JHipster installed, install it.\n\n```shell\nnpm i -g generator-jhipster@7\n```\n\nRun JHipster's [Kubernetes sub-generator](https://www.jhipster.tech/kubernetes/).\n\n```shell\njhipster k8s\n```\n\nYou will be prompted with several questions. The answers will be pre-populated from choices I made when creating this app. Answer as follows, changing the Docker repository name to yours, or leaving it blank if you don't have one.\n\n- Type of application: **Microservice application**\n- Root directory: **../**\n- Which applications? `\u003cselect all\u003e`\n- Set up monitoring? **No**\n- Which applications with clustered databases? select **store**\n- Admin password for JHipster Registry: `\u003cgenerate one\u003e`\n- Kubernetes namespace: **demo**\n- Docker repository name: `\u003cyour docker hub username\u003e`\n- Command to push Docker image: `docker push`\n- Enable Istio? **No**\n- Kubernetes service type? **LoadBalancer**\n- Use dynamic storage provisioning? **Yes**\n- Use a specific storage class? `\u003cleave empty\u003e`\n\n### Install Minikube to Run Kubernetes Locally\n\nIf you have Docker installed, you can run Kubernetes locally with Minikube. Run `minikube start` to begin.\n\n```shell\nminikube --memory 8g --cpus 8 start\n```\n\nBuild Docker images for each app. In the {`gateway`, `blog`, `store` } directories, run the following Gradle command (where `\u003cimage-name\u003e` is `gateway`, `store`, or `blog`).\n\n```shell\n./gradlew bootJar -Pprod jib -Djib.to.image=\u003cdocker-repo-name\u003e/\u003cimage-name\u003e\n```\n\n\u003e You can also build your images locally and publish them to your Docker daemon. This is the default if you didn't specify a base Docker repository name.\n\u003e\n\u003e ```shell\n\u003e # this command exposes Docker images to minikube\n\u003e eval $(minikube docker-env)\n\u003e ./gradlew -Pprod bootJar jibDockerBuild\n\u003e ```\n\u003e\n\u003e Because this publishes your images locally to Docker, you'll need to make modifications to your Kubernetes deployment files to use `imagePullPolicy: IfNotPresent`.\n\u003e\n\u003e ```yaml\n\u003e - name: gateway-app\n\u003e   image: gateway\n\u003e   imagePullPolicy: IfNotPresent\n\u003e ```\n\u003e\n\u003e Make sure to add this `imagePullPolicy` to the following files:\n\u003e\n\u003e - `k8s/gateway-k8s/gateway-deployment.yml`\n\u003e - `k8s/blog-k8s/blog-deployment.yml`\n\u003e - `k8s/store-k8s/store-deployment.yml`\n\n### Register an OIDC App for Auth\n\nInstall the Okta CLI using the instructions on [cli.okta.com](https://cli.okta.com) and come back here when you're done. If you don't have an Okta developer account, run `okta register`.\n\n**NOTE**: You can also use your browser and Okta's developer console to register an app. See [JHipster's security documentation](https://www.jhipster.tech/security/#okta) for those instructions.\n\nFrom the gateway project's directory, run `okta apps create jhipster`. Accept the default redirect URIs.\n\nThis process does several things:\n\n1. Registers an OIDC app in Okta with JHipster's configured redirect URIs.\n2. Creates `ROLE_ADMIN` and `ROLE_USER` groups and adds your user to both.\n3. Creates a `groups` claim and adds it to ID tokens.\n4. Creates a `.okta.env` file with the values you'll need to talk to Okta.\n\nUpdate `k8s/registry-k8s/application-configmap.yml` to contain your OIDC settings from the `.okta.env` file the Okta CLI just created. The Spring Cloud Config server reads from this file and shares the values with the gateway and microservices.\n\n```yaml\ndata:\n  application.yml: |-\n    ...\n    spring:\n      security:\n        oauth2:\n          client:\n            provider:\n              oidc:\n                issuer-uri: https://\u003cyour-okta-domain\u003e/oauth2/default\n            registration:\n              oidc:\n                client-id: \u003cclient-id\u003e\n                client-secret: \u003cclient-secret\u003e\n```\n\nTo configure the JHipster Registry to use OIDC for authentication, modify `k8s/registry-k8s/jhipster-registry.yml` to enable the `oauth2` profile.\n\n```yaml\n- name: SPRING_PROFILES_ACTIVE\n  value: prod,k8s,oauth2\n```\n\nThen, in the `k8s` directory, start your engines!\n\n```shell\n./kubectl-apply.sh -f\n```\n\nYou can see if everything starts up using the following command.\n\n```shell\nkubectl get pods -n default\n```\n\nYou can use the name of a pod with `kubectl logs` to tail its logs.\n\n```shell\nkubectl logs \u003cpod-name\u003e --tail=-1 -n default\n```\n\nYou can use port-forwarding to see the JHipster Registry.\n\n```shell\nkubectl port-forward svc/jhipster-registry -n default 8761\n```\n\nOpen a browser and navigate to `http://localhost:8761`. You'll need to sign in with your Okta credentials.\n\nOnce all is green, use port-forwarding to see the gateway app.\n\n```shell\nkubectl port-forward svc/gateway -n default 8080\n```\n\nThen, go to `http://localhost:8080`, and you should be able to add blogs, posts, tags, and products.\n\nPlease read the [Kubernetes to the Cloud with Spring Boot and JHipster][blog-k8s] for more information.\n\n## Links\n\nThese examples use the following open source libraries:\n\n* [Okta Spring Boot Starter](https://github.com/okta/okta-spring-boot) \n* [Spring Boot](https://spring.io/projects/spring-boot)\n* [Spring Cloud](https://spring.io/projects/spring-cloud)\n* [Spring Cloud Gateway](https://spring.io/projects/spring-cloud-gateway)\n* [Spring Security](https://spring.io/projects/spring-security)\n* [JHipster](https://www.jhipster.tech)\n* [OpenJDK](https://openjdk.java.net/)\n* [K9s](https://k9scli.io/)\n\n## Help\n\nPlease post any questions as comments on the example's blog post, or on the [Okta Developer Forums](https://devforum.okta.com/).\n\n## License\n\nApache 2.0, see [LICENSE](LICENSE).\n\n[blog-spring-boot-spring-cloud]: https://developer.okta.com/blog/2019/05/22/java-microservices-spring-boot-spring-cloud\n[blog-spring-cloud-config]: https://developer.okta.com/blog/2019/05/23/java-microservices-spring-cloud-config\n[blog-spring-cloud-gateway]: https://developer.okta.com/blog/2019/08/28/reactive-microservices-spring-cloud-gateway\n[blog-reactive-jhipster]: https://developer.okta.com/blog/2021/01/20/reactive-java-microservices\n[blog-k8s]: https://developer.okta.com/blog/2021/06/01/kubernetes-spring-boot-jhipster\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foktadev%2Fjava-microservices-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foktadev%2Fjava-microservices-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foktadev%2Fjava-microservices-examples/lists"}