SpringOne has smaller conferences at various cities around the U.S. called Tours, and this is a very afforadble option for getting training without taking time and money to travel to a single conference location. Below are the notes that I took from each session.

Day 1

Better Software is Better than Worse Software - Nate Schutta

Overview of Pivotal and why it is value added over open source install
Talked about provisioning environments quickly and deploying small increments often

Drinking from the Stream - Mark Heckler

Messaging Platforms
Spring Cloud Stream - Opinionated abstraction
On top of Kafka, RabbitMQ (?)
Has

  1. Source (generator)
  2. Processor
  3. Sink

Spring Initializer: start.spring.io
Mentioned “Lombok”
Live coded the source, processor and sink in RabbitMQ, then switched to Kafka

Reactive Testing - Mario Gray

CDC’s - Consumer Driven Contracts
Spring Cloud Contract Verifier
Uses WireMock
How to test reactive stream processes

Spring Security 5.1 by Example - Josh Cummings

Jzheaux/spring-security51-reactive-by-example
Started with SecureMail, an intentionally insecure app
Added spring-boot-start-security dependency in mvn
Redirects to login when not authenticated, adds secure headers, among other things
@ControllerAdvice - a hook to get the current user
OAuth
Add spring-boot-starter-oauth2-client dependency
Add auth server, client Id and client secret
Resource server end used spring-boot-starter-resource-server
Need ReactiveClientRegistrationRepository and ServerOAuth2AuthorizationClientRepository
ServerOAuth2AuthorizedClientExchangeFilterFunction
Asking for user gives you your user rather than the Spring Principal that was used for authentication
It provides authentication. Authorization is custom enough that you need to provide that piece yourself
@AuthenticationPrincipal(expression=“claims[user id]”) currentUser <= can turn this into a meta-annotation
@EnableReactiveMethodSecurity
@PostAuthorize to make sure user is not accessing data from another user

Performance discussion

Spring boot devtools - watches for changed code and restarts the server - fast restart since JVM and classes as still loaded
You can get a spring boot app to run in 250MB if you adjust some other memory settings, but there is a trade-off for that. You lose some features.
Spring Boot looks at your class path to see what you might be using. Newer version will not bring in multiple conflicting options. May still be loading things you are not using. Spring-Fu project can help (uses DSL to choose what you want)
Spring component index jar file (indexes at compile time so no runtime scanning needed) free, but not much impact unless the project is huge Tool: async profiler (use as a java command line argument)

Security

Fuse has scanning of logs and ports and will shut down misconfigurations within minutes
Security team: If you open the packet (Corp man-in-the-middle) then you are susceptible to all the HIPAA regulations

SpringOne Tour

Day 2

The Reactive Revolution - Josh Long

Reactive Spring handles requests in a non-blocking way so you can handle more requests per second on the same hardware

Welcome to the Reactive Revolution:RSocket and Spring Cloud Gateway - Spencer Gibb

RSocket - new protocol to support Reactive programming

  • persistent
  • bi-directional
  • binary
  • message-based
  • multiplexed

Types of interaction models:

  • Request-response
  • Fire-and-forget
  • Request-stream
  • Request-channel

Once the connection is created, the disinction between client and server is lost

This is still in the very early days, but it has potential to be a very efficient protocol with simple discovery.
Plan to use implementation of SWIM
Targeted for late Summer 2019

Four Key Performance Indicators for Every Java App - Jon Schneider

Micrometer - Instrumentation facade

Need:

  • spring-boot-starter-actuator
  • micrometer-registry-prometheus

L-USE

  1. Latency
    Alert to maximum
    Tune to 99%
  2. Utilization process.cpu.usage < 80%
  3. Saturation jvm.gc.memory.promoted / jvm.gc.memory.allocated < 30% Increasing heap allows more junk to accumulate and garbage collection to take longer
  4. Errors http.server.requests{outcome != ‘SUCCESS’} / http.server.requests < ERROR BUDGET

How Fast is Spring? - Dave Syer

How much work is Spring doing compared to other code?

Reducing heap size dramatically increases startup time at a certain threshhold (~20MB)
JIT reserves a large amount of memory - can possibly be reduced safely, depending on the application

Tools for measurement

  • Benchmarks: JMH
  • JUnit and JMH: microbenchmark-runner
  • Profiling: async profiler
  • GC Pressure: JMC a.k.a. Flight Controller
  • Quick metrics for any Spring Boot jar: Benchmark Launcher from dsyer/spring-boot-startup
  • Classpath manipulation: Thin Launcher
  • Profiling with AspectJ

Comparision of various classpath and packaging choices

Switched to newer Spring version
Removed (to illustrate startup time difference)

  • hibernate-validator
  • spring-boot-starter-actuator
  • spring-boot-starter-json
  • spring-boot-starter-logging JVM settings

Speeding things up

  • Exclude from classpath if you don’t need it
  • Use spring-context-indexer
  • Don’t use actuators if you can afford not to
  • User Spring 2.1 (or 2.2) and Spring 5.1
  • Use explicit spring.config.location
  • Switch off jmx
  • Use lazy beans
    @EnableJpaRepositories(bootstrapMode=BootstrapMode.LAZY) spring.data.jpa.repositories.bootstrap-mode=lazy
  • Unpack jars rather than using a fat jar
  • THESE ARE BIG: Run the JVM -noverify. Also consider -XX:TieredStopAtLevel=1
    No need to verify - it will just crash, which it would do anyway
  • Import autoconfugurations individually
  • Use functional bean definition
  • Build a native image
  • Spring-fu

Little difference between Tomcat, Jetty and Undertow
Number of classes directly affects startup time

JVM Tweaks

  • Open J9: CDS -Xquickstart -Xshareclasses -Xscmx128m
  • Java 10/11: CDS, AOT - Ahead Of Time compilation (GraalVM)
  • Explicit classpath

Use manual configuration (see his blog post)

The future

Thinking Architecturally - Nate Schutta

Talked about adopting new technologies, when it makes sense and when it doesn’t
Rebuilding your entire production infrastructure regularly (hourly?) is a good way to mitigate against hacking

Your Attention, Please: Better Observability for Distributed Systems - John Feminella

John gave many examples illustrating the limits of visual perception. My favorite was this one where we are not able to see all 12 dots at once due to the low contrast.

How many dots

Another good one was these series of graphs that all have the same 5 statistical values.

Identical statistical values

The thrust of the talk was to only send alerts on the metrics that require attention, not just because the values are higher than normal.

  • Favor metrics that tell a story
  • Attention is the scarcest resource
  • Always more that could be measured, but not enough attention

Living on the Edge With Spring Cloud Gateway - Cora Iberkleid

Had to leave before this talk

Vendors

Fuse
Perficient
Dynatrace - APM, added AI and self-healing
Solstice - Designers, Product Managers, Engineers
Nexmo - Communications service

Training

I learned from Matt Helmers about some in-depth training called Pivotal PAL

  • Takes place in Boulder, CO
  • 3 weeks in depth, hands-on training