Question posted in 
We have 13 years old monolithic java application using
- Struts 2 for handling UI calls
- JDBC/Spring JDBC Template for db calls
- Spring DI
- Tiles/JSP/Jquery for UI
Two deployables are created out of this single source code.
- WAR for online application
- JAR for running back-end jobs
The current UI is pretty old. Our goal is to redesign the application using microservices. We have identified modules which can run as separate microservice.
We have following questions in our mind
- Which UI framework should we go for (Angular/React or a home grown one). Angular seems to be very slow and we need better performance as far as page loading is concerned.
- Should UI/Javascript make call to backend web services directly or should there be a spring controller proxy in deployed WAR which kind of forwards UI calls to APIs. This will also help if a single UI calls requires getting/updating data from different microservice.
- How should we cover microservice security aspect
- Which load balancer should we go for if we want to have multiple instance of same microservice.
- Since its a banking application, our organization does not allow using Elastic Search/Lucene for searching. So need suggestion for reporting using Oracle alone.
- How should we run backend jobs?
- There will also be a main payment microservice which will create payments. Since payments volume is huge hence it will require multiple instances. How will we manage user logged-in session. Should we go for in-memory distributed session store (may be memcache)
2
Answers
As you have mentioned it’s a banking site so security will be first priory. Here I have few suggestions for FE and BE.
FE : You better go with
preactjsit’s a react like library but much lighter and fast as compare to react. For ui you can go withstyled componentsinstead of using some heavy third party lib. This will also enhance performance and obviously CDNs for images and big files.BE : As per your need you better go with hybrid solution
nodecould be a good option.e.g. for sessions.Setup an auth server and get you services validate user from there and it will be used in future for any kinda service .e.g. you will expose some kinda client API’s.
User case for Auth : you can use redis for session info get user validated from auth server and add info to redis later check if user is logged in from redis this will reduce load from auth server. (I have used same strategy for a crypto exchange and went pretty well)
Load balancer : Don’t have good familiarity with java but for node JS
PM2will do that for you not a big deal just one command and it will start multiple instances and will balance on it’s own.In case you have enormous traffic then you better go with some messaging service like
rabbitmqthis will reduce cost of servers by preventing you from scaling your servers.BE Jobs : I have done that with
nodefor extensive tasks and went quite well there you can use forking or spanning this will start a new instance for particular job and will be killed after completing it and you can easily generate logs along with that.For further clarification I’m here 🙂
This is a very broad question. You need to get a consultant architect to understand your application in depth, because it is unlikely you will get meaningful in-depth answers here.
However as a rough guideline here are some brief answers:
That depends on what the application actually needs to do. Angular is one of the leading frameworks, and is usually not slow at all. You might be doing something wrong (are you doing too many granular calls? is your backend slow?). React is also a strong contender, but seems to be losing popularity, although that is just a subjective opinion and could be wrong. Angular is a more feature complete framework, while React is more of a combination of tools. You would be just crazy if you think you can do a home grown one and bring it to the same maturity of these ready made tools.
A lot of larger microservice architectures often involve an API gateway. Then again it depends on your use case. You might also have an issue with CORS, so centralising calls through a proxy / API gateway, even if it is a simple reverse proxy (you don’t need to develop it) might be a good idea.
Again no idea what your setup looks like. JWT is a common approach. I presume the authentication process itself uses some centralised LDAP / Exchange or similar process. Once you authenticate you can sign a token which you give to the client, which is then passed to the respective micro services in the HTTP authorization headers.
Depends on what you want. Are you deploying on a cloud based solution like AWS (in which case load balancing is provided by the infrastructure)? Are you going to deploy on a Kubernetes setup where load balancing and scaling is handled as part of its deployment fabric? Do you want client-side load balancing (comes part of Spring Cloud)?
Without knowledge of how the data on Oracle looks like and what the reporting requirements are, all solutions are possible.
Depends on the infrastructure you choose. Everything is possible, from simple cron jobs, to cloud scheduling services, or integrated Java scheduling mechanisms like Quartz.
Not really. It will defeat the whole purpose of microservices. JWT tokens will be managed by the client’s browser and expire automatically. You don’t need to manage user logged-in session in such architectures.