Skip to content

Latest commit

 

History

History
484 lines (351 loc) · 12.3 KB

demo.adoc

File metadata and controls

484 lines (351 loc) · 12.3 KB

Native Java REST API Demo Steps

These instructions show how to create native images with Micronaut, Quarkus, Spring Boot, and Helidon. You’ll learn how to run a secure, OAuth 2.0-protected, Java REST API that allows JWT authentication.

Prerequisites:

Tip
The brackets at the end of some steps indicate the IntelliJ Live Templates to use. You can find the template definitions at mraible/idea-live-templates.

Install a JDK with GraalVM

Use SDKMAN to install Java 21 with GraalVM

sdk install java 21.0.2-graalce

Generate an OAuth 2.0 Access Token

  1. Install the Auth0 CLI and run auth0 login to connect it to your account.

  2. Create an access token using Auth0’s CLI:

    auth0 test token -a https://<your-auth0-domain>/api/v2/ -s openid
  3. Set the access token as a TOKEN environment variable in a terminal window.

    TOKEN=eyJraWQiOiJYa2pXdjMzTDRBYU1ZSzNGM...

Make a Java REST API with Micronaut

  1. Use SDKMAN to install Micronaut’s CLI and create an app:

    sdk install micronaut
    mn create-app com.example.rest.app -f security-jwt -f micronaut-aot
    mv app micronaut
  2. Create controller/HelloController.java: [mn-hello]

    package com.example.rest.controller;
    
    import io.micronaut.http.MediaType;
    import io.micronaut.http.annotation.Controller;
    import io.micronaut.http.annotation.Get;
    import io.micronaut.http.annotation.Produces;
    import io.micronaut.security.annotation.Secured;
    import io.micronaut.security.rules.SecurityRule;
    
    import java.security.Principal;
    
    @Controller("/hello")
    public class HelloController {
    
        @Get
        @Secured(SecurityRule.IS_AUTHENTICATED)
        @Produces(MediaType.TEXT_PLAIN)
        public String hello(Principal principal) {
            return "Hello, " + principal.getName() + "!";
        }
    
    }
  3. Enable and configure JWT security in src/main/resources/application.properties: [mn-security-config]

    micronaut.security.token.jwt.signatures.jwks.okta.url=https://<your-auth0-domain>/.well-known/jwks.json

Run and Test Your Micronaut API with HTTPie

  1. Start your app:

    ./gradlew run
  2. Use HTTPie to pass the JWT in as a bearer token in the Authorization header:

    http :8080/hello Authorization:"Bearer $TOKEN"

    You should get a 200 response with your user id in it.

Build a Native Micronaut App

  1. Compile your Micronaut app into a native binary:

    ./gradlew nativeCompile
  2. Start your Micronaut app:

    ./build/native/nativeCompile/app
  3. Test it with HTTPie and an access token. You may have to generate a new JWT if yours has expired.

    http :8080/hello Authorization:"Bearer $TOKEN"

Create a Java REST API with Quarkus

  1. Use SDKMAN to install the Quarkus CLI and create a new app with JWT support:

    sdk install quarkus
    quarkus create app com.example.rest:quarkus \
      --extension="smallrye-jwt,rest" \
      --gradle
  2. Rename HelloResource.java to HelloResource.java and add user information to the hello() method: [qk-hello]

    package com.example.rest;
    
    import io.quarkus.security.Authenticated;
    
    import jakarta.ws.rs.GET;
    import jakarta.ws.rs.Path;
    import jakarta.ws.rs.Produces;
    import jakarta.ws.rs.core.Context;
    import jakarta.ws.rs.core.MediaType;
    import jakarta.ws.rs.core.SecurityContext;
    import java.security.Principal;
    
    @Path("/hello")
    public class HelloResource {
    
        @GET
        @Authenticated
        @Produces(MediaType.TEXT_PLAIN)
        public String hello(@Context SecurityContext context) {
            Principal userPrincipal = context.getUserPrincipal();
            return "Hello, " + userPrincipal.getName() + "!";
        }
    }
  3. Add your Auth0 endpoints to src/main/resources/application.properties: [qk-properties]

    mp.jwt.verify.issuer=https://<your-auth0-domain>/
    mp.jwt.verify.publickey.location=${mp.jwt.verify.issuer}.well-known/jwks.json
  4. Rename GreetingResourceTest to HelloResourceTest and modify it to expect a 401 instead of a 200:

    package com.example.rest;
    
    import io.quarkus.test.junit.QuarkusTest;
    import org.junit.jupiter.api.Test;
    
    import static io.restassured.RestAssured.given;
    
    @QuarkusTest
    public class HelloResourceTest {
    
        @Test
        public void testHelloEndpoint() {
            given()
                .when().get("/hello")
                .then()
                .statusCode(401);
        }
    
    }

Run and Test Your Quarkus API with HTTPie

  1. Run your Quarkus app:

    quarkus dev # or use Gradle: ./gradlew --console=plain quarkusDev
  2. Test it from another terminal:

    http :8080/hello
  3. Test with access token:

    http :8080/hello Authorization:"Bearer $TOKEN"

Build a Native Quarkus App

  1. Compile your Quarkus app into a native binary:

    quarkus build --native # Gradle: ./gradlew build -Dquarkus.package.type=native
  2. Start your Quarkus app:

    ./build/quarkus-1.0.0-SNAPSHOT-runner
  3. Test it with HTTPie and an access token:

    http :8080/hello Authorization:"Bearer $TOKEN"

Start a Java REST API with Spring Boot

  1. Use SDKMAN to install the Spring Boot CLI. Then, create a Spring Boot app with OAuth 2.0 support:

    sdk install springboot
    spring init -d=web,oauth2-resource-server,native \
      --group-id=com.example.rest --package-name=com.example.rest spring-boot
  2. Add a HelloController class that returns the user’s information: [sb-hello]

    package com.example.rest.controller;
    
    import org.springframework.web.bind.annotation.GetMapping;
    import org.springframework.web.bind.annotation.RestController;
    
    import java.security.Principal;
    
    @RestController
    public class HelloController {
    
        @GetMapping("/hello")
        public String hello(Principal principal) {
            return "Hello, " + principal.getName() + "!";
        }
    
    }
  3. Configure the app to be an OAuth 2.0 resource server by adding the issuer to application.properties.

    spring.security.oauth2.resourceserver.jwt.issuer-uri=https://<your-auth0-domain>/

Run and Test Your Spring Boot API with HTTPie

  1. Start your app from your IDE or using a terminal:

    ./gradlew bootRun
  2. Test your API with an access token.

    http :8080/hello Authorization:"Bearer $TOKEN"

Build a Native Spring Boot App

  1. Compile your Spring Boot app into a native executable:

    ./gradlew nativeCompile
    Tip
    To build a native app and a Docker container, use the Spring Boot Gradle plugin and ./gradlew bootBuildImage.
  2. Start your Spring Boot app:

    ./build/native/nativeCompile/spring-boot
  3. Test your API with an access token.

    http :8080/hello Authorization:"Bearer $TOKEN"

Build a Java REST API with Helidon

  1. Use SDKMAN to install the Helidon CLI. Then, create a Helidon app:

    sdk install helidon
    helidon init --flavor MP --groupid com.example.rest \
      --artifactid helidon --package com.example.rest --batch
    Tip
    See Migrating a Helidon SE application to Gradle for Gradle support.
  2. Delete the default Java classes created by the Helidon CLI:

    • On Windows: del /s *.java

    • On Mac/Linux: find . -name '*.java' -delete

  3. Add MicroProfile JWT support in pom.xml:

    <dependency>
        <groupId>io.helidon.microprofile.jwt</groupId>
        <artifactId>helidon-microprofile-jwt-auth</artifactId>
    </dependency>
  4. Add a HelloResource class that returns the user’s information: [h-hello]

    package com.example.rest.controller;
    
    import io.helidon.security.Principal;
    import io.helidon.security.annotations.Authenticated;
    
    import jakarta.ws.rs.GET;
    import jakarta.ws.rs.Path;
    import jakarta.ws.rs.core.Context;
    
    @Path("/hello")
    public class HelloResource {
    
        @Authenticated
        @GET
        public String hello(@Context SecurityContext context) {
            return "Hello, " + context.userName() + "!";
        }
    }
  5. Add a HelloApplication class in src/main/java/com/example/rest to register your resource and configure JWT authentication: [h-app]

    package com.example.rest;
    
    import com.example.rest.controller.HelloResource;
    import org.eclipse.microprofile.auth.LoginConfig;
    
    import jakarta.enterprise.context.ApplicationScoped;
    import jakarta.ws.rs.core.Application;
    import java.util.Set;
    
    @LoginConfig(authMethod = "MP-JWT")
    @ApplicationScoped
    public class HelloApplication extends Application {
    
        @Override
        public Set<Class<?>> getClasses() {
            return Set.of(HelloResource.class);
        }
    }
  6. Add your Auth0 endpoints to src/main/resources/META-INF/microprofile-config.properties.

    mp.jwt.verify.issuer=https://<your-auth0-domain>/
    mp.jwt.verify.publickey.location=${mp.jwt.verify.issuer}.well-known/jwks.json

Run and Test Your Helidon REST API with HTTPie

  1. Start your app from your IDE or using a terminal:

    helidon dev
  2. Test your API with an access token.

    http :8080/hello Authorization:"Bearer $TOKEN"

Build a native Helidon app with GraalVM

  1. Compile your Helidon app into a native executable using the native-image profile:

    mvn package -Pnative-image
  2. Start your Helidon app:

    ./target/helidon
  3. Test your API with an access token.

    http :8080/hello Authorization:"Bearer $TOKEN"

Startup Time Comparison

  1. Run each image three times before recording the numbers, then each command five times.

    Tip
    Use the start.sh script to get the real time, not what each framework prints to the console.
  2. Write each time down, add them up, and divide by five for the average. For example:

    Micronaut: (27 + 26 + 26 + 26 + 25) / 5 = 26
    Quarkus: (17 + 17 + 16 + 17 + 17) / 5 = 16.8
    Spring Boot: (38 + 37 + 37 + 36 + 36) / 5 = 36.8
    Helidon: (29 + 31 + 31 + 30 + 31) / 5 = 30.4

    Printed duration:

    Micronaut: (9 + 8 + 8 + 8 + 8) / 5 = 8.2
    Quarkus: (9 + 9 + 9 + 9 + 9) / 5 = 9
    Spring Boot: (27 + 26 + 25 + 25 + 25) / 5 = 25.6
    Helidon: (24 + 23 + 23 + 23 + 23) / 5 = 23.2
Table 1. Native Java startup times in milliseconds
Framework Command executed Milliseconds to start

Micronaut

./micronaut/build/native/nativeCompile/app

26

Quarkus

./quarkus/build/quarkus-1.0.0-SNAPSHOT-runner

16.8

Spring Boot

./spring-boot/build/native/nativeCompile/spring-boot

36.8

Helidon

./helidon/target/helidon

30.4

Note
These numbers are from an Apple M3 Max with 64 GB RAM.

Memory Usage Comparison

Test the memory usage in MB of each app using the command below. Make sure to send an HTTP request to each one before measuring.

ps -o pid,rss,command | grep --color <executable> | awk '{$2=int($2/1024)"M";}{ print;}'

Substitute <executable> as follows:

Table 2. Native Java memory used in megabytes
Framework Executable MB after startup MB after 1 request MB after 10K requests

Micronaut

app

53

63

105

Quarkus

quarkus

37

48

71

Spring Boot

spring-boot

77

87

109

Helidon

helidon

82

92

69

./build.sh
./start.sh micronaut|quarkus|spring-boot|helidon
./memory.sh $TOKEN micronaut|quarkus|spring-boot|helidon
./start-docker.sh mraible/<framework>

What about Virtual Threads?

Micronaut and Helidon support virtual threads by default.

Quarkus requires you add a @RunOnVirtualThread annotation.

import io.quarkus.security.Authenticated;

+import io.smallrye.common.annotation.RunOnVirtualThread;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
@@ -18,6 +19,7 @@ public class HelloResource {

     @Path("/")
     @Authenticated
     @Produces(MediaType.TEXT_PLAIN)
+    @RunOnVirtualThread
     public String hello(@Context SecurityContext context) {
         Principal userPrincipal = context.getUserPrincipal();
         return "Hello, " + userPrincipal.getName() + "!";

Spring Boot requires a spring.threads.virtual.enabled=true property.

spring.security.oauth2.resourceserver.jwt.issuer-uri=https://mraible.us.auth0.com/
+spring.threads.virtual.enabled=true