This report will demonstrate how Spring Security can effectively prevent common security risks in web applications such as authentication-based attacks, authorization errors, CORS attacks, and DDoS. Furthermore, I will provide a detailed explanation of how Azure services can be utilized to deploy and orchestrate the web application.
An actual version of frontend build deployed to Vercel and backend deployed to Azure Kubernetes Service:
After signing in the server fetches your mail, image, and name of your Google and GitHub account then shows to /profile:
- Back-end: Spring (Boot, Data, Security), JPA / Hibernate, PostgreSQL, Bucket4J
- Front-end: React.js
- Security: Oauth2, Rate Limiting
- Azure: AKS, ACR, AML, Azure Monitor, Application Insights, Grafana, Prometheus
- Deploy: Vercel, AKS
- DNS: dnsexit
- Regular Username/Password authentication.
- Sign in using either your Google or GitHub account.
- Monitoring and tracking APIs
- Implement rate limiting for APIs
IP Address-based rate limiting on rest APIs by using Token Bucket Algorithm:
Rate limiting typically involves tracking the IP addresses where requests originate and identifying the time lapsed between requests. IP addresses are the application's main way to identify who has made each request. When the request quota is consumed, it will throw an error with 429 code which is Too many requests.
The token bucket algorithm enables a network to allow or deny requests based on current traffic. Each bucket holds a certain number of tokens that represent network requests (e.g., attempting to log into an account or sending a message). Whenever a user sends a request, another token gets added to the bucket.
Test rate limit:
Using Postman to spam requests to the server:
When the request quota is consumed, it will throw an error with 429 code which is Too many requests.
- Write the Dockerfile:
FROM maven:3.8.5-openjdk-17 AS build
COPY . .
RUN mvn clean package -Pprod -DskipTests
FROM openjdk:17.0.1-jdk-slim
EXPOSE 8080
COPY applicationinsights-agent-3.4.19.jar /
COPY applicationinsights.json /
COPY --from=build /target/spring-social-0.0.1-SNAPSHOT.jar spring-social.jar
ENTRYPOINT ["java", "-javaagent:/applicationinsights-agent-3.4.19.jar","-jar","spring-social.jar"]- Push the image of the Web application on Azure Container Registry
docker build -t spring-social .
az acr login --name springimage
docker tag spring-social:latest springimage.azurecr.io/spring-social:latest
docker push springimage.azurecr.io/spring-project:latest
- Expose the image as the service type load balancer in Azure Kubernetes:
kubectl apply -f docker-k8s.yaml
kubectl get deployment
kubectl expose deployment docker-k8s-demo-deployment --port=80 --protocol=TCP --target-port=8080 --type=LoadBalancer
-
After exposing we have the public IP: 20.44.199.131. Point the free domain from dnsexit.com to that public IP:
-
Create the SSL certificates (ZeroSSL) for that domain:
-
Then we can use that domain instead of using public IP:
-
CPU:
-
Memory:
-
Network:
-
Storage:
-
Containers:
-
Set an alert and issue a warning if the RAM usage of the cluster exceeds 50%:
-
Based on the Alert we can scale up or scale down the Virtual Machine to save money:
-
On the map of our application, you can see the request being made to the cloud database node:
-
Trigger the email of users when they log in or signup:
-
Retrieve the data monitor from Application Insights and export it as a CSV file to use as the dataset in Azure Machine Learning:
-
Using Jupyter Notebook connect to workspace has the dataset:
-
Read the dataset using pandas:
-
Draw graph:
- Calculate Mean Squared Error and Coefficients of the model:
