The Atbash runtime version 0.4 continues on exploring the Jakarta EE Core profile. With the release of version 0.3, the product provided the specifications of the Core profile in a modular runtime. This modularity is improved in this version and besides the specifications of the Core profile, there is now support for security, through the MicroProfile JWT Auth specifications, and data by integrating the MicroStream data solution.
The runtime is still starting very fast and can be used on JDK 11, JDK 17, JKD 18, and JDK 19 ea.
Security support
As mentioned in an earlier post the MicroProfile JWT Auth specification, is a good candidate to secure the REST endpoints that hold a central position in the Core Profile.
Since the time that the blog about the security in the Core profile was written, many additions were added to the underlying library that provides the JWT support in the Runtime. The library is updated to include many smaller improvements but also the check that a JWT token with an unencoded body should not be accepted.
Although specified in the JWT Specification, this is not included in the MicroProfile version.
Data Solution
The Core profile does not include any specification around data. The JDBC specification is part of the JVM itself. So that could be used, but over the years, many other solutions were presented to reduce the code overhead. The JPA specification is very broadly used in the Java enterprise world. But also many no-SQL solutions are popular and also a specification is in progress.
But for Atbash Runtime the MicroStream solution is included. It provides you with an ultra-fast data solution where data is stored as Java objects within the heap and binary stored in external storage so that data survive a process restart.
The integration is in an experimental phase and will be improved in the following versions, including some concepts that can be found in the integrations provided by MicroStream itself.
Activate modules
The two additional modules, the security and data one, are not active by default. When you download the Zip file of the runtime, see the download section, the modules are included but not active.
There are two options to
-m microstream
-p full
BOM and API artifacts
When you create an application, as a developer you need a dependency that brings in all the classes and interfaces that are part of the API of the specifications. Since this version 0.4, several artefacts are available to bring in just those specifications that you want to use in your applications.
You can add the following entry in the maven project file
<dependency> <groupId>be.atbash.runtime.api</groupId> <artifactId>core-api</artifactId> <version>0.4</version> <scope>provided</scope> </dependency>
And have the classes related to Servlet, CDI, JAX-RS, JSON-P, JSON-B, and MicroProfile config available in your project. Just as with the Jakarta dependencies, the scope should be specified as provided as the Atbash runtime has already these classes available.
Another dependency is the full-api
that provides the specifications that are included in the core-api
, also the specification of MicroProfile JWT Authentication and classes of MicroStream are available.
To accommodate the creation of a customised runtime, see next section, a BOM artifact is available. This allows you to individually add the dependencies you need.
Add the BOM artifact to the dependencyManagement section and select the dependencies that you need for your application.
<dependencyManagement> <dependency> <groupId>be.atbash.runtime.api</groupId> <artifactId>bom</artifactId> <version>${atbash.runtime.version}</version> <scope>import</scope> <type>pom</type> </dependency> </dependencyManagement> <dependencies> <dependency> <groupId>jakarta.ws.rs</groupId> <artifactId>jakarta.ws.rs-api</artifactId> <scope>provided</scope> </dependency> </dependencies>
Custom Packager
As mentioned, the default download of Atbash Runtime contains all modules but only those modules of the Core profile are active by default. With the Custom packager, you can create a version of the runtime with only those modules that you need. It allows you also to create a version where some additional modules like the Security or MicroStream module are active by default. Although with a simple script that sets some command line parameters, is also doing exactly the same.
The Packager is not made available for download in a binary form but you can easily build it from code. Check out the code from Github, and launch a mvn package
using JDK 11. Within the packager directory, you will find some more information on using the packager at this page.
Download
You can download the abash Runtime version 0.4 zip from this URL: https://bit.ly/3QhTbqP. After that, you can unzip it and execute the JAR file in the top-level directory.
As of this release, you can also verify the download to make sure it is unaltered and identical to the version that I have built. This is the procedure to verify the signature.
- Download the public from this link https://drive.google.com/file/d/1tqSb4tfsybNxw7VU807iTm4kDoOz04NN/view?usp=sharing resulting in a file called atbash-runtime-signature.pem
- Download the signature for the zip file from https://drive.google.com/file/d/1qkzAJa1fViLvAp0e6kzBeAjxywxbq9z-/view?usp=sharing resulting in a file atbash-runtime-0.4.zip.sig
- Verify the signature with the following OpenSSL command
openssl dgst -sha256 -verify atbash-runtime-signature.pem -signature atbash-runtime-0.4.zip.sig atbash-runtime-0.4.zip
The future
The main work will be targeted at a real Jakarta EE 10 Core Profile product based on Jetty 12. Additional features around the observability of the runtime will also be added on top of this 0.4 version.
Enjoy.