SlideShare a Scribd company logo

Kotlin server side frameworks

Ken Yee
Ken Yee

Short presentation given at a local Kotlin meetup on what to look for in a server framework and pros/cons of Kotlin server frameworks that are available

1 of 32
Download to read offline
Komparing Kotlin Server Frameworks Ken Yee (Android and occasional backend dev)
Agenda - What is a backend? - What to look for in a server framework? - What frameworks are available? - Pros/Cons of each framework
What is a Backend? REST API Web server Chat server
1. Backends are What apps/clients talk to so that users can ➔ Read dynamic data So you can share information ➔ Authenticate Because it’s about user access ➔ Write persistent data Into a DB on the server for interaction
2. Backends must Be reliable ➔ Read dynamic data Scalable ➔ Authenticate Secure ➔ Write persistent data Resilient
What do you look for in a framework? Kotlin, DSL, Websockets, HTTP/2, Non-Blocking, CORS, CSRF, OIDC, OAuth2, Testing, Documentation
1. Kotlin! On the server is: ➔ Familiar Language Closer to Isomorphic ➔ Concise Extension and Higher Order functions, DSLs ➔ Null/Type Safety Compared to Javascript, Python, Ruby
Java (Spring Webflux) Kotlin class BlogRouter(private val blogHandler: BlogHandler) { fun router() = router { ("/blog" and accept(TEXT_HTML)).nest { GET("/", blogHandler::findAllBlogs) GET("/{slug}", blogHandler::findOneBlog) } ("/api/blog" and accept(APPLICATION_JSON)).nest { GET("/", blogHandler::findAll) GET("/{id}", blogHandler::findOne) } } } public class BlogRouter { public RouterFunction<ServerResponse> route(BlogHandler blogHandler) { return RouterFunctions .route(RequestPredicates.GET("/blog").and(RequestPredicat es.accept(MediaType.TEXT_HTML)), blogHandler::findAllBlogs) .route(RequestPredicates.GET("/blog/{slug}").and(RequestPr edicates.accept(MediaType.TEXT_HTML)), blogHandler::findOneBlog) .route(RequestPredicates.GET("/api/blog").and(RequestPredi cates.accept(MediaType.APPLICATION_JSON)),blogHandle r::findOne) .route(RequestPredicates.GET("/api/blog/{id}").and(Request Predicates.accept(MediaType.APPLICATION_JSON)), blogHandler::findOne); } }
Express.js Kotlin class BlogRouter(private val blogHandler: BlogHandler) { fun router() = router { ("/blog" and accept(TEXT_HTML)).nest { GET("/", blogHandler::findAllBlogs) GET("/{slug}", blogHandler::findOneBlog) } ("/api/blog" and accept(APPLICATION_JSON)).nest { GET("/", blogHandler::findAll) GET("/{id}", blogHandler::findOne) } } } var router = express.Router() var blogHandler = BlogHandler() router.get('/blog', function (req, res) { res.send(blogHandler.findAllBlogs()) }) router.get('/blog/:slug', function (req, res) { res.send(blogHandler.findOneBlog(req.params )) }) router.get('/api/blog', function (req, res) { res.send(blogHandler.findAll()) }) router.get('/blog/:id', function (req, res) { res.send(blogHandler.findOne(req.params)) })
2. Speed Efficiency ➔ Non-blocking Reactor or Kotlin Coroutine Event driven w/ Netty vs. threading ➔ Http/2 Formerly Google’s SPDY that uses single connections to grab resources Push resources to clients ➔ Websockets Useful for real-time chat/games
3. CORS Cross Origin Resource Sharing ➔ Browser Javascript security Limits domains web client (Single Page Apps) is allowed access to ➔ Microservices Web clients can call different endpoints for each microservice
4. CSRF Cross Site Request Forgery ➔ Browser form security Prevents other sites from sending in the same form fields for a request ➔ Browser cookie security CSRF can protect cookies that are sent to browsers
5. OIDC/OAuth2 Delegation, not Authentication ➔ Oauth2 Standard refresh tokens and access token that can be revoked ➔ OIDC OpenID Connect; aka, OAuth2 v2 or OpenID v3 JSON Web Token encoded data Auth token and delegation token
6. Testing Bug prevention ➔ Unit Testing Test internal business logic ➔ Integration Testing Test server
7. Documentation How? Help? ➔ Official Documentation Clear documentation for features Useful examples ➔ Community StackOverflow Github stars Real projects ➔ API Swagger/RAML
Which frameworks? Ktor, Http4K Jooby Vert.x, Spring JHipster, ...
Features Age Javalin SparkJava Ktor Jooby Vert.x Spring Http4K
Ktor Ktor Routing routing { accept(ContentType.Text.Html) { get(“/blog”) { call.respond(blogHandler::findAllBlogs) } get(“/blog/{slug}”) { call.respond(blogHandler.findOneBlog(call.parameters) ) } } accept(ContentType.Application.Json) { get("/api/blog") { call.respond(blogHandler::findAll) } get("/api/blog/{id}") { call.respond(blogHandler.findOne(call.parameters)) } } } ➔ Pros JetBrains’ official server framework Pure Kotlin Kotlin coroutine support ➔ Cons Least mature framework Not much module support but enough Only Freemarker/Velocity templates
Ktor Coroutines get("/{...}") { withContext(CommonPool) { call.slow() } } private suspend fun ApplicationCall.slow() { respondHtml { body { "Slow result" } } }
Web API DB Load Balancers Clients Monolith Architecture
Web Account Load Balancers/ Service Locators Clients Cart Logging (ELK) Gateway Microservice Architecture Tracing (Zipkin)
Http4K Http4K Routing routes( “/blog” bind routes( “/” bind GET to { _ -> bloghandler.findAllBlogs() }, “/{slug}” bind GET to { req -> bloghandler.findOneBlog(req) } ), “/api” bind routes( “/blog” bind GET to { _ -> bloghandler.findAll() }, “/blog/{id}” bind GET to { req -> bloghandler.findOne(req) } ) ).asServer(Jetty(8000)).start() ➔ Pros Pure Kotlin Resilience4J support Can deploy to AWS Lambda Pluggable backends Micrometer support Zipkin support Swagger support OAuth support for Auth0 and Google ➔ Cons No built-in non-blocking support No Kotlin coroutine support Not as mature as other Java frameworks
Jooby Jooby Routing class App: Kooby({ use(Jackson()) get("/blog") { bloghandler.findAllBlogs() } get("/blog/:slug") { req -> bloghandler.findOneBlog(req.param(“slug”).value) } get("/api/blog") { bloghandler.findAll() } get(“/api/blog/:id”) { blogHandler.findOne(req.param<Int>(“id”)) } }) ➔ Pros Pluggable backends Event loop non-blocking Even more modules than Http4K Swagger/RAML Lots of DB support Job scheduling ➔ Cons No Kotlin coroutine support No zipkin or opentracing support
Vert.x Vert.x Routing private val router = Router.router(vertx).apply { get("/blog") .handler(bloghandler::findAllBlogs) get("/blog/:slug") .handler(bloghandler::findOneBlog) get("/api/blog") .handler(bloghandler::findAll) get("/api/blog/:id") .handler (bloghandler::findOne) } ➔ Pros Kotlin coroutine support Event loop non-blocking Near top in TechEmpower benchmarks Micrometer and Hawkular Auto-clustering Polyglot (JS, Python, Clojure, Java, etc.) Redpipe for Reactive Kovert (opinionated Kotlin) Swagger support ➔ Cons A bit more monolith than microservice Not as mainstream in US
Vert.x
Spring Spring Routing class BlogRouter(private val blogHandler: BlogHandler) { fun router() = router { ("/blog" and accept(TEXT_HTML)).nest { GET("/", blogHandler::findAllBlogs) GET("/{slug}", blogHandler::findOneBlog) } ("/api/blog" and accept(APPLICATION_JSON)).nest { GET("/", blogHandler::findAll) GET("/{id}", blogHandler::findOne) } } } ➔ Pros Most popular framework Webflux/Reactor non-blocking Most modules Kitchen sink can be daunting Spring Initializer to autogen microservice Spring Initializer supports Kotlin! JHipster Swagger support ➔ Cons Need kotlin-spring/jpa plugins No official Kotlin coroutine support
Spring WebFlux @GetMapping("/api/blog/{id}") public Mono<ResponseEntity<Blog>> getBlogById(@PathVariable(value = "id") String blogId) { return blogRepository.findById(blogId) .map(savedBlog -> ResponseEntity.ok(savedBlog)) .defaultIfEmpty( ResponseEntity.notFound().build()); }
JHipster JHipster Cmds jhipster --blueprint generator-jhipster-kotlin yo jhipster:import-jdl blog-jdl.jh https://developer.okta.com/blog/2018/03/01 /develop-microservices-jhipster-oauth ➔ Pros Scaffolds Spring/Angular projects Jhipster-kotlin generates Kotlin projects Design data models and autogen CRUD RAILS/GRAILS-like Generates Netflix microservice arch Includes user management (UAA) ➔ Cons Harder to find where to change things Easy to complicate simple projects
Kotlin server side frameworks
zipkin
All The Things! Backends are easy in Kotlin Lots of choices
Further Reading - https://nordicapis.com/api-security-oauth-openid-connect-depth/ - https://ktor.io/ - https://www.http4k.org/ - https://jooby.org/ - https://vertx.io/ - https://github.com/kohesive/kovert - http://redpipe.net/ - https://spring.io/ - https://github.com/konrad-kaminski/spring-kotlin-coroutine - https://www.jhipster.tech/ - https://github.com/jhipster/jhipster-kotlin - https://www.techempower.com/benchmarks/
Ad

Recommended

What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
 
Flask jwt authentication tutorial
Flask jwt authentication tutorialFlask jwt authentication tutorial
Flask jwt authentication tutorial
Katy Slemon
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
Giulio De Donato
 
ASP.NET MVC Workshop for Women in Technology
ASP.NET MVC Workshop for Women in TechnologyASP.NET MVC Workshop for Women in Technology
ASP.NET MVC Workshop for Women in Technology
Małgorzata Borzęcka
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
アプリ開発で知っておきたい認証技術 - OAuth 1.0 + OAuth 2.0 + OpenID Connect -
Naoki Nagazumi
 
Using Play Framework 2 in production
Using Play Framework 2 in productionUsing Play Framework 2 in production
Using Play Framework 2 in production
Christian Papauschek
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
Tuyen Vuong
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
robertjd
 
Entity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applicationsEntity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applications
Mikhail Egorov
 
Super Fast Application development with Mura CMS
Super Fast Application development with Mura CMSSuper Fast Application development with Mura CMS
Super Fast Application development with Mura CMS
ColdFusionConference
 
Play Framework 2.5
Play Framework 2.5Play Framework 2.5
Play Framework 2.5
m-kurz
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
In-browser storage and me
In-browser storage and meIn-browser storage and me
In-browser storage and me
Jason Casden
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTP
Rafal Gancarz
 
Drupal, Android and iPhone
Drupal, Android and iPhoneDrupal, Android and iPhone
Drupal, Android and iPhone
Alexandru Badiu
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the Problem
ColdFusionConference
 
Android and REST
Android and RESTAndroid and REST
Android and REST
Roman Woźniak
 
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRFOWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
Paul Mooney
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
Micron Technology
 
Octopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EEOctopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
Ravi Yasas
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
Khushbu Joshi
 
What is the taste of the Selenide
What is the taste of the SelenideWhat is the taste of the Selenide
What is the taste of the Selenide
Roman Marinsky
 
HTML5 Real-Time and Connectivity
HTML5 Real-Time and ConnectivityHTML5 Real-Time and Connectivity
HTML5 Real-Time and Connectivity
Peter Lubbers
 
CQ5 Development Setup, Maven Build and Deployment
CQ5 Development Setup, Maven Build and DeploymentCQ5 Development Setup, Maven Build and Deployment
CQ5 Development Setup, Maven Build and Deployment
klcodanr
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
Fernando Lopez Aguilar
 
Top 10 HTML5 Features for Oracle Cloud Developers
Top 10 HTML5 Features for Oracle Cloud DevelopersTop 10 HTML5 Features for Oracle Cloud Developers
Top 10 HTML5 Features for Oracle Cloud Developers
Brian Huff
 
Ad

More Related Content

What's hot (20)

Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
Tuyen Vuong
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
robertjd
 
Entity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applicationsEntity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applications
Mikhail Egorov
 
Super Fast Application development with Mura CMS
Super Fast Application development with Mura CMSSuper Fast Application development with Mura CMS
Super Fast Application development with Mura CMS
ColdFusionConference
 
Play Framework 2.5
Play Framework 2.5Play Framework 2.5
Play Framework 2.5
m-kurz
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
In-browser storage and me
In-browser storage and meIn-browser storage and me
In-browser storage and me
Jason Casden
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTP
Rafal Gancarz
 
Drupal, Android and iPhone
Drupal, Android and iPhoneDrupal, Android and iPhone
Drupal, Android and iPhone
Alexandru Badiu
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the Problem
ColdFusionConference
 
Android and REST
Android and RESTAndroid and REST
Android and REST
Roman Woźniak
 
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRFOWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
Paul Mooney
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
Micron Technology
 
Octopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EEOctopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
Ravi Yasas
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
Khushbu Joshi
 
What is the taste of the Selenide
What is the taste of the SelenideWhat is the taste of the Selenide
What is the taste of the Selenide
Roman Marinsky
 
HTML5 Real-Time and Connectivity
HTML5 Real-Time and ConnectivityHTML5 Real-Time and Connectivity
HTML5 Real-Time and Connectivity
Peter Lubbers
 
CQ5 Development Setup, Maven Build and Deployment
CQ5 Development Setup, Maven Build and DeploymentCQ5 Development Setup, Maven Build and Deployment
CQ5 Development Setup, Maven Build and Deployment
klcodanr
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
Tuyen Vuong
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
robertjd
 
Entity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applicationsEntity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applications
Mikhail Egorov
 
Super Fast Application development with Mura CMS
Super Fast Application development with Mura CMSSuper Fast Application development with Mura CMS
Super Fast Application development with Mura CMS
ColdFusionConference
 
Play Framework 2.5
Play Framework 2.5Play Framework 2.5
Play Framework 2.5
m-kurz
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
In-browser storage and me
In-browser storage and meIn-browser storage and me
In-browser storage and me
Jason Casden
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTP
Rafal Gancarz
 
Drupal, Android and iPhone
Drupal, Android and iPhoneDrupal, Android and iPhone
Drupal, Android and iPhone
Alexandru Badiu
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the Problem
ColdFusionConference
 
Android and REST
Android and RESTAndroid and REST
Android and REST
Roman Woźniak
 
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRFOWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
Paul Mooney
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
Micron Technology
 
Octopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EEOctopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
Ravi Yasas
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
Khushbu Joshi
 
What is the taste of the Selenide
What is the taste of the SelenideWhat is the taste of the Selenide
What is the taste of the Selenide
Roman Marinsky
 
HTML5 Real-Time and Connectivity
HTML5 Real-Time and ConnectivityHTML5 Real-Time and Connectivity
HTML5 Real-Time and Connectivity
Peter Lubbers
 
CQ5 Development Setup, Maven Build and Deployment
CQ5 Development Setup, Maven Build and DeploymentCQ5 Development Setup, Maven Build and Deployment
CQ5 Development Setup, Maven Build and Deployment
klcodanr
 

Similar to Kotlin server side frameworks (20)

How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
Fernando Lopez Aguilar
 
Top 10 HTML5 Features for Oracle Cloud Developers
Top 10 HTML5 Features for Oracle Cloud DevelopersTop 10 HTML5 Features for Oracle Cloud Developers
Top 10 HTML5 Features for Oracle Cloud Developers
Brian Huff
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE
 
Building APIs with NodeJS on Microsoft Azure Websites - Redmond
Building APIs with NodeJS on Microsoft Azure Websites - RedmondBuilding APIs with NodeJS on Microsoft Azure Websites - Redmond
Building APIs with NodeJS on Microsoft Azure Websites - Redmond
Rick G. Garibay
 
SkyeCORE - Rev Up Your OSGi Services!
SkyeCORE - Rev Up Your OSGi Services!SkyeCORE - Rev Up Your OSGi Services!
SkyeCORE - Rev Up Your OSGi Services!
Wayne Williams
 
Simple REST with Dropwizard
Simple REST with DropwizardSimple REST with Dropwizard
Simple REST with Dropwizard
Andrei Savu
 
Real-Time Communication Testing Evolution with WebRTC
Real-Time Communication Testing Evolution with WebRTCReal-Time Communication Testing Evolution with WebRTC
Real-Time Communication Testing Evolution with WebRTC
Alexandre Gouaillard
 
API SECURITY
API SECURITYAPI SECURITY
API SECURITY
Tubagus Rizky Dharmawan
 
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudGetting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Revelation Technologies
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
Vagif Abilov
 
How to Use Stormpath in angular js
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular js
Stormpath
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Richard Bullington-McGuire
 
DreamFactory Essentials Webinar
DreamFactory Essentials WebinarDreamFactory Essentials Webinar
DreamFactory Essentials Webinar
DreamFactory
 
web2py:Web development like a boss
web2py:Web development like a bossweb2py:Web development like a boss
web2py:Web development like a boss
Francisco Ribeiro
 
Seattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js WorkshopSeattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js Workshop
Jimmy Guerrero
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
Dave Hay
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Felipe Prado
 
Module 3 - How SWORD Works
Module 3 - How SWORD WorksModule 3 - How SWORD Works
Module 3 - How SWORD Works
SWORD Project
 
REST APIs in the context of single-page applications
REST APIs in the context of single-page applicationsREST APIs in the context of single-page applications
REST APIs in the context of single-page applications
yoranbe
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
Fernando Lopez Aguilar
 
Top 10 HTML5 Features for Oracle Cloud Developers
Top 10 HTML5 Features for Oracle Cloud DevelopersTop 10 HTML5 Features for Oracle Cloud Developers
Top 10 HTML5 Features for Oracle Cloud Developers
Brian Huff
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE
 
Building APIs with NodeJS on Microsoft Azure Websites - Redmond
Building APIs with NodeJS on Microsoft Azure Websites - RedmondBuilding APIs with NodeJS on Microsoft Azure Websites - Redmond
Building APIs with NodeJS on Microsoft Azure Websites - Redmond
Rick G. Garibay
 
SkyeCORE - Rev Up Your OSGi Services!
SkyeCORE - Rev Up Your OSGi Services!SkyeCORE - Rev Up Your OSGi Services!
SkyeCORE - Rev Up Your OSGi Services!
Wayne Williams
 
Simple REST with Dropwizard
Simple REST with DropwizardSimple REST with Dropwizard
Simple REST with Dropwizard
Andrei Savu
 
Real-Time Communication Testing Evolution with WebRTC
Real-Time Communication Testing Evolution with WebRTCReal-Time Communication Testing Evolution with WebRTC
Real-Time Communication Testing Evolution with WebRTC
Alexandre Gouaillard
 
API SECURITY
API SECURITYAPI SECURITY
API SECURITY
Tubagus Rizky Dharmawan
 
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudGetting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Revelation Technologies
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
Vagif Abilov
 
How to Use Stormpath in angular js
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular js
Stormpath
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Richard Bullington-McGuire
 
DreamFactory Essentials Webinar
DreamFactory Essentials WebinarDreamFactory Essentials Webinar
DreamFactory Essentials Webinar
DreamFactory
 
web2py:Web development like a boss
web2py:Web development like a bossweb2py:Web development like a boss
web2py:Web development like a boss
Francisco Ribeiro
 
Seattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js WorkshopSeattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js Workshop
Jimmy Guerrero
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
Dave Hay
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Felipe Prado
 
Module 3 - How SWORD Works
Module 3 - How SWORD WorksModule 3 - How SWORD Works
Module 3 - How SWORD Works
SWORD Project
 
REST APIs in the context of single-page applications
REST APIs in the context of single-page applicationsREST APIs in the context of single-page applications
REST APIs in the context of single-page applications
yoranbe
 
Ad

Recently uploaded (20)

Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
The Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdfThe Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdf
drewplanas10
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
The Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdfThe Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdf
drewplanas10
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Ad

Kotlin server side frameworks

  • 1. Komparing Kotlin Server Frameworks Ken Yee (Android and occasional backend dev)
  • 2. Agenda - What is a backend? - What to look for in a server framework? - What frameworks are available? - Pros/Cons of each framework
  • 3. What is a Backend? REST API Web server Chat server
  • 4. 1. Backends are What apps/clients talk to so that users can ➔ Read dynamic data So you can share information ➔ Authenticate Because it’s about user access ➔ Write persistent data Into a DB on the server for interaction
  • 5. 2. Backends must Be reliable ➔ Read dynamic data Scalable ➔ Authenticate Secure ➔ Write persistent data Resilient
  • 6. What do you look for in a framework? Kotlin, DSL, Websockets, HTTP/2, Non-Blocking, CORS, CSRF, OIDC, OAuth2, Testing, Documentation
  • 7. 1. Kotlin! On the server is: ➔ Familiar Language Closer to Isomorphic ➔ Concise Extension and Higher Order functions, DSLs ➔ Null/Type Safety Compared to Javascript, Python, Ruby
  • 8. Java (Spring Webflux) Kotlin class BlogRouter(private val blogHandler: BlogHandler) { fun router() = router { ("/blog" and accept(TEXT_HTML)).nest { GET("/", blogHandler::findAllBlogs) GET("/{slug}", blogHandler::findOneBlog) } ("/api/blog" and accept(APPLICATION_JSON)).nest { GET("/", blogHandler::findAll) GET("/{id}", blogHandler::findOne) } } } public class BlogRouter { public RouterFunction<ServerResponse> route(BlogHandler blogHandler) { return RouterFunctions .route(RequestPredicates.GET("/blog").and(RequestPredicat es.accept(MediaType.TEXT_HTML)), blogHandler::findAllBlogs) .route(RequestPredicates.GET("/blog/{slug}").and(RequestPr edicates.accept(MediaType.TEXT_HTML)), blogHandler::findOneBlog) .route(RequestPredicates.GET("/api/blog").and(RequestPredi cates.accept(MediaType.APPLICATION_JSON)),blogHandle r::findOne) .route(RequestPredicates.GET("/api/blog/{id}").and(Request Predicates.accept(MediaType.APPLICATION_JSON)), blogHandler::findOne); } }
  • 9. Express.js Kotlin class BlogRouter(private val blogHandler: BlogHandler) { fun router() = router { ("/blog" and accept(TEXT_HTML)).nest { GET("/", blogHandler::findAllBlogs) GET("/{slug}", blogHandler::findOneBlog) } ("/api/blog" and accept(APPLICATION_JSON)).nest { GET("/", blogHandler::findAll) GET("/{id}", blogHandler::findOne) } } } var router = express.Router() var blogHandler = BlogHandler() router.get('/blog', function (req, res) { res.send(blogHandler.findAllBlogs()) }) router.get('/blog/:slug', function (req, res) { res.send(blogHandler.findOneBlog(req.params )) }) router.get('/api/blog', function (req, res) { res.send(blogHandler.findAll()) }) router.get('/blog/:id', function (req, res) { res.send(blogHandler.findOne(req.params)) })
  • 10. 2. Speed Efficiency ➔ Non-blocking Reactor or Kotlin Coroutine Event driven w/ Netty vs. threading ➔ Http/2 Formerly Google’s SPDY that uses single connections to grab resources Push resources to clients ➔ Websockets Useful for real-time chat/games
  • 11. 3. CORS Cross Origin Resource Sharing ➔ Browser Javascript security Limits domains web client (Single Page Apps) is allowed access to ➔ Microservices Web clients can call different endpoints for each microservice
  • 12. 4. CSRF Cross Site Request Forgery ➔ Browser form security Prevents other sites from sending in the same form fields for a request ➔ Browser cookie security CSRF can protect cookies that are sent to browsers
  • 13. 5. OIDC/OAuth2 Delegation, not Authentication ➔ Oauth2 Standard refresh tokens and access token that can be revoked ➔ OIDC OpenID Connect; aka, OAuth2 v2 or OpenID v3 JSON Web Token encoded data Auth token and delegation token
  • 14. 6. Testing Bug prevention ➔ Unit Testing Test internal business logic ➔ Integration Testing Test server
  • 15. 7. Documentation How? Help? ➔ Official Documentation Clear documentation for features Useful examples ➔ Community StackOverflow Github stars Real projects ➔ API Swagger/RAML
  • 18. Ktor Ktor Routing routing { accept(ContentType.Text.Html) { get(“/blog”) { call.respond(blogHandler::findAllBlogs) } get(“/blog/{slug}”) { call.respond(blogHandler.findOneBlog(call.parameters) ) } } accept(ContentType.Application.Json) { get("/api/blog") { call.respond(blogHandler::findAll) } get("/api/blog/{id}") { call.respond(blogHandler.findOne(call.parameters)) } } } ➔ Pros JetBrains’ official server framework Pure Kotlin Kotlin coroutine support ➔ Cons Least mature framework Not much module support but enough Only Freemarker/Velocity templates
  • 19. Ktor Coroutines get("/{...}") { withContext(CommonPool) { call.slow() } } private suspend fun ApplicationCall.slow() { respondHtml { body { "Slow result" } } }
  • 22. Http4K Http4K Routing routes( “/blog” bind routes( “/” bind GET to { _ -> bloghandler.findAllBlogs() }, “/{slug}” bind GET to { req -> bloghandler.findOneBlog(req) } ), “/api” bind routes( “/blog” bind GET to { _ -> bloghandler.findAll() }, “/blog/{id}” bind GET to { req -> bloghandler.findOne(req) } ) ).asServer(Jetty(8000)).start() ➔ Pros Pure Kotlin Resilience4J support Can deploy to AWS Lambda Pluggable backends Micrometer support Zipkin support Swagger support OAuth support for Auth0 and Google ➔ Cons No built-in non-blocking support No Kotlin coroutine support Not as mature as other Java frameworks
  • 23. Jooby Jooby Routing class App: Kooby({ use(Jackson()) get("/blog") { bloghandler.findAllBlogs() } get("/blog/:slug") { req -> bloghandler.findOneBlog(req.param(“slug”).value) } get("/api/blog") { bloghandler.findAll() } get(“/api/blog/:id”) { blogHandler.findOne(req.param<Int>(“id”)) } }) ➔ Pros Pluggable backends Event loop non-blocking Even more modules than Http4K Swagger/RAML Lots of DB support Job scheduling ➔ Cons No Kotlin coroutine support No zipkin or opentracing support
  • 24. Vert.x Vert.x Routing private val router = Router.router(vertx).apply { get("/blog") .handler(bloghandler::findAllBlogs) get("/blog/:slug") .handler(bloghandler::findOneBlog) get("/api/blog") .handler(bloghandler::findAll) get("/api/blog/:id") .handler (bloghandler::findOne) } ➔ Pros Kotlin coroutine support Event loop non-blocking Near top in TechEmpower benchmarks Micrometer and Hawkular Auto-clustering Polyglot (JS, Python, Clojure, Java, etc.) Redpipe for Reactive Kovert (opinionated Kotlin) Swagger support ➔ Cons A bit more monolith than microservice Not as mainstream in US
  • 26. Spring Spring Routing class BlogRouter(private val blogHandler: BlogHandler) { fun router() = router { ("/blog" and accept(TEXT_HTML)).nest { GET("/", blogHandler::findAllBlogs) GET("/{slug}", blogHandler::findOneBlog) } ("/api/blog" and accept(APPLICATION_JSON)).nest { GET("/", blogHandler::findAll) GET("/{id}", blogHandler::findOne) } } } ➔ Pros Most popular framework Webflux/Reactor non-blocking Most modules Kitchen sink can be daunting Spring Initializer to autogen microservice Spring Initializer supports Kotlin! JHipster Swagger support ➔ Cons Need kotlin-spring/jpa plugins No official Kotlin coroutine support
  • 27. Spring WebFlux @GetMapping("/api/blog/{id}") public Mono<ResponseEntity<Blog>> getBlogById(@PathVariable(value = "id") String blogId) { return blogRepository.findById(blogId) .map(savedBlog -> ResponseEntity.ok(savedBlog)) .defaultIfEmpty( ResponseEntity.notFound().build()); }
  • 28. JHipster JHipster Cmds jhipster --blueprint generator-jhipster-kotlin yo jhipster:import-jdl blog-jdl.jh https://developer.okta.com/blog/2018/03/01 /develop-microservices-jhipster-oauth ➔ Pros Scaffolds Spring/Angular projects Jhipster-kotlin generates Kotlin projects Design data models and autogen CRUD RAILS/GRAILS-like Generates Netflix microservice arch Includes user management (UAA) ➔ Cons Harder to find where to change things Easy to complicate simple projects
  • 31. All The Things! Backends are easy in Kotlin Lots of choices
  • 32. Further Reading - https://nordicapis.com/api-security-oauth-openid-connect-depth/ - https://ktor.io/ - https://www.http4k.org/ - https://jooby.org/ - https://vertx.io/ - https://github.com/kohesive/kovert - http://redpipe.net/ - https://spring.io/ - https://github.com/konrad-kaminski/spring-kotlin-coroutine - https://www.jhipster.tech/ - https://github.com/jhipster/jhipster-kotlin - https://www.techempower.com/benchmarks/