Apache APISIX plugin Lua analysis

Down the rabbit hole of an Apache APISIX plugin

My demo, Evolving your APIs, features a custom Apache APISIX plugin. I believe that the process of creating a custom plugin is relatively well-documented. However, I wanted to check the parameters of the _M.access(conf, ctx) function, especially the ctx one. The documentation states: The ctx parameter caches data information related to the request. You can use core.log.warn(core.json.encode(ctx, true)) to output it to error.log for viewing. Unfortunately, core.log ultimately depends on

monkey-patching AspectJ Byte Buddy Instrumentation Java Agent

Monkey-patching in Java

The JVM is an excellent platform for monkey-patching. Monkey patching is a technique used to dynamically update the behavior of a piece of code at run-time. A monkey patch (also spelled monkey-patch, MonkeyPatch) is a way to extend or modify the runtime code of dynamic languages (e.g. Smalltalk, JavaScript, Objective-C, Ruby, Perl, Python, Groovy, etc.) without altering the original source code. — Wikipedia I want to demo several approaches for monkey-patching in Java in this post


Problem Details for HTTP APIs - RFC 7807 is dead, long live RFC 9457

The positive experience of RFC 7807, whose journey began in 2016, is concluded (deprecation) but also confirmed with a new official proposition: the RFC 9457. The changes made are small but it is a suitable opportunity to analyze the evolution of this topic. Context The RFC 7807, and now the RFC 9457 which perfects it, was born after a period in which the Internet Companies have made it clear that the integration of the business, the eventual transformation of the company services into a plat


Offering my blog to new authors

Regular readers of this blog know that I started it a long time ago, namely in April 2008. I soon found my cruising speed: a post a week. It requires time and discipline, but I achieved this goal during all those years. However, while I still have enough of both, I start to miss good post ideas. There are several reasons for this. I’ve always told that working on real-world projects is a vast source of ideas. Moving to Developer Advocacy, I’ve widened the list of topics I’m fa

Logs logging Loki Grafana

Send your logs to Loki

One of my current talks focuses on Observability in general and Distributed Tracing in particular, with an OpenTelemetry implementation. In the demo, I show how you can see the traces of a simple distributed system consisting of: the Apache APISIX API Gateway, a Kotlin app with Spring Boot, a Python app with Flask, and a Rust app with Axum. Earlier this year, I spoke and attended the Observability room at FOSDEM. One of the talks demoed the Grafana stack: Mimir for metrics, Tempo for traces, and

Rust library

Introduction to the Tower library

One of the components of my OpenTelemetry demo is a Rust application built with the Axum web framework. In its description, axum mentions: axum doesn’t have its own middleware system but instead uses tower::Service. This means axum gets timeouts, tracing, compression, authorization, and more, for free. It also enables you to share middleware with applications written using hyper or tonic. — axum README So far, I was happy to let this cryptic explanation lurk in the corner of

Apache APISIX Ops DevOps

Ops friendly Apache APISIX

Though I always worked on the Dev side of IT, I was also interested in the Ops side. I even had a short experience being a WebSphere admin: I used it several times, helping Ops deal with the Admin console while being a developer. Providing a single package that Ops can configure and deploy in different environments is very important. As a JVM developer, I’ve been happy using Spring Boot and its wealth of configuration options: command-line parameters, JVM parameters, files, profiles, enviro

Ant Maven Gradle build

My final take on Gradle (vs. Maven)

I tweet technical content that I consider interesting, but the funny tweets are the ones that get the most engagement. I attended the JavaLand conference in March, stumbled upon the Gradle booth, and found this gem: +<div class='jekyll-twitter-plugin'><blockquote class='twitter-tweet'><p lang='en' dir='ltr'>Things have changed a lot 😂😂😂<br><br>“When you can’t beat them, join them” <a href='https://t.co/SnX3KN57o8'>pic.twitter.com/SnX3KN57o8</a></p>

authentication API Gateway Apache APISIX Keycloak Spring Security

System architecture: move authentication to the API Gateway

When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks. Rate Limiting comes to mind first, but it shouldn’t stop there. We can factor many features in the API Gateway and should be bold in moving them from our apps. In this post, I’ll show how to implement authentication at the Gateway API stage. Overall authentication flow The API Gateway doesn’t authenticate but delegates authentication to an authentication

Apache APISIX etcd mysql

Apache APISIX without etcd

etcd is an excellent key-value distributed database used internally by Kubernetes and managed by the CNCF. It’s a great option, and that’s the reason why Apache APISIX uses it too. Yet, it’s not devoid of issues. First, some mention scalability, but one can expect this from a distributed data store that values consistency. Another issue may be the need for more familiarity with etcd. It’s relatively new, so your Ops team may need help operating it correctly while having