Background: Zero Defects Manufacturing Platforms will be integrated with external Internet of-Things platforms of commercial manufacturers as well as other (research) projects. In doing so, the data sources available there should be usable as well as the integration of security measures to ensure controlled and frictionless cross-platform access for everybody. Objective: This paper describes an implementation approach of making use of open standards as an example of good design patterns and architecture and gives a short impression of the performance reachable by following these practices compared with other solutions. Method: Using a prototype implementation and conducting a systematic performance study. Results: A prototype implementation by making use of open standards (e.g. Swagger) and opensource tools (e.g. Spring framework) that have been evaluated. Conclusion: The results provide a reference to developers to design a system to enable controlled and smooth cross-platform access in manufacturing environment.
be important from a business perspective of the platform owner if he can see how often an API is going to be called from a supplier or a customer outside of its organization.
It’s an example of how an API Gateway proxy server can be implemented with the help of Spring Cloud Gateway and extended with individual functionalities. It is also covered how to establish a database connection with Spring Data and how to convert custom classes into specific database formats. With Spring Security and OAuth 2 helper libraries, it was possible to implement authentication and authorization of incoming requests on arbitrarily configurable authorization servers.
A Proof-of-Concept implementation has been developed and evaluation of the performance of implementation against some alternative solutions (commercial and non-commercial) has been made: • Direct call • NGINX [8] • Spring Cloud Gateway [9] • Netflix Zuul [10] • webMethods API Gateway (closed source/commercial product) [11] The performance results are based measuring request latencies during increasement of the number of parallel accesses.
A microservices-based integration architecture requires new patterns for event-based communication, micro gateways for policy enforcement, and network-level controls to be managed with a service mesh.
All examined tools and components more or less fulfill all aspects besides the direct calls which have been added as a reference point only. Finally, performance evaluation (Table 1) has been done against a commercial product.
The functional aspects of a possible implementation do all follow the following sequence diagram, that shows the access of an external API by using an API gateway (Figure 3)Figure 2.
Assuming the use of OAuth 2 as a common protocol for authorization request as a de-facto standard is used the procedure of registering clients and/or APIs needs to be handled dynamically. The sequence is following the simple logical structure of an atomic functional requirement to technically receive a response and is not including any other functional requirements like specific user interaction designs vice versa: • Request • Validate access token e.g. via OAuth 2 • Transfer modified request • Reply
NGINX is a popular open-source proxy and web server software that can be used at the application level for HTTP and email, as well as at the transport level for TCP/UDP. It runs as a Linux or Windows service and is controlled via configuration files and process signals.
However, this type of configuration complicates the ability to dynamically add or delete new APIs or routes, as described in the concept. For that reason the use of NGINX [5] has been discarded and no reference implementation has been included in the performance evaluation.
Spring Cloud Gateway [9] is a project that provides a set of libraries for building an API Gateway. It aims to provide an effective way to route to APIs and provide support for security, monitoring/metrics, and resiliency. It is based on Spring Framework and Spring Boot and thus runs on Windows, Mac, Linux.
Netflix Zuul [10] is a gateway service that provides dynamic routing, monitoring, resiliency and stress testing, authentication, and security, and more. It is written in Java and thus runs on Windows, Mac, Linux.
webMethods API Gateway [11] is a commercial tool that provides capabilities to perform all the administration and API related tasks such as creating APIs, defining and activating policies, creating applications, and consuming APIs as well as security and policies.
As a test API endpoint, the non-existent endpoint https://google.com/error has been used for the following reasons: it always returns a HTTP 404 error page; and is provided by the large internet company Google, so that a constant and reproducibility response time can be expected even under heavier loads.
As a test tool Apache Bench4 is used, a command-line program that measures connection and response times of HTTP servers, while maintaining parallel connections. A call for a measurement follows the following command line pattern: ab -c <number of parallel calls> -n <total number of calls> \ -H "Authorization: Bearer <JWT>" "http://<Gateway URL>/error"
All measurements have been executed on a laptop with Intel i5 9th generation, 16 GB memory (OS Windows 10).
The best results of a category and concurrency level are marked in green, the worst in red. It becomes clear that Spring Cloud Gateway takes the least amount of time per request at almost all stages. Spring Cloud Gateway provides a set of libraries for building an API Gateway on top of the Spring and Spring Boot Framework[9]. However, it must also be considered that some tools could possibly perform better in these areas if executed on better and more hardware resources, as some tools are designed for larger installations. But that has not been part of this study.
The ZDZW project has received funding from the European Union’s Horizon Europe program under grant agreement No 101057404. Views and opinions expressed are, however, those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.
project.eu/outcomes/ SPRING Data: https://spring.io/projects/spring-data/ SPRING Security: https://spring.io/projects/spring-security/ SPRING Cloud Gateway: https://spring.io/projects/spring-cloud-gateway/ Swagger Parser: https://github.com/swagger-api/swagger-parser
[3] Walls, Craig. Spring in action. Simon and Schuster, 2022. [4] Spilca, Laurentiu. Spring security in action. Simon and Schuster, 2020. [5] Nguyen, Quy, and Oras F. Baker. Applying Spring Security Framework and OAuth2 To Protect
Microservice Architecture API. J. Softw. 14.6 (2019): 257-264. [6] Trebichavský, Richard. "API Gateways and Microservice Architectures." 2021. [7] Apache Bench 2024. URL: https://httpd.apache.org/docs/2.4/programs/ab.html [8] Nginx. URL: https://en.wikipedia.org/wiki/Nginx [9] SPRING Cloud Gateway. URL: https://spring.io/projects/spring-cloud-gateway/ [10] Netflix Zuul. URL: https://github.com/Netflix/zuul/wiki [11] webMethods API Gateway 2024. URL: https://www.softwareag.cloud/site/product/webmethods api.html