micronaut-microservices-poc 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
micronaut-microservices-poc 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
micronaut-microservices-poc 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 Apache-2.0 License
开发语言 Java
操作系统 跨平台
软件类型 开源软件
所属分类 云计算云原生
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-12-09


ASCLAB Micronaut PoC - LAB Insurance Sales Portal

Build Status

This is an example of a very simplified insurance sales system made in a microservice architecture using Micronaut.

Comprehensive guide describing exactly the architecture, applied design patterns and technologies can be found on our blog in article Building Microservices with Micronaut.

We have recently upgraded to Java 14 (you must have JDK14 in order to build and run the project).

We encourage you to read, because in this README there is only a substitute for all information.

Other articles around microservices that could be interesting:

Architecture overview

Micronaut Microservices Architecture

  • agent-portal-gateway - Gateway pattern from EAA Catalog implementation.
    The complexity of “business microservices” will be hidden by using Gateway pattern. This component is responsible for the proper redirection of requests to the appropriate services based on the configuration. The frontend application will only communicate with this component. This component show usage of non-blocking http declarative clients.

  • payment-service - main responsibilities: create Policy Account, show Policy Account list, register in payments from bank statement file.
    This module is taking care of a managing policy accounts. Once the policy is created, an account is created in this service with expected money income. Payment-service also has an implementation of a scheduled process where CSV file with payments is imported and payments are assigned to policy accounts. This component shows asynchronous communication between services using Kafka and ability to create background jobs using Micronaut. It also features accessing database using JPA.

  • policy-service - creates offers, converts offers to insurance policies.
    In this service we demonstrated usage of CQRS pattern for better read/write operation isolation. This service demonstrates two ways of communication between services: synchronous REST based calls to pricing-service through HTTP Client to get the price, and asynchronous event based using Apache Kafka to publish information about newly created policies. In this service we also access RDBMS using JPA.

  • policy-search-service - provides insurance policy search.
    This module listens for events from Kafka, converts received DTOs to “read model” (used later in search) and saves this in database (ElasticSearch). It also exposes REST endpoint for search policies.

  • pricing-service - calculates price for selected insurance product.
    For each product a tariff should be defined. The tariff is a set of rules on the basis of which the price is calculated. MVEL language was used to define the rules. During the policy purchase process, the policy-service connects with this service to calculate a price. Price is calculated based on user’s answers for defined questions.

  • product-service - simple insurance product catalog.
    Information about products are stored in MongoDB. Each product has code, name, image, description, cover list and question list (affect the price defined by the tariff). This module shows usage of reactive Mongo client.

  • auth-service - JWT based authentication service, this services provides login functionality.
    Based on login and password users get authenticated and JWT token with their privileges is created and returned. This services shows built-in Micronaut support for JWT based security.

  • documents-service - Service build with kotlin. Responsible for generating pdf document when new policy event is received.

  • chat-service - Example WebSocket usage. Chat for salesman.

  • dashboard-service - Business dashboards that presents our agents sales results. Dashboard service subscribes to events of selling policies and index sales data in ElasticSearch. Then ElasticSearch aggregation framework is used to calculate sales stats like: total sales and number of policies per product per time period, sales per agent in given time period and sales timeline. Sales stats are nicely visualized using ChartJS.

  • web-vue - SPA application built with Vue.js and Bootstrap for Vue.

Each business microservice has also -api module (payment-service-api, policy-service-api etc.), where we defined commands, events, queries and operations.

In the picture you can also see the component internal-command-bus. This component is used internally by microservices if we want to use a CQRS pattern inside (simple example in OfferController in policy-service).


This step requires Java 14 (JDK), Maven and Yarn.

For demo purposes build process is automated by a shell script. For Unix-based systems:


For Windows:


If you already run the necessary infrastructure (Kafka, Consul etc.), you should run build with all tests: For Unix-based systems:


For Windows:


Running for development


  • docker
  • docker-compose

Windows users: make sure to set core.autocrlf false in git configuration before cloning this repository.

For Windows users, append below line C:\Windows\System32\drivers\etc\hosts: kafkaserver

For frontend app running, you must add file .env.local based on .env-example .


Automated deployment

To run the whole system on local machine just type:


Make sure you've first built the microservices! Check this. This script will provision required infrastructure and start all services. Setup is powered by docker-compose and configured via docker-compose.yml file.

Afterwards you need to add kafka cluster - either via web UI (Kafka Manager -> Cluster -> Add Cluster) or using provided script:


At this point system is ready to use: http://localhost

Manual deployment

If you want to run services manually (eg. from IDE), you have to provision infrastructure with script from scripts folder:


Afterwards you need to add kafka cluster - either via web UI (Kafka Manager -> Cluster -> Add Cluster) or using provided script:

  • Consul dashboard: http://localhost:8500
  • Zipkin dashboard: http://localhost:9411/zipkin/
  • Kafka Manager dashboard: http://localhost:9000/
  • JSReport dashboard: http://localhost:5488/

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

Check this;

Add POLICY template to JsReport


  1. Click "+".
  2. Type name "POLICY" and content from file policy.template.
  3. Commit changes.

Consul without our script

docker run -p 8500:8500 consul

Zipkin without our script

docker run -d -p 9411:9411 openzipkin/zipkin

Kafka without our script

Setup Kafka on Windows with this instruction.

JSReport without our script

docker run -p 5488:5488 jsreport/jsreport

OpenAPI/Swagger docs

agent-portal-gateway provides the API description.

You can go to URL: [http://localhost:8081/swagger/lab-insurance-sales-portal-api-1.0.yml][http://localhost:8081/swagger/lab-insurance-sales-portal-api-1.0.yml]

Add new microservice

Create new microservice with Micronaut CLI:

mn create-app pl.altkom.asc.lab.[SERVICE-NAME]-service -b maven

This command generate project in Java and Maven as build tool.


Sample users

  • admin / admin
  • jimmy.solid / secret
  • danny.solid / secret
  • agent1 / agent1



Sales Dashboard

Sales Dashboard

Tracing requests with Zipkin


Show topics on Kafka


Show registered services in Consul


Show document templates in JS Report






{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
H2 database 存在反序列化漏洞
H2 database是一个用Java编写的可嵌入Rdbms。H2 database存在代码问题漏洞,该漏洞源于H2数据库的getConnection方法以驱动的类名和数据库的URL作为参数,攻击者可利用该漏洞传递JNDI驱动程序名称和指向LDAP或RMI服务器的URL,从而导致远程代码执行。
CVE-2021-42392 MPS-2021-33243
2022-08-08 19:21
Dan DeFelippi node-XMLHttpRequest 信任管理问题漏洞
Dan DeFelippi node-XMLHttpRequest是 (Dan DeFelippi)开源的一个应用软件。用于模拟浏览器XMLHttpRequest对象。 Node.js xmlhttprequest-ssl package 1.6.1之前版本存在信任管理问题漏洞,该漏洞源于任何证书都不会被拒绝。
CVE-2021-31597 MPS-2021-5338
2022-08-08 19:21
css-what是一个CSS选择器解析器。 css-what 5.0.1之前版本存在安全漏洞,该漏洞源于css-what包并不能确保属性解析具有相对于输入大小的线性时间复杂度。目前没有详细漏洞细节提供。
CVE-2021-33587 MPS-2021-7397
2022-08-08 19:21
NPM url-parse 安全漏洞
Url-Parse是一个跨 Node.js 和浏览器环境无缝工作的小型 Url 解析器。 NPM url-parse 存在安全漏洞,该漏洞源于在1.5.6之前的NPM url-parse中,通过用户控制的密钥绕过授权。
CVE-2022-0512 MPS-2022-3327
2022-08-08 19:21
Elasticsearch Elastic Enterprise Search 安全漏洞
Elasticsearch Elastic Enterprise Search是荷兰Elasticsearch公司的一款企业搜索工具。 Elasticsearch 6.8.13版本和7.9.2之前版本存在安全漏洞,该漏洞源于在使用文档或字段级安全时包含文档泄露缺陷。在执行某些复杂查询时,搜索查询不能正确地保留安全权限。这可能导致搜索暴露了攻击者无法查看的文档的存在。攻击者可利用该漏洞对潜在的敏感索引有更多的了解。
CVE-2020-7020 MPS-2020-15777
2022-08-08 19:21
jszip 安全漏洞
jszip是一个用于创建、读取和编辑.zip文件的JavaScript库。 jszip 3.7.0之前版本存在安全漏洞,该漏洞源于当创建一个新的zip文件,文件名设置为对象原型值时,将返回一个带有修改过的原型实例的对象。
CVE-2021-23413 MPS-2021-11050
2022-08-08 19:21
Elasticsearch 日志信息泄露漏洞
Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算,并支持通过HTTP使用JSON进行数据索引。 Elasticsearch中存在日志信息泄露漏洞,该漏洞源于网络系统或产品的日志文件非正常输出。
CVE-2020-7021 MPS-2021-1485
2022-08-08 19:21
karma是一个简单的工具,允许您在多个 真实浏览器中执行 JavaScript 代码。karma 6.3.16之前版本存在安全漏洞,该漏洞源于缺少对返回url查询参数的验证,攻击者可利用该漏洞执行重定向攻击。
CVE-2021-23495 MPS-2021-19534
2022-08-08 19:21
Elasticsearch 信息泄露漏洞
Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算,并支持通过HTTP使用JSON进行数据索引。 Elasticsearch 存在信息泄露漏洞,攻击者可利用该漏洞通过Cross-cluster Search Queries绕过数据访问限制,以获取敏感信息。
CVE-2021-22137 MPS-2021-6747
2022-08-08 19:21
Sindre Sorhus IS-SVG 安全漏洞
Sindre Sorhus is-svg是 (Sindre Sorhus)开源的一个应用软件。提供检查字符串或缓冲区是否为SVG功能。 IS-SVG 存在安全漏洞,该漏洞源于当应用程序检查一个精心制作的无效SVG字符串时,就会出现正则表达式拒绝服务(ReDOS)。
CVE-2021-29059 MPS-2021-8684
2022-08-08 19:21
lodash 资源管理错误漏洞
lodash是一款开源的JavaScript实用程序库。 lodash 4.7.11之前版本中的Date handler存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。
CVE-2019-1010266 MPS-2019-8123
2022-08-08 19:21
Ajv 输入验证错误漏洞
Ajv 6.12.2版本中的ajv.validate()函数中存在输入验证错误漏洞。攻击者可利用该漏洞执行代码或造成拒绝服务。
CVE-2020-15366 MPS-2020-10525
2022-08-08 19:21
JetBrains Kotlin 授权问题漏洞
JetBrains Kotlin是捷克JetBrains公司的一款在Java虚拟机上运行的静态类型编程语言。 JetBrains Kotlin before 1.4.2 存在授权问题漏洞,该漏洞源于权限不安全,攻击者可利用该漏洞读取数据。
CVE-2020-29582 MPS-2021-1082
2022-08-08 19:21
Apache Kafka 安全漏洞
Apache Kafka是美国阿帕奇(Apache)软件基金会的一套开源的分布式流媒体平台。该平台能够获取实时数据,用于构建对数据流的变化进行实时反应的应用程序。 Apache Kafka 中的一些组件使用 Arrays.equals 来验证密码或密钥,这很容易受到定时攻击,从而使对此类凭据的暴力攻击更有可能成功。用户应升级到 2.8.1 或更高版本,或已修复此漏洞的 3.0.0 或更高版本。
CVE-2021-38153 MPS-2021-28892
2022-08-08 19:21
handlebars 安全漏洞
handlebars是一款语义化的Web模板系统。 handlebars 4.7.7版本之前存在安全漏洞,该漏洞源于在选择某些编译选项来编译来自不受信任的源的模板时,handlebars容易受到远程代码执行(Remote Code Execution, RCE)的攻击。
CVE-2021-23369 MPS-2021-4548
2022-08-08 19:21
follow-redirects project信息暴露漏洞
Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.
CVE-2022-0536 MPS-2022-3636
2022-08-08 19:21
Unshiftio Url-parse 访问控制错误漏洞
Url-Parse是一个跨 Node.js 和浏览器环境无缝工作的小型 Url 解析器。 Unshiftio Url-parse 中存在访问控制错误漏洞,该漏洞源于产品对用户控制的密钥缺少有效的保护机制。攻击者可通过该漏洞绕过授权。以下产品及版本受到影响:Unshiftio Url-parse 1.5.9 之前版本。
CVE-2022-0691 MPS-2022-4474
2022-08-08 19:21
LibSass 资源管理错误漏洞
LibSass是一个开源的使用C语言编写的Sass(CSS扩展语言)解析器。 LibSass 3.5.5之前版本中的eval.cpp文件的‘Sass::Eval::operator()’函数存在安全漏洞,该漏洞源于程序没有正确的解析‘\\%’字符。攻击者可借助特制的sass文件利用该漏洞造成拒绝服务(栈损坏)。
CVE-2018-19837 MPS-2018-15395
2022-08-08 19:21
Elasticsearch 用户名泄露漏洞
Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算,并支持通过HTTP使用JSON进行数据索引。 Elasticsearch中存在信息泄露漏洞,该漏洞源于网络系统或产品在运行过程中存在配置等错误,未授权的攻击者可利用该漏洞获取受影响组件敏感信息。
CVE-2019-7619 MPS-2019-13902
2022-08-08 19:21
Netty Snappy资源穷尽漏洞
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 netty存在资源管理错误漏洞,该漏洞源于Snappy frame decoder函数不限制块长度,这可能会导致过度内存使用。
CVE-2021-37137 MPS-2021-28117
2022-08-08 19:21
0 评论
0 收藏