Cross-origin resource sharing on IBM Bluemix

Update: A newer version of this post has been published to the IBM Bluemix blog.

The IBM Bluemix Platform-as-a-Service (based on Cloud Foundry) naturally supports applications that are composed of many services that are in turn deployed to different hostnames.

For example, if you push an application to Bluemix, the name you provide will be prepended to .mybluemix.net resulting in an address such as:

  • http://my-sample-app.mybluemix.net

If your cloud-native app follows the best practices of a microservices architecture you’ll probably have two or more subcomponents that live on discrete hostnames like this.

But what if you have a JavaScript based front-end that needs to aggregate information from the disparate hosts? By default you won’t have access to data on these other subdomains.

The solution is to take advantage of the HTTP headers that are available to allow you to control cross-origin resource sharing (CORS).

To illustrate the problem and the solution, consider the simple Ajax application here:

If you click the red box, you’ll initiate an asynchronous HTTP call in JavaScript to a servlet on another host at:

The source of this servlet shows that no particular HTTP headers are set, thus the JavaScript call never reaches it.

However, if you click the blue box, you’ll initiate a call to a different servlet on that host:

This time the Ajax call will successfully consume data from the service, because the HTTP headers allow services from a different domain to access the servlet.

response.setHeader(
  "Access-Control-Allow-Origin",
  "http://krook-service-consumer.mybluemix.net"
);

response.setHeader(
  "Access-Control-Allow-Methods",
  "POST, GET, DELETE, PUT"
);

response.setHeader(
  "Access-Control-Allow-Headers",
  "x-requested-with,Content-Type"
);

If you need to allow access to all client hostnames, replace the whitelist with a wildcard:

response.setHeader(
  "Access-Control-Allow-Origin",
  "*"
);

There you have it; a simple way to build dynamic JavaScript applications composed of several microservices on IBM Bluemix (or any other Cloud Foundry PaaS).

I used Java in this example, but the same HTTP headers apply whether you’re using Ruby, Node.js, PHP, Python or any other runtime.

Please vote for my OpenStack talk proposals

27 February 2014 » Cloud, Cloud Foundry, OpenStack

I’ve submitted two abstracts for the OpenStack Atlanta conference that happens in May.

The OpenStack project is interesting in that it allows members of the community to weigh in on the topics they’d like to see at the conference.

If you like my presentation topics, please consider voting for them (ideally with 3 stars: “Would Love To See This!”).

To vote, you need to be a member of the OpenStack Foundation. You can join as an individual member for free.

The community review period ends on March 3rd, so please vote today!

IBM forges its new PaaS with Cloud Foundry

29 July 2013 » Cloud, Cloud Foundry, OpenStack

IBM recently announced an open cloud architecture, based on OpenStack at the Infrastructure-as-a-Service (server, storage, and network) level, and on Cloud Foundry at the Platform-as-a-Service (runtime, framework, and database) level.

The partnership follows a fifteen year trend at IBM. This strategy to start with – and contribute back to – open source projects benefits IBM, its customers, and the community itself.

  • By building on top of an existing open source foundation, IBM can focus its efforts on higher level services tailored to specific customers.
  • By generating interest in the technology – and dedicating employees to the open source project – the community and its software is strengthened.

I’m proud to be a part of the work at IBM to build our next generation PaaS on top of Cloud Foundry. We’ve already got 1,000 IBMers running 1,200 apps on it, and we’re growing fast.

As with Apache, Linux, Eclipse, and OpenStack before it, I have have high hopes for Cloud Foundry. It’s good news for IBM customers, and everyone else who can benefit from a free, open source PaaS.

This post is my own and doesn’t necessarily represent IBM’s positions, strategies or opinions.