Keeping brazil's medical industry safe with Micro Profile and JakartaEE - Jakarta One 2020

@GuimaraesSv @CesarHgt @tomitribe
Rafael Guimarães, César Hernández
Keeping Brazil’s Medical Industry
Safe with MicroProﬁle

SPEAKERS
Rafael Guimarães
● Software Engineer
● GBR Systems.
● +27 experience in Medical and Judicial
areas in Brazil.
● University faculty professor.
● Focused on distributed software
architectures.
César Hernández
● Senior Software Engineer at Tomitribe
● Oracle Java Champion and
Groundbreaker Ambassador
● Duke’s Choice Award 2016, 2017
● Oracle Certiﬁed Professional
● +14 experience with Java EE
● Apache TomEE and Eclipse Committer,
Microproﬁle Contributor.
● Open Source advocate, writer, teacher
and public speaker

Agenda
● Brazilian health care system Overview
● Base System
● Boosting Brazilian healthcare systems with Jakarta EE, Eclipse
MicroProﬁle and Apache TomEE
● Contribution to the COVID-19 Response
● Lessons Learned

5 major regions
26 states / 5570 cities
1 federal district
Brazilian health care system Overview
211M
People
521kDoctors
152kHealth Service
Providers
6th largest population
(behind China, India, United
States, Indonesia, Pakistan)
source:
http://cnes.datasus.gov.br
http://fiscalizacao.cfm.org.br/
https://population.un.org/wpp/Download/Standard/Population/
5th largest country
(behind Russia, Canada,
China, United States)

15,8
Million people
North
16
Million people
Midwest
Million people
53
Northeast
80,3
27,3
Southeast
Million people
Million people
South
source:

source:
North
Midwest
Northeast
South
1 doctor / 1.1k
1 provider / 4.1k
Southeast
1 doctor / 5.1k
1 provider / 30k
1 doctor / 5.6k
1 provider / 31k
1 doctor / 1.6k
1 provider / 6.5k 1 doctor / 1.3k
1 provider / 4.7k
WHO recommends:
1 doctor / 1k

Public health
103billions/year
reaching
75%of the population
Supplementary health
90,5billions/year
reaching
25%of the population

Medical Practice!
Brazilian health care system - Actors
Medicine
Council
Government Health Departments
Control
Regulation
Policies
Sanitary Surveillance
Licences
Records
Professional Discipline
Ethical Judgment
Licence to work
Keep Records
Inspections
Complains
Guiding
Integrations
Information Sharing
Medicine
Schools
&
Residency
Programs
Learning, Training, Specializing
Counselors
&
Inspectors
Health Service
Providers
Doctors
Patients

Brazilian health care system - Challenges
● Large and Complex
○ Inequalities
○ Difficult governance
○ 30 different Medical Specialties, 20 types of Health Service Providers
○ High frequency of Policy and Rule changes
● Difficult medicine practice
○ Poor infrastructure - high risk
○ Proliferation of medical schools - bad quality professionals
● Incomplete institutional information exchange
○ Diversity of technologies, legacy systems and standards

● How to make good quality inspection reports, with agility, especially
considering the high amount of laws, recommendations, policies and
standards? And to create good statistics of those reports ?
● How to access legacy system data of other government departments without
bureaucracy, to check licences, records and information integrity ? Is the data
safe, monitored, fast, reliable ?
● What could be done to facilitate interaction between the doctors and the
council?

● Which service providers or doctors are working irregularly?
● What about medical advertising, are doctors respecting each other? Are their
advertisements deceiving patients to patients ? (Or even lying !?!)
● What if a patient goes to a clinic doing an endoscopic procedure, which
needs sedation, and he has a bad reaction to the anesthetic, and ends up
dying?
○ Did the life support equipment work properly ? Did the doctor do the
procedure correctly?
○ What is the real cause? Should the council revoke the doctor's work
license?
○

About GBR
● Founded in 2008
● Consulting, Software Engineering & Architecture, Training
● Applications:
○ support Inspectors and Counselors in their principal job -
Professional Discipline, Guiding, Inspections
○ online services that control the Doctors and Service Providers
in their “life cycle” within Councils
○ to do quality auditing and certification of medical schools

Base system
Federal Council - National Inspections Platform
● support Inspectors and Counselors in their principal job -
Professional Discipline, Guiding, Inspections
● Modules:
○ Inspections Control and Scheduling
○ Inspection execution - checklists, images,
notifications, dynamic forms.
○ Reports, Statistics

Base system
Regional Council - Online Services
● Support Doctors and Health Service Providers (as
Technical Director) in their “life cycle” within Council - from
start of Medicine Practice to retirement.
● More than 40 types of services:
○ First Registration, Transfers States, Secondary
Licence, Fee payment, Certificates, Profile
update, Renew Licence, etc.
○ Tools for back office employees

Base system
Federal Council - Accreditation Platform SAEME
● Support Counselors and the Education Medical
Association to do quality auditing and certification
of medical schools
● Covers whole process of auditing and evaluation
● Recognized by World Federation for Medical
Education

Base system
Server
● JAVA EE 6
● Jboss7
● Tomcat 6, 7
Client
● Adobe Flex
● Adobe Air
● Angular JS 1
Data Integration
● Kettle
ON-PREMISSE!

About GBR coverage
Federal Medical
Council Nationwide
Regional
Medical Councils
National Inspection
Platform
CFM
Accreditation of
Medical Schools -
SAEME
South
Regional Santa Catarina
CRMSC
South
Regional Rio Grande do Sul
CREMERS

Base system

Backend Architecture Roadmap
● Improve overall system architecture
○ Java EE 6 → Jakarta EE8
○ Security
○ Fault Tolerance
○ Performance
○ Monitoring
● API Gateway
○ Secure OAuth 2.0 + HTTP signatures
○ Microservice Monitoring and routing
○ Standard Integrations - RMI, SOAP, → REST
● Cloud Native
○ Different cloud providers
● Provide APIs to other institutions
● javax -> jakarta namespace

(formerly known as Java EE)

Eclipse foundation
https://www.eclipse.org/membership/documents/eclipse-foundation-overview.pdf
360+ 275+ 1550+
195M+ 15 30

Eclipse foundation, EE4J, Java EE, and Jakarta EE

Eclipse MicroProfile
● An open-source community specification
● Focus on Enterprise Java microservices
● Generates: SPEC, API, and TCK.
● https://microprofile.io
● Implemented by different vendors.

Eclipse MicroProfile
MicroProfile 3.3
JAX-RS 2.1JSON-P 1.1CDI 2.0
Config
Fault
Tolerance
JWT
Propagation
HealthMetrics
Open
Tracing
Open API Rest Client
JSON-B 1.0

● Apache Tomcat + Java EE = Apache TomEE
● Built from Apache components
● MicroProﬁle compliant
● Footprint: 30MB zip, 100~MB memory
● TomEE 9.0.0-M3 (javax -> jakarta)
● tomee.apache.org

Apache TomEE
TomEE JAX-RS Microproﬁle
Java Server Pages
(JSP)
Java Server Faces
(JSF)
Java Transaction
API (JTA)
Bean Validation
Enterprise
JavaBeansJavaMail API
Java API for
RESTful Web
Services (JAX-RS)
Java Persistence
API (JPA)
Contexts and
Dependency
Injection (CDI)
Java Servlets
Java
Authentication and
Authorization
Service (JAAS)
Java Authorization
Contract for
Containers (JACC)
http://tomee.apache.org/comparison.html

http://tribestream.io/

Migration scenarios
• The javax.* namespace
egrep -lRZ 'javax' . | xargs -0 -l sed -i -e 's/javax/jakarta/g'
branch / Jakarta 8 & MicroProﬁle 3
Service #
master / Jakarta 9.x & MicroProﬁle 4?

Migration scenarios
• Bytecode level
• No branches. No forks. No merge-conflict hell. Just two separate binaries
from the same source;
masterService #
Jakarta 9.x & MicroProfile 4?
Jakarta 8 & MicroProfile 3

Jakarta EE 9 Server Up and Running
Get the Binary :)
1. Download apache-tomee-9.0.0-M3-microprofile.zip from
https://tomee.apache.org
2. unzip apache-tomee-9.0.0-M3-microprofile.zip
3. chmod +x apache-tomee-microprofile-9.0.0-M3/bin/catalina.sh
4. ./apache-tomee-microprofile-9.0.0-M3/bin/catalina.sh run

Build and run
1. wget https://github.com/apache/tomee/archive/tomee-project-8.0.4.zip
2. unzip tomee-project-8.0.4.zip
3. cd tomee-tomee-project-8.0.4/examples/mp-custom-healthcheck
4. idea . #Or your favorite IDE
5. mvn verify
6. Inspec mp-custom-healthcheck-jakartaee9-8.0.4.war
7. target/mp-custom-healthcheck-jakartaee9-8.0.4.war
<TomEE9M3_HOME>/webapps
Jakarta and MicroProﬁle Project

Jakarta EE 9 Up and Running
Test the application
curl -X POST http://localhost:8080/moviefun-rest-jakartaee9-8.0.4/rest/load
curl -s http://localhost:8080/moviefun-rest-jakartaee9-8.0.4/rest/movies/ | jq
open https://tomee.apache.org/tomee-9.0/examples/moviefun-rest.html

Telemedicine Support - Doctor's Prescriptions System
● 5 days development
○ REST API
● Some integrations
○ Doctor's space login, Federal Companies Database, Pharmacies Database, Google
Authenticator (two factor auth)
● Sensitive data protection
○ Attribute Converter
Medical Practice!
Digital Prescription Digital Prescription
Doctor Patient Pharmacy
Receive / Validate
Emit

Digital Prescription

● Almost 580K prescriptions in south of Brazil installations-- since Mar/ 2020.
Santa Catarina State Rio Grande do Sul State

Lessons learned so far in the journey

MicroProfile Config
Before
● Sensitive information within project files
● Complex properties customizations
● Infrastructure environment management was painful

Conﬁg
After
● Sensitive information decoupled from the application code
● Container friendly
● Easy hierarchy for environment variables vs maven -D
● Allow easy container horizontal scaling

MP Conﬁguration
@Inject
@ConﬁgProperty(name = "log.enabled", defaultValue = "true")
private Boolean logEnabled;
@Inject
private JsonWebToken token;
public void info(String message) {
if (logEnabled) {
if (token == null || !token.claim("email").isPresent()) {
logger.info(message);
} else {
logger.info(token.claim("email").get() + " - " + message);
}
}
}

Before
● Manual process and lack of coverage
● Disperse monitoring
● Hard to trace
● “It’s slow”, “a glitch”, “restarts”
● Reactive most of the time
Health Check + Metrics

After
● JSON base alerts are now centralized and provide uniﬁed notiﬁcations
● Custom rules base on standard status
● Proactiveness since the last 3 months
● Improves user satisfaction
Health Check + Metrics

Microproﬁle HealthCheck
@Health
@ApplicationScoped
public class DatabaseHealthCheck implements HealthCheck {
@PersistenceContext(unitName = "crvirtual_unit")
protected EntityManager manager;
@Override
public HealthCheckResponse call() {
HealthCheckResponseBuilder responseBuilder = HealthCheckResponse.named("oracle");
try {
String result = (String) manager.createNativeQuery("select * from dual").getSingleResult();
if(result.equals("X")){
return responseBuilder.up().build();
} else {
return responseBuilder.down().build();
}
} catch (Exception e) {
return responseBuilder.withData("error", e.getMessage()).down().build();
}
}
}

Microproﬁle HealthCheck

JWT Authentication
Before:
● Basic HTTP Auth with session management
● Challenges for microservices
○ New stateless security requirement
○ Authentication and Authorization between microservices
○ Overhead and single point of failure

JWT Authentication
After:
● OAuth 2.0 JWT
○ Stateless security
○ Authentication and Authorization between microservices
○ State was kept on the server and pointer on the client side

Microprofile JWT
/** Microprofile JWT **/
@Inject
private JsonWebToken token;
/** Microprofile Config **/
@Inject
@ConfigProperty(name = "log.enabled", defaultValue = "true")
private Boolean logEnabled;
private Logger logger = Logger.getLogger(CrVirtualLogger.class.getName());
public void info(String message) {
if (logEnabled) {
if (token == null || !token.claim("email").isPresent()) {
logger.info(message);
} else {
logger.info(token.claim("email").get() + " - " + message);
}
}
}

Authentication
● Protected Access into Medical Knowledge databases

Authentication
● Protected Access into Federal Companies Database

Rest Client
Before
● JAX-RS Client
● No type-safe
● Service needed to be understood
● Request needed to be built by hand every time
● Not the best reusability of the code

Rest Client
After
● Type-safe approach
● Usage of interfaces to call the services
● Header propagation and handling made easy
● Smooth JWT propagation

@Dependent
@RegisterRestClient
public interface SerproSearchClient {
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response getToken(String body);
@GET
public Response searchCompany(@HeaderParam("Authorization") String key,
@HeaderParam("Accept") String accept);
}
Microproﬁle RestClient

Microproﬁle RestClientimport org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
import javax.enterprise.context.Dependent;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import java.util.List;
@RegisterRestClient
@Path("api/doctors")
public interface DoctorResourceClient {
@GET
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
Doctor find(@PathParam("id") Long id);
@GET
List<Doctor> getDoctors();
@POST
@Consumes("application/json")
Doctor addDoctor(Doctor doctor);

Microproﬁle RestClientimport org.superbiz.moviefun.mpclient.DoctorResourceClient;
@Inject
@RestClient
private DoctorResourceClient doctorResourceClient;
public void printAllDoctors(){
List<Doctor> doctors = doctorResourceClient.getDoctors();
for (Doctor doctor : doctor) {
LOGGER.info(doctor.toString());
}
}
public void addNewDoctor() {
Doctor newDoctor = new Doctor ("7","Doctor 007.");
doctorResourceClient.addDoctor(newDoctor);
}

Before
● Legacy system was not well document
● Documentation not fully aligned with master code
○ Duplication of code
○ Design ﬁrst approach not trustable
OpenAPI

OpenAPI
After
● Standard visibility
● Find duplication of code
● Allowed API design approach
● swagger-ui

OpenAPI
@Operation(description = "To search Doctors by their record number")
@APIResponses({
@APIResponse(responseCode = "200", description = "Success",
content = @Content(schema = @Schema(implementation = User.class))),
@APIResponse(responseCode = "400", description = "Bad Request") })
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("{recordNumber}")
public Response getDoctor(@PathParam("recordNumber") Long recordNumber) {
try {
logger.info("searching Doctors by record number");
return Response.ok(dao.getByRecordNumber(recordNumber)).build();
} catch (Exception e) {
throw new WebApplicationException(
Response.status(Response.Status.BAD_REQUEST).entity(new ErrorMessages(e.getMessage())).build());
}
}

OpenAPI

Thank you
Rafael Guimarães, César Hernández
Keeping Brazil’s Medical Industry
Safe with MicroProﬁle

Keeping brazil's medical industry safe with Micro Profile and JakartaEE - Jakarta One 2020

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Keeping brazil's medical industry safe with Micro Profile and JakartaEE - Jakarta One 2020

Ähnlich wie Keeping brazil's medical industry safe with Micro Profile and JakartaEE - Jakarta One 2020 (20)

Mehr von César Hernández

Mehr von César Hernández (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Keeping brazil's medical industry safe with Micro Profile and JakartaEE - Jakarta One 2020