A fast, lightweight and more productive microservices framework
Latest commit 7bf7b4d Sep 22, 2018
Failed to load latest commit information.
audit fixes #275 create a new http-string module that depends on Undertow Sep 4, 2018
balance bot checkin Aug 16, 2018
basic-auth fixes #266 rename basic to basic-auth Aug 20, 2018
body fixes #276 create http-url module for url related utility Sep 4, 2018
client Updated SAMLBearerRequest to move config paring outside the construct… Sep 21, 2018
cluster bot checkin Aug 16, 2018
common bot checkin Aug 16, 2018
config fixes #294 Update the config module output to error only when config … Sep 22, 2018
consul fixes #279 change based on the code review Sep 10, 2018
content bot checkin Aug 16, 2018
correlation fixes #275 create a new http-string module that depends on Undertow Sep 4, 2018
cors bot checkin Aug 16, 2018
data-source fixes #269 rename datasource to data-source Aug 20, 2018
decryptor bot checkin Aug 16, 2018
deref-token fixes #268 rename deref to deref-token Aug 20, 2018
dump bot checkin Aug 16, 2018
email-sender fixes #278 update EmailSender to trust the host from the email.yml Sep 5, 2018
exception bot checkin Aug 16, 2018
handler Related to #249, fixed a bug in checking for method along with source… Sep 11, 2018
header bot checkin Aug 16, 2018
health bot checkin Aug 16, 2018
http-string fixes #275 create a new http-string module that depends on Undertow Sep 4, 2018
http-url fixes #276 create http-url module for url related utility Sep 4, 2018
info bot checkin Aug 16, 2018
ip-whitelist fixes #235 add a handler for IP whitelisting Aug 29, 2018
mask fixes #276 create http-url module for url related utility Sep 4, 2018
metrics bot checkin Aug 16, 2018
prometheus bot checkin Aug 16, 2018
rate-limit fixes #267 rename limit to rate-limit Aug 20, 2018
registry fixes #273 set the right default port number for DirectRegistry Sep 1, 2018
resource bot checkin Aug 16, 2018
sanitizer bot checkin Aug 16, 2018
security Merge pull request #265 from networknt/oauth-provider Aug 19, 2018
server fixes #294 Update the config module output to error only when config … Sep 22, 2018
service bot checkin Aug 16, 2018
status fixes #288 rollback removed status code Sep 11, 2018
switcher bot checkin Aug 16, 2018
traceability fixes #275 create a new http-string module that depends on Undertow Sep 4, 2018
utility fixes #286 fix a typo in HashUtil Sep 10, 2018
zookeeper bot checkin Aug 16, 2018
.gitignore Fix issue where handler.yml support requires HandlerProvider Aug 9, 2018
.travis.yml add a new profile to skip gpg for travis ci Sep 22, 2016
CHANGELOG.md bot checkin Sep 22, 2018
CONTRIBUTING.md fixes #61 response time and status code is not shown up in audit.log … May 8, 2017
LICENSE Initial commit Sep 9, 2016
README.md Update Readme Sep 8, 2018
pom.xml update json-schema-validator version Sep 11, 2018


A fast, lightweight and cloud-native microservices framework.

Developer Chat | Documentation | Contribution Guide |

Build Status

Why called Light 4J

Light means lightweight, lightning fast and shedding light on how to program with modern Java SE.

Why this framework

Fast and small memory footprint to lower production cost.

It is 44 times faster than the most popular microservices platform Spring Boot embedded Tomcat and use only 1/5 of memory. Here is the benchmark results compare with Spring Boot and other microservices frameworks. Here is the comparison with other Web frameworks.

Provide an embedded gateway to address cross-cutting concerns.

  • Plugin architecture for startup/shutdown hooks and middleware components
  • Distributed OAuth2 JWT security verification as part of the framework
  • Request and response validation against OpenAPI specification at runtime
  • Metrics collected in Influxdb/Prometheus and viewed from Grafana Dashboard for both services and clients
  • Global exception handling for runtime exception, API exception, and other checked exceptions
  • Mask sensitive data like the credit card, sin number, etc. before logging
  • Sanitize cross-site scripting for query parameters, request headers and body
  • Audit to dump important info or entire request and response.
  • Body parser to support different content types
  • Standardized response code and messages from the configuration file
  • Externalized configuration for all modules for the dockerized environment
  • CORS pre-flight handler for SPA (Angular or React) from another domain
  • Rate limiting for services that exposed outside to the Internet
  • Service registry and discovery support direct, Consul and Zookeeper
  • Client-side discovery and load balance to eliminate proxies
  • A client module that is tightly integrated with Light-OAuth2 and supports traceability

Design and Test driven development to increase productivity

Design OpenAPI specification and generate the service from it. The specification is also part of the framework to drive security verification and request validation at runtime.

Unit/End-to-End test stubs are generated to enable test driven approach for quality product.

Debugging within IDE just like standalone application for better developer productivity.

Built-in DevOps flow to support continuous integration to production

Dockerfile and DevOps supporting files are generated to support dockerization and continuous integration to production.

Multiple frameworks for different type of microservices

  • light-rest-4j is a RESTful microservice framework with OpenAPI specification for code generation and runtime security and validation
  • light-graphql-4j is a GraphQL microservice framework that supports schema generation from IDL and plugin.
  • light-hybrid-4j is a hybrid microservice framework that takes advantages of both monolithic and microservice architectures.
  • light-eventuate is a messaging based microservice framework based on Kafka, event sourcing and CQRS

Multiple languages support

All the open sourced frameworks are built in Java and we are working on Nodejs framework internally. In the future, we might provide Golang framework as well and all them are sharing the same eco-system and market place.

OAuth2 server, portal and services to form ecosystem

OAuth2 Server for security and Portal for production monitor and management. The portal is also a marketplace to link clients and services together.

Getting Started

There are two ways to start your project:

Light-codegen generator

You can use light-codegen to generate a working project. Currently, it supports light-rest-4j, light-graphql-4j, light-hybrid-server-4j and light-hybrid-service-4j. light-eventuate code generator is coming.

The light-codegen project README.md describes four ways to use the generator with examples.

  • Clone and build the light-codgen and use the codegen-cli command line utility
  • Use docker image networknt/light-codegen to run the codegen-cli command line utility
  • Use generate.sh from model-config repo to generate projects based on conventions.
  • Generate code from web site with codegen-web API. (API is ready but UI needs to be built)

Starting from an example project

The other way to start your project is to copy from light-example-4j.

You can find the description of these examples

Also, there are some tutorials


To run/debug from IDE, you need to configure a Java application with main class "com.networknt.server.Server" and working directory is your project folder. There is no container and you are working on just a standalone Java application.

Start Server


create a Java application that main class is com.networknt.server.Server and working directory is your project root folder. You can debug your server just like a POJO application.

From Maven

mvn exec:exec

Command Line

java -jar target/demo-0.1.0.jar

Stop Server

you can use Ctrl+C to kill the server but for production use the following command

kill -s TERM <pid>

The server has a shutdown hook and the above command allow it to clean up. For example, complete in-flight requests and close the database connections etc. If service registry and discovery is used, then the server will send shutdown event to service registry and keep processing requests for 30 seconds until all clients refreshes their local cache before shutting down.



Light-4j and all light-*-4j frameworks are available under the Apache 2.0 license. See the LICENSE file for more info.