Broadleaf services are built using Java and the Spring Framework. See the (Tech Stack) article for more about the technologies used in Broadleaf.
Each service uses a layered architecture with endpoints, services, domain mapping, and persistence tiers. The article on Service Anatomy explains this further.
Each service can be deployed separately and scaled independently or composed together for ultimate Deployment Flexibility.
Broadleaf can be deployed in AWS, Azure, Google Cloud, as well as private data centers.
Broadleaf Microservices are each horizontally scalable and can be autoscaled when deployed as part of a Kubernetes (or other competing containerization strategy) managed pod.
The Broadleaf framework provides many security aspects. Broadleaf provides an
AuthorizationService which can be used by customers and admins to generate secure oAuth tokens
(JWT) for making service API calls.
Broadleaf uses a
Policy annotation to protect endpoints and data with the ability to have role
based access for read and write operations. Broadleaf uses an "ownership" security model for
items like a cart or customer record that allows the authenticated user to call APIs to access
their specific records while protecting the records of other customers.
See the (Security) article for more details.