简体繁体 English

两个资源微服务之间的预定通信

[英]Scheduled Communication between two Resource MicroServices

原文 2017-03-20 09:30:23 6 2 java/ security/ spring-boot/ authorization/ microservices

The scenario is I have two Resource Micro Services(Secured with Spring Security), let us assume A & B. A wants to collect data from B on a scheduled way for ex A will call the B's endpoint every hour to collect some data. 场景是我有两个资源微服务（由Spring Security保护），让我们假设A和B。A希望以预定的方式从B收集数据，例如A每小时都会调用B的端点来收集一些数据。 The catch is two resource services can communicate with each other if they have a valid access token or we can say a user logged in. But scheduled jobs have to run continuously independent of having a logged in User. 问题是，两个资源服务如果具有有效的访问令牌或我们可以说是用户登录，则可以彼此通信。但是计划的作业必须连续运行而不依赖于已登录的用户。 So what should be the correct way to call B from A. 那么从A调用B的正确方法应该是什么。

a. 一种。 To have a configuration for a super default user to run scheduled jobs, authenticating implicitly? 要为超级默认用户进行配置以运行计划的作业，是否进行隐式身份验证？

NOTE: The scheduled job is independent of user intervention. 注意：计划的作业独立于用户干预。

2 个解决方案

It is better to keep all services outside of the world( isolation on network level ) except one service which is the single-entry point for your clients where authentication/authorization handled. 最好将所有服务保持在世界范围之外（ 在网络级别隔离 ），但一项服务除外（这是为您的客户端处理身份验证/授权的单入口） 。 So you only need to implement security related operations/validations on that service than let client's request pass through other services. 因此，您只需要对该服务实施与安全性相关的操作/验证，而不是让客户端的请求通过其他服务传递。

Since you isolate your services from the world and no security implemented on rest of the services, you don't need token or validation for inter-service communication. 由于您将服务与世界隔离开来，并且在其余服务上均未实现安全性 ，因此您不需要令牌或验证即可进行服务间通信。

When we´re working with API security the most used protocol is OAuth 2.0. 当我们使用API安全性时，最常用的协议是OAuth 2.0。

When dealing with client-service authentication/ authorization the most fit access token provisioning would be by Authorization Code Flow. 在处理客户端服务身份验证/授权时，最合适的访问令牌供应将由授权代码流进行。

However, when dealing with service-to-service authentication / authorization the most fit access token provisioning would be by JWT Authorization Flow. 但是，在处理服务到服务的认证/授权时，最合适的访问令牌供应将由JWT授权流程进行。 Is this case the the requestor need to genereate a JWT token using a private key. 在这种情况下，请求者需要使用私钥生成JWT令牌。

But if want to keep simple and the network restrictions are in place you could use a simple client credantials flow in OAuth. 但是，如果要保持简单性并且网络限制适当，则可以在OAuth中使用简单的客户端证书流。

There are a interresting topic about handle batch processing with OAuth 2.0 in the nordicapi blog: nordicapi博客中有一个有关使用OAuth 2.0处理批处理的有趣话题：

http://nordicapis.com/how-to-handle-batch-processing-with-oauth-2-0/ http://nordicapis.com/how-to-handle-batch-processing-with-oauth-2-0/

For more information check the links bellow: 有关更多信息，请检查下面的链接：

http://websystique.com/spring-security/secure-spring-rest-api-using-oauth2/ http://websystique.com/spring-security/secure-spring-rest-api-using-oauth2/

http://blog.monkey.codes/how-to-use-jwt-and-oauth-with-spring-boot/ http://blog.monkey.codes/how-to-use-jwt-and-oauth-with-spring-boot/