[英]Micro-services Authorization and session maintenance - spring boot
I have application that I want to divide into micro-services to increase overall performance on high load. 我有想要划分为微服务的应用程序,以提高高负载下的整体性能。 Overall structure I plan to create like this: 我计划创建总体结构,如下所示:
Web -> Authorization Server -> Eureka + Zulu -> Spring boot Micro-services
Since my previous application was monolith I used Spring boot + Spring security and had no problem while logging things like @CreatedBy @LastModifiedBy - I laso use Aspects to log every action in app and track who made the changes. 由于我以前的应用程序是整体应用程序,因此我使用了Spring Boot + Spring安全性,并且在记录@CreatedBy @LastModifiedBy之类的内容时没有问题-我也使用Aspects记录了应用程序中的每个操作并跟踪谁进行了更改。 Now since I don't have session across microservicies I don't know what to do - I do need to log the action owners - log who is doing what. 现在,由于我没有跨微服务的会话,所以我不知道该怎么做-我需要记录操作所有者-记录谁在做什么。
Can someone tell me how can I maintain the logging possibilities in my new structure. 有人可以告诉我如何在新结构中维护日志记录的可能性。 Maybe there is some ready made patters or maybe I need to make some changes in my structure? 也许有一些现成的模式,或者我需要对结构进行一些更改?
How are you dealing with authorization? 您如何处理授权? If the web component calls the authorization server with an authentication token, that token should be forwarded when calling microservices. 如果Web组件使用身份验证令牌调用授权服务器,则在调用微服务时应转发该令牌。 Every microservice should be stateless (so, no session is ever stored), and that token should contain information about the user so each microservice can access it and authenticate requests. 每个微服务都应该是无状态的(因此,永远不会存储任何会话),并且该令牌应包含有关用户的信息,以便每个微服务都可以访问它并验证请求。
If you could specify what you mean by Authorization Server, I'll be glad to explain in greater detail. 如果您可以指定Authorization Server的含义,我将很乐于详细解释。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.