[英]How to pass JWT token from a microservice that consumes another microservice?
I have two microservices say A and B. In all REST endpoints for both microservices, I have implemented JWT authentication.我有两个微服务,比如 A 和 B。在这两个微服务的所有 REST 端点中,我都实现了 JWT 身份验证。 A user has to hit an endpoint ("/login") with username and password and generate a token and pass this as a RequestHeader to all end points in both the services.
用户必须使用用户名和密码访问端点(“/login”)并生成令牌并将其作为 RequestHeader 传递给两个服务中的所有端点。 Say in microservice A, I have an endpoint ("test1/createSomething").
在微服务 A 中说,我有一个端点(“test1/createSomething”)。 In BI have another have an endpoint ("test2/getSomething").
在 BI 中有另一个有一个端点(“test2/getSomething”)。 Now I am able to call ("test2/getSomething") from service B, in ("test1/createSomething") in service A using Feign client.
现在我可以使用 Feign 客户端在服务 A 的 ("test1/createSomething") 中从服务 B 调用 ("test2/getSomething")。
But I am not sure how to implement this in a way that I generate the JWT token in service A and pass it along to service B, to consume its services.但是我不确定如何以在服务 A 中生成 JWT 令牌并将其传递给服务 B 以使用其服务的方式来实现这一点。
Please help.请帮忙。 Beginner in microservices and exploring things.
微服务初学者和探索事物。
One approach you can try is by having a separate session/jwt service.您可以尝试的一种方法是拥有单独的会话/jwt 服务。 Roles and responsibility of that service would be to store/validate and authenticate having following endpoints.
该服务的角色和职责是存储/验证和验证具有以下端点。
So you can have a flow like this :-所以你可以有这样的流程:-
1. First hit to login-service > login service getting token from jwt-service > returning jwt token to UI/client.
2. UI/Client passing received jwt token to service-b via headers> which indeed pass jwt token to service-a, where each service independently calls is_token_valid() of jwt-service and process the request only after getting success response.
To implement this in spring-boot, what you can do is by adding an interceptor layer, that is being called before every Controller class, where is reads headers, extracts jwt-token and validates that from jwt-service.要在 spring-boot 中实现这一点,您可以做的是添加一个拦截器层,它在每个 Controller 类之前调用,其中读取标头,提取 jwt-token 并从 jwt-service 验证它。
You can look at the similar answer here .您可以在此处查看类似的答案。 Another reference here
这里的另一个参考
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.