在微服务架构中,我有包含用户详细信息的微服务,但在 zuul API 网关中,我想对我的请求进行身份验证
[英]In microservice archticture, i have microservice which have user detail but in zuul API gateway i want to authenticate my requests
问题描述
microservices architecture I have a micro service(userservice:user related microservice) but in Zuul API gateway application i want to authenticate requests for all microservices and use spring security.
微服务架构我有一个微服务(用户服务:用户相关的微服务),但在 Zuul API 网关应用程序中,我想对所有微服务的请求进行身份验证并使用 spring 安全性。 I have to create signin and signup requests(AuthController) in Zuul application which require datasources,userRepository all things in zuul application.我必须在 Zuul 应用程序中创建登录和注册请求(AuthController),这些请求需要数据源、userRepository zuul 应用程序中的所有内容。
If i use userservice(microservice user related)for other user related requests then i have use same datasource and create duplicate beans and repository for same data source which i already created in zuul api gateway application ?如果我将用户服务(微服务用户相关)用于其他用户相关请求,那么我使用相同的数据源并为我已经在 zuul api 网关应用程序中创建的相同数据源创建重复的 bean 和存储库?
1 个解决方案
解决方案1
0 2020-03-19 13:52:00
I don't feel it would be a good design to authenticate usenames and passwords at gateway level.我认为在网关级别验证用户名和密码不是一个好的设计。 Instead what you can do is, you can add JWT tokens which can validate the request itself in zuul filters.相反,您可以做的是,您可以添加 JWT 令牌,这些令牌可以在 zuul 过滤器中验证请求本身。 This can be one level of verification at gateway level.这可以是网关级别的一级验证。 Second, you can implement caching at api level which would significantly increase the throughput of your backend security api.其次,您可以在 api 级别实现缓存,这将显着增加后端安全 api 的吞吐量。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.