堆栈内存溢出
  简体   繁体   English

微服务架构,Spring Cloud Config Server、Zuul Gateway Server、Eureka Server是否应该作为资源进行保护?

[英]Micro-Service Architecture, Should the Spring Cloud Config Server, Zuul Gateway Server and Eureka Server be protected as Resources?

 原文  2020-04-19 16:19:37       java/ spring-boot/ security/ microservices

问题描述

I have a micro service architecture like below:我有一个如下的微服务架构:

  1. Spring Cloud Config Server has all the configuration for all the services. Spring 云配置服务器具有所有服务的所有配置。
  2. Eureka Server that registered each services and holds the information about all client-service applications.注册每个服务并保存有关所有客户端服务应用程序的信息的 Eureka 服务器。
  3. Zuul GateWay Server provides a single point for accessing all the services. Zuul Gateway Server 提供了一个访问所有服务的单点。
  4. OAuth2 Server that authenticates and generating the token for accessing the protected services. OAuth2 服务器,用于验证和生成用于访问受保护服务的令牌。
  5. Services A,B and C are the expose rest endpoint that are called by client app.服务 A、B 和 C 是由客户端应用程序调用的公开 rest 端点。 All these service are protected as resource server and should be accessed with token generated by authenticating in Oauth2 Server.所有这些服务都作为资源服务器受到保护,并且应该使用通过在 Oauth2 服务器中进行身份验证生成的令牌来访问。

My question is regarding the Spring Cloud Config Server, Eureka Server and Zuul Gateway server.我的问题是关于 Spring Cloud Config Server、Eureka Server 和 Zuul Gateway 服务器。 Should these service of be protected as Service A,B and C.这些服务是否应作为服务 A、B 和 C 进行保护。 If not, how do we secure them?如果没有,我们如何保护它们?

I am having a hard time to understand how it will work if i secure the Configuration server as protected resource.如果我将配置服务器保护为受保护的资源,我很难理解它将如何工作。 Because if i made it as protected resource the eureka server, gateway server and all other service depends on the configuration of the configuration server.因为如果我将它作为受保护的资源,eureka 服务器、网关服务器和所有其他服务都取决于配置服务器的配置。

I will appreciate any help by you guys.我会感谢你们的任何帮助。

Regards.问候。

1 个解决方案

解决方案1
 0  2020-04-21 14:16:52

Whether or not you protect these resources depends on your deployment architecture and security requirements.您是否保护这些资源取决于您的部署架构和安全要求。

Generally, the Zuul Gateway Server service is available on an external network, while the Spring Cloud Config Server and Eureka Server services are only available on a secure network.一般Zuul Gateway Server服务在外网可用,而Spring Cloud Config Server和Eureka Server服务只能在安全网络上使用。

Each microservice in the microservice architecture must be responsible for its own security, ie each service must have security enabled.微服务架构中的每个微服务都必须对自己的安全负责,即每个服务都必须启用安全性。

Access to each microservice must be obtained through the authorization and authentication service.必须通过授权和认证服务来获得对每个微服务的访问权限。

Thus, there is no need to enable the protection of the Zuul Gateway Server and it becomes a dumb proxy.因此,无需启用 Zuul 网关服务器的保护,它就变成了一个哑代理。

But if necessary each of these services can have protection enabled::但如有必要,这些服务中的每一个都可以启用保护::

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Netflix eureka客户端微服务未在eureka服务器上注册 - Netflix eureka client micro-service is not registering with eureka server 如何使用尤里卡服务器在 spring 启动应用程序中禁用微服务实例? - how to disable an instance of micro-service in spring boot application using eureka server? 带有配置服务器的 Spring Cloud Eureka - Spring Cloud Eureka with Config Server spring云网关不兼容eureka服务器 - spring cloud gateway not compatible with eureka server Spring Cloud-Zuul服务器错误 - Spring Cloud - Zuul Server error 如何在一个 Spring Boot 应用程序中的不同端口上运行 api-gateway(Netflix Zuul) 和 Eureka Server - How to run api-gateway(Netflix Zuul) and Eureka Server on different port in one Spring Boot application Dockerized Zuul Gateway 无法连接到 Dockerized Eureka Server - Dockerized Zuul Gateway failing to connect to dockerized Eureka Server 在启动时通过Netflix Eureka Discovery实现Spring Cloud Config Server循环依赖 - Spring Cloud Config Server Circular Dependency With Netflix Eureka Discovery on Startup 保护微服务Spring Cloud安全性Oauth2 - Securing micro-service spring cloud security Oauth2 如何将Spring Cloud Zuul服务器设置为代理服务器 - How to setup Spring Cloud Zuul server as proxy server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM