Communication between Spring microservices
Question
I am still learning microservices and I am asking myself, how do we secure our rest-points? I use the famous framework Spring Boot which extends from Spring. What is the best or most used pattern to secure the endpoints of a rest API?
When I use Spring Security with oAuth2, I always need to send the credentials in the body of the request. Is there an approach without the credentials and which is easier to implement? Like API-Tokens?
I always prefer practical tutorials.
2 answers
solution1
1 2017-08-14 17:07:23
I can suggest to look into spring security and various options that it provides. If however you are looking from microservices standpoint, you are on a right path with access tokens and as suggested JWT will do good. No to get a JWT you can opt for another small auth service using say Pac4j or similar tools out there.
I prefer to use keycloak initially Its a open source IAM There are several examples that you can find as to how to get started with Keycloak and Spring boot But here is the one that I wrote some time back .
-- Just to add that for microservices it makes sense to use AccessTokens as you are not required to keep user creds and pass it along every service and also services can verify the tokens all by themselves without making an expensive network call to your auth service.
solution2
1 2017-08-14 18:12:23
我可以建议看一下这个示例(使用“服务器”范围): https : //github.com/sqshq/PiggyMetrics以及更高级的配置: http : //cloud.spring.io/spring-cloud-config/弹簧云config.html#_security
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.