Securing spring cloud functions with spring security
Question
I have a requirement to secure rest endpoints exposed by spring cloud functions hosted on azure. We want to use spring security to authenticate and authorize the call but I am unable to do it. The same code works on springboot application but does not have any effect on spring cloud functions.
So breaking down my question into smaller chunks
- Does spring cloud functions support spring security?
- If yes, how can this be achieved.
- If no, what should be the approach to achieve this?
2 answers
solution1
0 2019-07-23 13:34:29
If you have a controller with your api, you can implement oAuth2 with spring security where it provides a token to protect your urls.
Tutorials: https://dzone.com/articles/securing-rest-services-with-oauth2-in-springboot-1 https://medium.com/google-cloud/understanding-oauth2-and-building-a-basic-authorization-server-of-your-own-a-beginners-guide-cf7451a16f66
If u need help for configure all type of clients, just comment below and I'll do my best to give you the right answer.
solution2
0 2019-07-23 13:38:33
- Doubt... Spring Security is quite a heavy mechanism which requires either some in-memory storage ( sessions, user credentials, etc. ) or a connection with a storage solution ( eg: db ) or auth server. All of these implementations would be quite out of the scope for a simple function. Theoretically, it is possible but highly inefficient.
- -
- I'm guessing that you have some sort of API gateway in front of those functions. A common pattern is to intercept all the calls in that gateway, authenticate and authorize them ( either calling a service or use an in-built auth mechanism, depending on your requirements ) and then forward them to your spring cloud functions which can be called only from inside your network ( by API gateway ).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.