Authentication and Authorization for microservices architecture
Question
I have implemented microservices architecture in Spring Boot. All services are accessible from the front-end. There are 2 types of API in few Microservices -
- Public - (Directly Accessible from the front-end)
- Internal - (for inter-service communication)
I have implemented JWT based authentication. But I want to know how to implement auth for internal APIs? In internal API we will not get the JWT token. Auth is needed because someone can mock a private API. For Authentication, we are using an auth service. All other services call the Auth service before every API call to authenticate the request.
1 answers
solution1
1 2020-09-16 14:57:28
Auth is needed because someone can mock a private API
While this may be true, an attacker would need to be inside your network already.
However, assuming you still need secure intra-service communication, you could look at service discovery to mediate this communication. Service registry platforms such as Eureka or Consul , will allow you to set up service discovery.
Eureka is commonly used in sprint boot applications, and is fairly lightweight, but weighted toward AWS hosting.
In addition to other benefits, such as configuration management, failure detection, and load balancing, these platforms will also enable you to secure your intra-service communication.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.