Suggestion for microservices security spring boot
Question
I want to create a project with spring boot , based on microservices . I implemented a gateway with Zuul and now not sure what to use for the security between microservices. I need the microservices to be aware of the user's permissions when they get a request, also they might communicate with each other, not only gateway. I am using spring boot 2.5.7 , but seems that oauth2 is deprecated, I also read about spring authorization server , but it is is experimental. What should i use for security and also if you have some tutorials will be great.
PS It will help a free solution, even if it means more implementation.
Thank you.
2 answers
solution1
0 2021-11-25 13:35:35
What if you do your security only at gateway layer? and keep your micro-services without security? Not sure if will fit your requirements.
Check this example using AWS gateway + cognito, same idea:
https://aws.amazon.com/blogs/startups/how-stacs-uses-cognito-and-api-gateway/
solution2
0 ACCPTED 2021-11-25 13:48:19
Some precisions:
Spring Security OAuth2 is deprecated because the OAuth2 features (except the authorization server) were merged into spring security core. About spring authorization server, the project is no more experimental see releases notes: https://github.com/spring-projects/spring-authorization-server you can use it as an oauth2 provider.
That means, you can use spring security core to protect your microservices using any OAuth2 provider (Google, Github, Keycloak, etc...). The choice is yours, your requirements are so common nowadays, it will not be really difficult to find a solution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.