Is there any way that Stubs created by Spring Cloud Contract match only if the request is exactly the same and not have to deal with priorities?
e.g. If there are 2 stubs with url /users?id=1&id=2 and /users, by default, even if I send a request to /users?id=1&id=2, the /users will be matched so I have to set the priority to /users e.g. to 2 and for /users?id=1&id=2 set it to 1 for it to work.
Related
i have a spring boot application that provides an API consumed by a frontend app (CRUD operation). This spring boot app is based on oauth2.0 authentication standard to verify the JWT access token received in the header of each API against an authorization server. I want to provide another API to be consumed by a backend (M2M usage). This API will rely on same database (same entities) but it will be slightly different (only Read operations are allowed here and responses contain more fields). Also this new API will rely on an another authorization server to verify the JWT token.
Firstly, i was thinking to provide both API with the same spring boot application, but it looks like it will a hack to support both (for instance issuer uri of the token are diferent, port can be different, path of API are different..).
So, I'm now thinking to separate the 2 APIS into 2 different spring boot application, so that the apps are isolated by nature, but i'm not sure it's a good practice at the end? For instance, what about the concurrency issues that can occur with such design ? In the opposite, can i build easily teh 2 spring boot apps that share the same code repo (some code should be common for both apps). Those are the questions i have, so any suggestion will be appreciated.
You can try with multiple authentication providers. Example given in following -
Java Spring Security config - multiple authentication providers
I am new to spring microservice world. As I am in learning phase, I tried and implemented the following things.
Authentication/Authorization as a separate microservice
Routing (Able to route using Spring cloud gateway)
Load balancing (Netflix Eureka)
Rate Limit and Circuit Breaker (Resilience4j)
I just need certain clarification and suggestion on what to do in these situations:
As I already had created Authentication/Authorization as a separate microservice centralized.
Now how can I implement such that every request must contain jwt token and pass-through API gateway to call other microservice also it should check which user has permission to access API in other microservice
If some has same good source so that I can learn please do share or if someone has a basic skeleton on GitHub.
Requests from outside your cluster should be intercepted/validated by Zuul (example) will be your gatekeeper which will pass the request to the request checker in this case would be your authentication service where the acquired token will be validated (this should exists at the header of the request). One tokens are validated, the request will be routed to the authorization service to check if the user has access to particular endpoint based on your rules defined for access.
I have a spring boot project that uses openapi/swagger 3 annotations for documentation. Since the project is behind a Zuul gateway, there is some pre-processing of requests before they reach specific REST endpoints. Some of that pre-processing is controlled by an optional custom header - eg, X-Custom-Header. I want to add the ability to send that header on all requests into the system, but since it's not used in any of the actual endpoint logic, I don't want to have to add the header field to every endpoint method. I was hoping it would be possible to modify the OpenAPI object, similarly to how we add a security scheme, but I can't find anything that creates the requisite functionality. Am I missing anything?
I am using AWS API Gateway and would like to construct multiple API's for a set of Spring Boot micro-services that exist behind the scenes, but do so automatically.
For example, lets say I have a User and Contract Micro-service and they expose a simple CRUD, I would like to make 2 API representations inside the API Gateway for these 2 micro-services however they will be in the context of an Admin and a User.
The Admin API would have full access to all operations (CRUD) of both micro-services, however, the User API would only allow Read from both micro-services.
My question is about maintaining the representation of these 2 API contexts (Admin and User) is there any way to easily generate the swagger(s) that I would need that I can synchronize the API Gateway with without having to manually maintain this? Or is there a better approach that others are doing that im missing?
I have found spring fox which I was able to use and generate the swagger defs for the API at the microservice levels, but this only satisfies the Admin Use case and not the User one from what I can tell.
Has anyone found an elegant solution to this?
i am using spring remoting alongside spring security
I have 2 servers (let's call them "front" and "back")
The "front" server is exposed to the outside world and receives, along with the rest of the request, the "Authorization" header. However, i notice that when i use spring remoting to call the "back" that header is not copied. What do i do?
BTW, I haven't checked it yet but i am almost certain that it won't work for "JSESSIONID" as well.. what do i need to do in order to propagate these 2 headers?
If you are using Spring-Remoting, then spring-security-remoting to the rescue! This module contains several request factories and executors that enrich the requests with a security context.
For RMI: http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/remoting/rmi/package-summary.html
For HTTP: http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/remoting/httpinvoker/package-summary.html