I have three spring boot micro services which uses spring Eureka server and zuul as gateway. I have auth micro service which is zuul gateway which validates user. I have two other services which is running in different ports. I am able to protect the two services with the help of jwt, if i call via zuul gateway but since i know two micro services port and url i can able to call and get the response directly without via gateway url . So i how to protect the the two micro services. Please help me to share the security context between two micro services.
I think you are looking for security settings in each other the microservices that are not zuul or eureka.
With help of the WebSecurityConfigurerAdapter you could override the CORS settings and only accept requests from a certain service, that way zuul can talk to the services, and maybe even each service to each other. But postman and other clients couldn't do that.
Related
I am confused with Zuul role in Microservice architecture.
zuul acts as a proxy and loadbalancer for internal communication between the services where in lets say no authentication is required.
zuul acts as a Api gateway which can take care of Authentication and access control functionalities for the requests coming from UI or some other external clients.
So the same zuul instance can take care of both the objectives. How it is handled in best scenario possible.
i am novice in architecture side of microservices. please excuse me if it is a silly question.
Thanks in advance.
I'm using Spring boot Microservices Architecture for our application. In our Project we are using OAuth2, Jwt, Zuul and Eureka Services, my doubt is that do I need to implement these services as an independent service or I can develop all the Services into a Single Application.
If I have to implement as a Single Application what is the better approach to do. Please clarify
With you current stack you can have below independent components:
Discovery Service - Eureka Server
Reverse proxy - Netflix zuul
Identity provider (IdP) service - Spring security over OAuth 2.0
Service Provider - Any other micro service in your application
You can register only Zuul server with IdP if rest of your services are going to be part of a private network behind some kind of firewall.
The setup:
I have a set of Spring Boot based microservices that are fronted by Spring Cloud Gateway, meaning every request that comes from UI or external API client first comes to Spring Cloud Gateway and is then forwarded to appropriate microservice.
The routes are configured in Consul, and Spring Cloud Gateway communicates with Consul to get the routes accordingly.
Requirement:
There is a need of some microservices communicating with each other with REST APIs. I would prefer this communication to happen via the Spring Cloud Gateway as well. This will help in reducing multiple services going to Consul for getting other service's details.
This means every service should know Gateway's detail at least. And there can be multiple instances of Gateways as well. How is this dealt with in bigger architectures?
Any example that I look up contains one service using Consul, or Gateway using the consul with one microservice. Couldn't understand how to extrapolate that design to a bigger system.
i have created two java spring-boot micro services they are
1) producer
2) consumer
and i have used spring eureka server for service registration and discovery . it worked fine . then what is the use of Netflix Zuul.
Let's suppose you have 20 services to which user can interact to, and of course we are not going to expose each and every services publicly because that will be madness (because all services will have different ports and context), so the best approach will be to use an API gateway which will act as single entry point access to our application (developed in micro service pattern) and that is where Zuul comes into picture. Zuul act as a reverse proxy to all your micro-services running behind it and is capable of following
Authentication
Dynamic Routing
Service Migration
Load Shedding
Security
Static Response handling
Active/Active traffic management
You can go through documentation here
If you have enough experience in the domain, you could look at zuul as an API gateway like Apigee. It is very feature rich and touches up on a lot of different concerns like routing, monitoring and most importantly, security. And eureka as a service discovery platform that allows you to load balance (in Linux terms the nginx or haproxy) and fail over between your service instances.
Typically the backend services that perform the server side business operations (i.e. core) are not exposed publicly due to many reasons. They are shielded by some Gateway layer that also serves as reverse-proxy. Netflix Zuul serves as this gateway layer which easily gives you the capabilities as mentioned by #Apollo and here
I'm attempting to establish a discovery server with spring cloud Eureka which needs to connect to a secured client. I understand how to secure the Eureka sever itself - that isn't the issue. The issue is in the other direction - how to get Eureka to successfully communicate with a client service that itself is secured.
In other words; I have a discovery client that registers itself with Eureka. That client implements http basic authentication. It can and does successfully register itself with the discovery service, however when I attempt to utilize that service with a lookup to the discovery service, I get authentication failures (on the client service itself) which of course makes sense because I haven't specified any credentials anywhere and have no idea how to do so. Any assistance would be greatly appreciated.
Guessing from your tags you are using spring-cloud.
When you use your service (with RestTemplate or Feign or manually looking up and interacting with it), your request has nothing to do with Eureka. Eureka only provides you information about your services whereabouts. Once you (or some undelying logic) obtained the address of the service, you are directly communicating with it.