I am new to eureka but i know eureka provide basic authentication with username & password. However, thats not i need. The scenario would be before the service registers himself with the discovery, it needs to be validated by some token specific for that service and upon validation it register itself with the discovery server. It would be great, if i could get some examples as a pointer.
Related
Here is the authorization service. It has endpoints to login and receive a JWT using either a custom username/password or social OAuth (Facebook, GitHub etc.).
I have a Eureka server setup and Zuul gateway service. From what I understand, there are two ways to go about implementing secure microservices. You either proxy requests through the auth service, or you send requests to the requested service (Ex. Service A) and service A authorizes using the auth service.
I would like to use the second way, however I'm having trouble implementing it. Is my understanding correct? Is there a way to setup service A somehow so that certain paths (configured using Ant matchers) will have to authorize using the auth service, which will set the SecurityContext appropriately and inject a UserPrincipal into the request. If anyone can point me to a good guide for this that would be much appreciated.
I want to setup Eureka server for service registry and erueka clients that will get access rest api using the service registry from Eureka server. But we use mesos as our container management system and when we start the Eureka server we will not know which host and port it is running on. So there is an api that we can use that gives us the complete url where Eureka server will be running. Now all the examples for Eureka client that I have seen have hard coded the Eureka server in the config file. Is it possible for Eureka clients to use that api and get the url for Eureka server.
FYI: we are using spring boot and have our own DC and are not on any cloud
I think I found the answer but if someone can confirm that will be great. I need to create my own EurekaClientConfigBean and override the following methods:
public void setEurekaServiceUrlPollIntervalSeconds(int eurekaServiceUrlPollIntervalSeconds)
List<String> getEurekaServerServiceUrls(String zone);
I have three spring boot micro services which uses spring Eureka server and zuul as gateway. I have auth micro service which is zuul gateway which validates user. I have two other services which is running in different ports. I am able to protect the two services with the help of jwt, if i call via zuul gateway but since i know two micro services port and url i can able to call and get the response directly without via gateway url . So i how to protect the the two micro services. Please help me to share the security context between two micro services.
I think you are looking for security settings in each other the microservices that are not zuul or eureka.
With help of the WebSecurityConfigurerAdapter you could override the CORS settings and only accept requests from a certain service, that way zuul can talk to the services, and maybe even each service to each other. But postman and other clients couldn't do that.
I'm using Spring boot Microservices Architecture for our application. In our Project we are using OAuth2, Jwt, Zuul and Eureka Services, my doubt is that do I need to implement these services as an independent service or I can develop all the Services into a Single Application.
If I have to implement as a Single Application what is the better approach to do. Please clarify
With you current stack you can have below independent components:
Discovery Service - Eureka Server
Reverse proxy - Netflix zuul
Identity provider (IdP) service - Spring security over OAuth 2.0
Service Provider - Any other micro service in your application
You can register only Zuul server with IdP if rest of your services are going to be part of a private network behind some kind of firewall.
I'm attempting to establish a discovery server with spring cloud Eureka which needs to connect to a secured client. I understand how to secure the Eureka sever itself - that isn't the issue. The issue is in the other direction - how to get Eureka to successfully communicate with a client service that itself is secured.
In other words; I have a discovery client that registers itself with Eureka. That client implements http basic authentication. It can and does successfully register itself with the discovery service, however when I attempt to utilize that service with a lookup to the discovery service, I get authentication failures (on the client service itself) which of course makes sense because I haven't specified any credentials anywhere and have no idea how to do so. Any assistance would be greatly appreciated.
Guessing from your tags you are using spring-cloud.
When you use your service (with RestTemplate or Feign or manually looking up and interacting with it), your request has nothing to do with Eureka. Eureka only provides you information about your services whereabouts. Once you (or some undelying logic) obtained the address of the service, you are directly communicating with it.