I'm attempting to establish a discovery server with spring cloud Eureka which needs to connect to a secured client. I understand how to secure the Eureka sever itself - that isn't the issue. The issue is in the other direction - how to get Eureka to successfully communicate with a client service that itself is secured.
In other words; I have a discovery client that registers itself with Eureka. That client implements http basic authentication. It can and does successfully register itself with the discovery service, however when I attempt to utilize that service with a lookup to the discovery service, I get authentication failures (on the client service itself) which of course makes sense because I haven't specified any credentials anywhere and have no idea how to do so. Any assistance would be greatly appreciated.
Guessing from your tags you are using spring-cloud.
When you use your service (with RestTemplate or Feign or manually looking up and interacting with it), your request has nothing to do with Eureka. Eureka only provides you information about your services whereabouts. Once you (or some undelying logic) obtained the address of the service, you are directly communicating with it.
Related
I am trying to understand Spring Cloud's Eureka client/server mechanism. I have built a very basic server and client app using just the #EnableEurekaServer and #EnableDiscoveryClient annotations respectively. I am able to see the registered clients in the eureka dashboard.
I was wondering if there is any way to get notified on the server whenever any client disconnects(goes down).
Example: I have a server and two clients (client1 and client2) registered on it.
Now if for any reason client2 goes down, can I get any event on the server so as to perform some tasks (cleanup tasks, calling some APIs etc).
Is this possible using eureka or any other library which might plug into eureka clients' lifecycle?
I want to setup Eureka server for service registry and erueka clients that will get access rest api using the service registry from Eureka server. But we use mesos as our container management system and when we start the Eureka server we will not know which host and port it is running on. So there is an api that we can use that gives us the complete url where Eureka server will be running. Now all the examples for Eureka client that I have seen have hard coded the Eureka server in the config file. Is it possible for Eureka clients to use that api and get the url for Eureka server.
FYI: we are using spring boot and have our own DC and are not on any cloud
I think I found the answer but if someone can confirm that will be great. I need to create my own EurekaClientConfigBean and override the following methods:
public void setEurekaServiceUrlPollIntervalSeconds(int eurekaServiceUrlPollIntervalSeconds)
List<String> getEurekaServerServiceUrls(String zone);
I have three spring boot micro services which uses spring Eureka server and zuul as gateway. I have auth micro service which is zuul gateway which validates user. I have two other services which is running in different ports. I am able to protect the two services with the help of jwt, if i call via zuul gateway but since i know two micro services port and url i can able to call and get the response directly without via gateway url . So i how to protect the the two micro services. Please help me to share the security context between two micro services.
I think you are looking for security settings in each other the microservices that are not zuul or eureka.
With help of the WebSecurityConfigurerAdapter you could override the CORS settings and only accept requests from a certain service, that way zuul can talk to the services, and maybe even each service to each other. But postman and other clients couldn't do that.
I am trying to set up a zuul proxy server which will act as a gateway service for other apis in my microservice architecture.
So far all the tutorials that I have come across have the discovery client and zuul proxy set up in different gradle modules while I am trying to set them up in the same gradle module.
I have defined the routes and can see that my services have been successfully registered in the eureka dashboard.
I have also verified that I can ping the services using a discovery client from my gatekeeper service but whenever I try to access the services from the URL, I get
"Load balancer does not have available server for client:xyz"
exception.
Can somebody please help me setting this up?
I am new to eureka but i know eureka provide basic authentication with username & password. However, thats not i need. The scenario would be before the service registers himself with the discovery, it needs to be validated by some token specific for that service and upon validation it register itself with the discovery server. It would be great, if i could get some examples as a pointer.