Spring starter security or spring cloud security How to secure an entire microservice architecture?
Currently in developer training, I am working on a personal project on spring. I started java 6 months ago, so there is a certain notion that I do not yet master. My trainer does not know spring at all, so he cannot help me. I am also French and there is very little reliable documentation on spring (it is evolving quickly). For example, I followed a French tutorial on microservices, and I used the ribbon and zuul proxy while they are currently in maintenance at spring. I started all over (new project) to recode in reactive webflux
I have several concerning spring starter security or spring cloud security
- Spring cloud config (in connection with gitlab)
- eureka server
- admin server
- gateway
- 2 business microservices
- 2 sub-module (model and repository)
I want all my microservices and the internal microservices (eureka, admin server, configserver) to be secure now. But I do not know how.
I want the microservice that consults config-server to identify themselves, and I also want the microservice gateway to identify itself to make requests to other microservices. Finally I want all my microservices to be protected.
Should we put spring-starter-security in microservice? Should we create a new microservice with spring-cloug-security? Should we create a new spring-cloud-security microservice and add spring-start-security everywhere?
https://cloud.spring.io/spring-cloud-security/2.2.x/reference/html/ Obviously I find this link not very explanatory
Thank you
In a microservice architecture that I have worked, we have always used the OAUTH2 specification for securing service.
OAuth2 is a token-based security framework that allows a user to authenticate themselves with a third-party authentication server. If the user successfully authenticates, they will be presented with a token that must be sent with every request. The token can then be validated back to the OAuth2 Server. The OAuth2 Server is the intermediary between the application and the services being consumed. The OAuth2 Server allows the user to authenticate themselves without having to pass their user credentials down to every service the application is going to call on behalf of the user.
Detail information for OAuth2 you can find in the following LINK .
I have implemented simple microservice architecture for demonstrating how services are connected with each other.
Here is the link LINK
Below is the image representing the architecture:
- bean of type 'org.springframework.security.crypto.password.PasswordEncoder' that could not be found
- How to set SameSite and Secure attribute to JSESSIONID cookie
- How to map this Json with rest template spring boot
- Spring Boot - no log file written (logging.file is not respected)
- JDK11 + spring boot = JAXBException: Implementation of JAXB-API has not been found on module path or classpath
- Spring Boot: @TestConfiguration Not Overriding Bean During Integration Test
- JWT signature verification failing
- Springfox Type javax.servlet.http.HttpServletRequest not present
- Consistent time zone for date comparison
- Spring boot embedded tomcat application session does not invalidate
- Spring Boot Fails to Start after First Boot
- Null exception @Service in a spring @RestController using constructor injection
- Trying to send a message to a queue on weblogic
- logging.file.max-history is not working in Spring Boot
- Why does @EntityGraph not load EAGER scince Spring version 2.2.5?
- H2-Console is not showing in browser
- How to get filtered results based on two columns from a single table using Specification and Criteria Builder in Spring Boot
- Expose single classpath resource for web access in Spring Boot
- Spring Webflux and @Cacheable - proper way of caching result of Mono / Flux type
- Issues with Lazy Loading and Transactions in JPA
- What is the spring-boot-configuration-processor ? Why do people exclude libraries from it? Why is it invisible in dependency tree?
- Jakarta EE modules used in Spring
- Which Spring Cloud AWS version should be used with Spring Boot 3?
- Spring Boot: How to test a service in JUnit with @Validated annotation?
- Virtual Threads and Spring WebFlux
- spring-data-jdbc integrate with mybatis
- How to use abstract classes in Spring Boot?
- Spring JPA: Providing Schema Name Dynamically
- Spring SecurityContext not available when using parallelStream
- How to tell Spring Boot to use another DB for test?