Microservices Security Using JWT | Spring Cloud Gateway | JavaTechie
Vložit
- čas přidán 16. 03. 2023
- This tutorial will guide you How to secure your microservices with with JWT Authentication using Spring Cloud Gateway.
We are going to discuss an architecture in which one microservice will act as a api gateway service which does central authentication, redirect an incoming request to other microservices. The main advantage of this architecture is you can easily add multiple microservices to the system and all authentication, authorization will be taken care from a central unit
#Javatechie #Microservice #Security #JWT
Spring boot microservice Live course Just started (Recordings available)
Hurry-up & Register today itself!
COURSE LINK : javatechie5246.ongraphy.com/
PROMO CODE : Java40
GitHub:
github.com/Java-Techie-jt/jwt...
Blogs:
/ javatechie
Facebook:
/ javatechie
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community ,
you are free to use source code from above mentioned GitHub account - Věda a technologie
I feel like your explanations are even better than people who have english as their first language lol. You really do have a gift for this!
Best course available in youtube. Thankfully it is free. Keep up the good work
This is the best channel about Spring and stuffs of all CZcams. Thank you Java Techie.
I love you. Finally the architecture I'm looking for. A lot of tutorial are covering authentication for only one microservice and you are probably the only one that approaches the problem keeping in mind the whole microservice architecture.
Thank you so much Lukasz for appreciating my work 🥰🥰
you worth millions of like
Much waited ❤ Thank you sir for your wonderful teaching and the knowledge your sharing .
THIS IS THE VIDEO I WAS LOOKING FOR, THANKS SO MUCH FROM COLOMBIA
I had been waiting for this topic for long time. Finally wait is over.
This is what, I was waiting for ,Very Helpful for me
I've been waiting this long, thanks java techie greetings from peru😎
Best video you can find for JWT auth ❤
Fantastic video and an outstanding explanation ❤🔥. Thank you so much!!!
Thank you so much for clear explain no one will explain like you.
Excellent Explanation. this is the Video i was looking for. thanks
Nobody explains like you do..Thank you very much for the video.
Thank you for such an awesome lecture. We many of us benefit from such work. Continue teaching brother
Searching every where finally got it thanks sir 😀
Great Video sir, completely Awesome...Add the role based security through api gateway.
it's awsome,,
I was trying to solve this kind of problem and this tutorial helps me a lot.
Thank You so much for the video tutorial.
No words Mind Blowing
Grateful for such a wonderful insight on Microservices security. It will definitely help me to improve skills in my projects. Thankyou so much for the efforts. I'm learning a lot from your channel. Awaiting for more interesting videos.
Thanks buddy keep learning 😃
Thanks!! Helpful for basic understanding.
Thanks aTon Sir ❤, No one can match your Explanation level 👍
Actually without your tutorial I couldn't learn easily new things implementation in spring app...
You are Guru. Thanks lot.
Thank you Siva . Keep learning 😃
Thanks Sir , Good explanation, your course was clear and understandable.
Wonderful. Thank you very much for sharing
You are super talented man.clear explanation .Thank you
Thanks a lot.
I am looking for security in Microservices architecture. It is one of the best way, you have explained.
Glad to hear that😊
Awesome video Bhai.. much needed.. thanks a lot for the content shared. 🎉
Good explanation, your course was clear and understandable.
Just what I needed. 👍
thanks for giving us this much excellent content and awesome video
Thanks so much Basant. Appreciate your efforts. I am learning lot from your videos. Waiting for more videos.
Thank you for this wonderful video❤️❤️
Hey Basant Anna, this is awesome 👌thanks for such a smooth flow..its really a very complex topic & nightmare for interview candidates.
Waited last couple of month to get solution which you explain about validate and filter the request form spring cloud getway. ##you make my weekend Basant Sir.
Thank you Sir
Thanks buddy 😊. Keep learning 👍
This is Gold Boss... Thanks a ton for this video.. I lost most of my interview only because of not answering how to security is implemented in micro services question.... Appreciate your efforts.
Thank you buddy 🙂
Excellent Work....Thank you
Nice video we learn couple of thing related to microservices and spring security ❤❤❤
Hi Basant sir, Jwt in microservices explanation is so good. Thank you so much...
Thank you for this tutorial... Kudos
You're a life saver!
bro you helped me a lot, thank you very much and greetings from Argentina
This was Awesome!
Awesome explanation !!! Really i feel that you are one of the most amazing solution architect !!!
Thank you for appreciating buddy. I am just a senior software Engineer not an architect 🤪🤪
Loved your explaination ❤❤❤❤
keep it up good work.
Thanks for sharing the knowledge ❤
Looks really simple, just as I used to implement the JWT service in a monolithic way, but porting everything to a new independent webservice to validate JWT to access any endpoint without compromising the other webservices.
superb clear video
Thank you, Basant Bhai...
Thank you again.
well explained concepts, thank you
love you bro you are helping so much
The best explanation
Great job
Thanks !!
Nice detailed video..
👍 very nice 🙂
Thaaaaaaaaaaaaanks man! nice video
thanks a lot
Thank you bro 🎉
This Video is really helpful, Pls. Can you cover Role base authentication and Authorization on the individual microservices?
Thanks a lot 🙏
very helpful thankyou
instead of completely using spring cloud stack we can make this more OSS (open source stack) like every micro service is containerised (dockerised) then use KONG as API gateway. this way we can make the configuration more simple and reduce tight coupling.
Could you please explain more about how that works?
can you please come with your hands on similar like this using KONG.
Hi sir! I am grateful for this tutorial. In this tutorial you have two client services, one gate way, one security service and you added security in Api Gate. I like the way you did it. But i need to move forward and add some Authorization. Suppose in swiggy service there are some end points what only admin can access and some end points normal user can access. How to apply this type of Authorization. Would you please make second part of this tutorial please? I am following this tutorial and trying to learn. I tried to implement the security directly in the API GATE-WAY service. But that was not easy because gate-way supports webflux not the web.
make use of method level authorization and roles
Yes I am still not finding any solution for this approach. Will check and update you
@@Javatechie Thanks
@@Javatechie I saw others using OAuth2 to solve this problem. KeyCloak is one of them.
Awesome videos. Hats off to you in explaining it in a very simple and easy manner. One question.
May I know if we have a requirement to secure our swiggy and restaurant service endpoint and grant access based on role, then how we can achieve this requirement .
Thank you for the great video. What do you think of integrating Datadog into your spring boot applications so that there is a centralized location to view everything related to your applications
Wow Very Nicely Explained In Easy To Understand Manner.
1 Request can you please show how to implement role based authentication with Spring API Gateway ?
Yes buddy it's in queue i will upload soon
Thank you very much for providing such a detailed explanation. Your video is undoubtedly superior to paid courses that tend to overcomplicate things and stretch on for more than 8 hours.
I have a question: If I were to call Swiggy or a restaurant service directly, bypassing the gateway or discovery service, how would I handle authentication?
Wooooow.... i seached a lot for this kind of scenario but i did not find and in so many interviews i faced this question and got stucked. A million thanks basanth.... it helps us a looooot......👏👏👏🤝🤝🤝🙏🙏🙏 Thanks you so much
Next Please do videos on TESTING(mockito) microservices end to end and GLOBAL EXCEPTIONAL HANDLING (please think about it)
I will share the link with what you mentioned which i already uploaded. Even if you can search in the channel it's already there buddy
Exception handling : czcams.com/video/gPnd-hzM_6A/video.html
Mockito testing: czcams.com/video/Hh17JDpsKqc/video.html
Thanks for the tutorial. I was waiting for this. How to handle token expired case.
Thank you so much. Can you do a video share how to config authorization with JWT in microservices ?
Your explanation is amazing. Learned lot of concepts with this practical example.
I have a request hope you would look into it. I need to integrate same service and gateway with AWS cognito as auth service. Possible to do one video on this. ?
Yes I will try that
Thanks a lot. Jai jagarnath
Nice work man, please implement the swegger this application which is used for api documentation, thanks in advance
Thank you Basant ❤, this is like rock I really appreciate your time and efforts. Could you please also make a video for swagger in microservices services?
Swagger i have already implemented please check in my microservice playlist
@@Javatechie Thanks
You have one of the best educational channels out there. I would love to give you a constructive opinion: It would be great if you could change your microphone into something clearer, like what the java brain and Navin have. Trust me, it makes a huge difference.
Thanks Filz , i noted it and going forward i will come with better audio quality. Need to look into rode configuration
@@Javatechie 🎉d o 😢😢😢😮😊😂😅😅😅😅😮😮😮😮😮😅😮fq😢😢😢😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮
Archana not getting you
@@Javatechie I think, that's a bot.
Even not getting you buddy. What do you mean by bot
You are such a wonderful guy to share this useful information. Big thank you . When we have feature flag in external file and if you go toggle console and update it , will it change the flag in external file ? Also is there a way I can have some string values instead of Boolean value ?
Thanks buddy 🙂. No toggle switch won't update in file also i don't think we can set any string value for flag
Really helpful. But I have couple of questions. You generated auth token in the same module where you register user and authenticate user. Is it a good practice? If I have 50 module that is registered with the api gateway, where should I generate refresh token? What is the best practice and what is best architecture ?
00:05 Triển khai Bảo mật dựa trên JWT trong microservice bằng Spring Cloud Gateway
07:12 Hai dịch vụ vi mô, Swiggi Service và dịch vụ nhà hàng, đang liên lạc với nhau thông qua API Gateway.
21:19 Cần phải viết một phương pháp để đăng ký người dùng, tạo mã thông báo và xác thực mã thông báo
28:07 Đã triển khai các điểm cuối xác thực và xác thực mã thông báo.
41:40 Xác định Dịch vụ chi tiết người dùng của riêng bạn để xác thực người dùng
48:42 Đã hoàn tất triển khai dịch vụ nhận dạng
1:02:00 Xác thực mã thông báo trong API Gateway
1:09:10 Triển khai logic xác thực mã thông báo JWT trong Cổng
1:22:07 Triển khai bảo mật microservice bằng xác thực JWT
Crafted by Merlin AI.
Thanks a lot. I learn so much with your videos.
Question please: How can I check the user's role when the request is executed in the microservice?
Please check this video and you will get an idea 💡czcams.com/video/qODoDq5_hAM/video.html
finally someone addressed this scenario with proper explanation. Thanks as always.
one question that if auth service also has to pass through api gateway and we didn't add filter param in gateways routes for auth service then why we are checking those urls through validators in authentication filter ? because request will never land on filter in case of /register and /token api
No usually we should do a rest call to identify service from gateway to validate and get token but here to avoid that I have directly used jwt logic in gateway that's why it's confusing for you
@@Javatechie but that rest call we are doing lately when all the checks are true before that. I am talking about that "if" condition in start (validator.isSecured.test(exchange.getRequest())) {
because in this condition we are checking /register and /token urls to bypass the token check and according to implementation when we will call register or token it would never land on Authentication Filter.
let me know if I am missing something still.
That's correct right. In the filter we had token validation logic right? So when i don't want to authenticate the user for the first time login then why do you want this to be delegated to filter what is the sense here ?
Let me know if I understand your concern correctly. If not please drop an email to javatechie4u@gmail.com
@@Javatechie no I dont want to authenticate for the first time.
I am just saying that, main if condition is of no use when we will call /register or /token , it does not matter if the condition is there or not.
Will email no problem
@@faixan13 okay simple things buddy remove those 2 url from validator don't bypass it and run your app then test . Hope you will get your point.
Hi Basant ,
Very useful tutorial however I have one doubt, In production when the token is generated by passing a valid username and password it should automatically pass the token to the gateway right but here I saw that you are manually passing the token to the gateway through Postman for accessing microservices, My question is how we can automatically pass the token to the gateway for accessing microservices when the token is generated
Your question is genuine but this automatically stuff needs to handle from UI not from the backend
@@Javatechie ok thank you!
I am new to microservices & your videos helped me a lott🙌🙌 also can you please tell me, what should I use for role based authorisation in microservices.
I am working on project which is a web portal for sanctioning government applications, It has user & admin as roles.
Please guide🙌
I am working on jwt token microservices.
How to logout user or expire token imediate?
Very good coverage ! I find the RouteValidator to be superficial. Why not using annotations on endpoints ?
Hello Basant sir, just one question : we are providing token based only on user name if it exsits in db , is it good like generally we should provide on credentials match?
Hi sir , great video . I have one question why we cant use simply OncePerRequestFilter here ? AbstractGatewayFilterFactory forcing many things like some un-necessary Config class , adding WebFlux depenecny even though we not even using any Webflux features .
Thanks for sharing ❤
But how can we authenticate based on role.
Here we can access the whole microservice but how can we access some end points of one microservice and other endpoint for another role.
Thanks so much, it is the Best tutorial ive seen. I have one question. Hoy can I get the current loged user and roles from the servíces to make autorizations
Please check the next video you will get logged in user info but regarding Authorization i am working on it
Wonderful and clearly explained. I want just to know how to access authentication info (principal for example) and how to do authorization if needed in microservices
Please check the video below 👇 you will get an idea czcams.com/video/qODoDq5_hAM/video.html
@@Javatechie Thanks a lot
Loved the explanations!! But, how can i do a role based authentication, like admin and user for example? I've faced with this question and got stucked. I wonder if you can help me.
Hi sir,
I am using os linux and jdk1.8 for company project.
But i have to practice whatever i learn from ur videos,
Can you plz make 1 video how can we use projectwise different java versions in same system in eclipse IDE?
Tq bro. I have one question . in statefull we save session in server side and same thing in stateless we are storing token what is the diff?
Sir, Thanks for the great content ... sir how can we do role based authentication ? if role is user then user can access respective url and so on . pls suggest.
HI, You created separate service for authentication purpose. what's the practice follow in real world? .I think API gateway will used for authentication right or what ?
Great explanation but Authorization concept is missing, can you please add lecture for it as well.
A theoretical/conceptual question: Can we call this security API layer (identity-service) as an internal OAauth server? Since all authentication and authorization features have been delegated to this api for a client to be able to access a "resource server", it looks like a OAuth to me.
Hi Basant,
Thank you for sharing the knowledge and for the informative content.
I have one doubt...can we implement spring cloud gateway in kubernetes cluster or in any cloud platform ?
Is it ideal to use spring cloud gateway as gateway API or cloud provided API gateway?
Yes we can in AWS please check my AWS playlist already i have done this video
Thanks for your informative vidoe, but I one quesiton if some know swiggy-service or restaurant-service end point then he/she can by pass the api-getway and directly call respective service, so how I can ensure that swiggy or restaurant service only accept request from api gateway