Spring Boot Microservices Tutorial - Part 6 - Security using Keyloak
Vložit
- čas přidán 19. 04. 2024
- In this Spring Boot 3 Microservices tutorial series, we will learn how to build microservices using Spring Boot and Spring Cloud.
This is part 6 of the series, in this part, we will cover:
- Brief introduction about Keycloak
- How to configure API Gateway using Keycloak
Link to the written tutorial: programmingtechie.com/2024/04/18/spring-boot-microservices-tutorial-part-4/
nice. All six parts integrated and working. thanks
Lot of new learning
Wiremock,RestAssured,Flyway,keyloak.
Thank you a lot! I was waiting for this video for so long
Great thanks
Thank you for your work.
How to achieve method-level security?
I don’t think it is possible with this approach
I am desperately waiting for your next tutorial when is it coming up?
Hey Sai,can you make some videos on docker and docker compose
Please create a video on distributed transaction in microservice using saga design pattern.
In next tutorial please tell, how can we avoid auth for certain microservices?
waiting for next video
It's out now
part 6 - checked
At 16:42 you talk about id_token. But this is not the case for me. Any Idea why id_token not show to me? I see only the access token.
when are upcoming videos going to be uploaded? Am eagerly waiting for it
It's out now
hi thank you for the tutorials
im sucessfully using keycloak on the api gateway
yet i still can access the product services using their original port and endpoints without the need of authentication
is there any way to force all the microservices to be exclusively accessed only using the api gateway ?
Thank you
Hi, good question.
Yes, usually when you deploy this in a production grade setup, the microservies are deployed within a corporate firewall, and will have firewall rules to allow access only from certain hosts, in this case this can be API Gateway.
Also we can use Mutual TLS to make sure our microservices only respond to trusted clients like API Gateway.
Another approach is securing also each and every microservice, in this way the API Gateway will send an access token to access the other services, this is more secure, but there will be additional latency and involves more complexity because each microservice should now verify the access token against the Auth Server.
@@ProgrammingTechie thank youuu for the insight 🙏
can u please add the github link for the tutorials sir ?
And are you not implementing the service discovery?
Yes, as we are deploying using Kubernetes this feature will be available for us out of the box, no use in creating the discovery server and then removing it.
Kindly implement a normal jwt user authentication with users and roles
I will not do it in this series, because this setup is rarely used in the real world. Sure there is the concept of Users, roles, etc. But you don't see companies implementing their Authentication setup because it can be tricky and hard to do it right. That's why Auth Servers like Keycloak, and Okta are famous these days and widely used.
But I have plans to create a separate video, where I will explain in detail how to work with Spring Security using JWT.
@@ProgrammingTechie thanks brother. Surely i will wait for that video!
Hello dear Sai, If we want to install keycloak to custom domain. What can we do? So, what if we want to using live project how can we settle it to public? Could you suggest any documentation? And could we use this for angular requests by some libraries?
there is keycloak-js library which works with all angular, react, vue and many more. you can use that npm library. for custom domain you have to buy your domain and redirect your request to that domain which will be bind to keycloak ip and port.
@@souravsuman1993 Thanks for your response. Just a question I wanna ask, in the video, security settled for client like postman etc. When we want to auth to browser(react etc.) ,which issuer-uri, dependency or client will we use? And is there register method in this keycloak? Thanks for your answer again I am so glad
For Angular, you can use this library github.com/manfredsteyer/angular-oauth2-oidc
You can refer to my Keycloak Tutorial, I explained all the use cases in detail in that tutorial and also demonstrated how to integrate Keycloak along with Angular using the above library.
If you want to authorize the client through a browser, then you have to use Authorization Code Flow Grant Type instead of Client credentials.
Keycloak provides you all the functionality like register, login, 2 Factor Authentication, Single Sign On out of the box with minimal code changes.
My 16 GB RAM is dead now)))
I know the pain, this is happening because now may be you have multiple IntelliJ IDE instances running the services.
I would suggest you to create a Maven Multi Module Project so that you will have all the projects in one maven project and only one IDE instance running all the services, you can see how to do that in this video - czcams.com/video/lh1oQHXVSc0/video.html
@ProgrammingTechie Thank you for the advice, I will try🙏
@@ProgrammingTechie
I tried it. But when I run the application I'm getting
SQL State : 42000
Error Code : 1049
Message : Unknown database 'order_service' error.
Docker is not picking the init.sql file.
docker-compose file:
version: '4'
services:
mysql:
image: mysql:8.3.0
container_name: mysql
ports:
- "3316:3306"
environment:
MYSQL_ROOT_PASSWORD: mysql
volumes:
- ./order-service/mysql/data:/var/lib/mysql
- ./order-service/docker/mysql/init.sql:/docker-entrypoint-initdb.d/init.sql
Path of Init file: D:\IntelliJ_Projects\Spring_Microservices\shopping-microservices\order-service\docker\mysql\init.sql