Securing Microservices with API Key Based Auth - Spring Cloud Gateway | JavaTechie
Vložit
- čas přidán 5. 09. 2024
- This tutorial will guide you How to secure your microservices with an API key using Spring Cloud Gateway.
We are going to discuss an architecture in which one microservice will act as a api gateway service which does central authentication, redirect an incoming request to other microservices. The main advantage of this architecture is you can easily add multiple microservices to the system and all authentication, authorization will be taken care from a central unit
Spring Data Redis : • Spring Boot | Spring D...
#javatechie #Redis #Microservice #APIGateway #Security
GitHub:
github.com/Jav...
Blogs:
/ javatechie
Facebook:
/ javatechie
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community ,
you are free to use source code from above mentioned GitHub account
Concepts are explained very well. 👌
Thank you for your effort.
Please do the video for token-based authorization for the Spring Cloud Gateway.
Awesome tutorial. Thanks a lot for sharing. Please add a video on how to secure communication within microservices. Thanks
Please create video for JWT authentication based on token as well
Sure will do that Manoj
@@Javatechie Thank you 😀
Everything you explained is very easy to understand. Thanks
Please create a video on central config.
Already it's there please checkout my microservice playlist
Hello Sir, I am completely habituated to your channel and mostly follow all the concepts from JavaTechie. However I would request you to please provide a session on how to provide jwt based authentication in spring cloud gateway for multiple microservices. Thanks a lot for this wonderful knowledge sharing 👍
Okay sure Anil . Will do that soon
@@Javatechie can anyone tell me, is "API Gateway" and "Spring Cloud Gateway" different or both are same thing?
@@kshitijbansal3672 API Gateway is a microservices design pattern and Spring Cloud Gateway is its implementation
Thank you for all the efforts you take in each video. I have a suggestion: Including 2 different concepts makes it more hard to understand. I have never worked with Redis and I searched the video to understand Spring security for Srping cloud. But I am totally confused now as there is redid being used here. This approach is very complex for me to understand. It would be nice if you made dedicated video just for API Key maybe by using in-memory structure. Nonetheless, thank you for sharing your knowledge.
I understand your concern, i have used redis here just for storage purposes. You can override this to any in memory db and i already uploaded videos on redis so i assumed viewers are aware about it.
Thanks for covering a very good topic, I have gone through other videos of your channel, but in this video I feel explanation should be better, what you are doing in coding pls give a big picture in pictorial view and explain each class's purpose.
Thanks for all detailed videos. can you please make video to show session management to hold user data between multiple microservices?
Hey Bro nice video, I f you will get time then Kindly add tutorial for OAuth2 at api gateway
Hi,Thanks for the awesome explanation.Can you please do one video with kubernetes service mesh implementation for spring boot microservices.
Definitely I will give a try
Hi can you make a video on securing the microservices using SSL
I'm awaiting your insightful reply. Many thanks in advance.
please do on redis cluster
Wow thank you for the good content
Java Techie, wonderful job
I have a suggestion: Please start with a simple application like using constants for the authorization part, Then later introduce Redis like components mentioning pitfalls of a simple approach.
this video is nice can you help me :D how to use security, generate tokens and check that token bearer is accessing other services java spring boot and Spring-boot-gateway-cloud
appreciate your effort ....but video qulity is not clear..
It depends on internet connectivity. All my videos available with 1080 p resolution
Hello, Sir. Greetings for the evening. Could you help describe how to use many tables in a microservice architecture using Spring, JPA, and MySQL to achieve pagination data? Using a mapping column and the necessary numerous tables, I am able to achieve pagination data in a monolithic application. But how is this possible with microservices? Would you kindly create a video? It will be really helping us.
Hello buddy can you please mention the simple usecase so that I can try
Hello @JavaTechie . awesome tutorial, to the point, and very informative. Did you make a spring cloud with JWT which mention in the tutorial?
Thanks buddy no i didn’t tried it with cloud
@@Javatechie Sorry I mean Spring Cloud Gateway with JWT token-based authentication?
I understand your queries but I didn’t tried any security with spring cloud gateway
And Please Do with Nonce JWT Security in Gateway for securing microservices
I will do that
We can use also Keycloak to achieve this.
Thanks 👍
Yes we can
could you please also do video about security with JWT between 2 microservices and gateway.It will be highly appreciated as there are not good resources found
Yes it will be my next video
@@Javatechie Thank you in advance. Really looking forward to it 😊
Please make a video on Kinesis Data Stream AWS for both input and output steam.
can you please post terraform db videos?
I haven't worked on terraform buddy
How do you prevent clients from directly accessing individual microservices without going through the gateway
Then you are breaking the rule of microservice here ?
No you are not. Correct me if I am wrong, but I am asking how to make sure that all requests must pass through the gateway
@@Javatechie. I think you are cent percentage correct @androidgreen we have to secure all the REST endpoint. Irrespective of whether we intended to use it only via API gateway. It is open for attackers. Isn’t?
@@prabusubraI am new to this but I have one question. How would someone know the host and port of your microservice if we are only exposing the Api gateway host and port? The rule of microservices is that every request from outside (UI) should pass through the gateway right?(We implemented gateway to provide a single entry point to the underlying services right)
How i can restrict accessing students or course service directly like //localhost/8081 should be restricted
Can you also share how to enable CSRF in spiring cloud gateway and add the CSRF token to every response headers.
what is the difference between normal singleton and Spring Singleton
Hi Basant I have a doubt, Let's say I have application.properties and application.yml file which one will execute first
Hello Murali, application.properties loaded first . If you want to validate it please checkout my spring boot interview QA part 2 video timestamp: 50.40
@@Javatechie Hi Basant thank you for your quick response.
Thanks for the video. Since API gateway and other services were hosted in the tomcat server. Hackers can know all the host systems, shall we deploy the gateway service in different servers like apache in order not to expose the actual service?
How hackers will know all your host . Anyway your communication should be continued with gateway endpoint
@@Javatechie So end users knows only the gateway endpoint
Yes
Nice one buddy 🙂
Hie can you make video on objectmapper
Can we just use constant and compare keys without store and then getting from Radis? I just want to understand can it work without storing and then getting Keys from Radis or some other DB?
We shouldn't hardcode these info in constant
Hi java techie, most of the industries uses istio with ingress gateway now a days. Whatever you configured on spring api gateway can be configured on ingress istio gate way too. There you can even pass request on a percentage basis.so is spring gateway really needed? If it needed then, where does it fit in an environment where we have kubernetes infrastructure with istio on top of it to manage the service mess and request is comming via loadbalancer which is ingress controller.
Basant Sir is there any video on Token Based authentication for Spring Cloud gateway please suggest
Can we implement jwt for api gateway for securing microservices
I don't know when you visited my channel last time. This small gift is for you already i have done it
czcams.com/video/MWvnmyLRUik/video.html
Thanks a lot sir for this wonderful video. But after implementing this API gateway are we able to restrict end users , so that directly student and course microservice endpoints are not accessible .? Can u plz help me for this.
Yes the request should pass through the API gateway otherwise what is the need of it if you will access directly individual microservice
can anyone tell me, is "API Gateway" and "Spring Cloud Gateway" different or both are same thing?
Both are same
Please make video of login functionality in micro services.
Super Bro 👌👌👌
Ty bro!
Sir, how i can do the same things using JWT? let's suppose I have 3 microservices with 3 different MySQL DB and I want to build an authentication bridge between them using JWT. How I can do this? please guide me.
In case of the key is known to some hacker and he added that key to header and try to trigger the server. How can we avoid such attacks by security?
It shouldn't expose to others buddy.if that is the case there is no other security mechanism which can't break
you can use spring cloud gateway + token based authentication
Hi. How can we achieve the RedisHashComponent class with PostgreSQL?
No we can't it's nosql dB
How can we pass the security context from gateway to other modules, can someone please suggest
Do we also need to implement security between microservices? l mean after passing gateway, will course microservice can access student service
No not required we Are already authorized the request in filter
@@Javatechie I disagree with that... You should verify the headers at every step of the way to avoid man-in-the-middle-attacks... I would add an inbound HTTP Security Filter to make sure the caller of the service is actually who is calling the microservice... it adds complexity, but you can create a shared library and add it as a requirement for an incoming traffic
@@MarcellodeSales Pls can you like share a source code demonstrating this if you've actually done something like this? Thank you
Can we achieve using MySQL db
You can but it's good to use some nosql dB
Any reason to use nosql db?
Incase 100 microservices how we can hard coded all apikeys and service ids
Your system should able to generate this id and rather than hard-code in code it should be present in properties or some storage
Sir how can we generate these keys if we don't want to hardcode. Is there some utility? If you have any video for that please redirect me.
Simply you can use UUID
Can't this approach be achieved using service discovery?
Yes you can add Eureka and route request based on service name not with host and port
Anna video clarity ledhu source blur ga undhe
Please increase resolution it depends on your internet
How do we get service key for a microservice?
Currently I hardcoded but you might need to use some base64 tool
I Think this Method is not good when you have 1000 Services you need foreach service 1 key so i think not good idea !
Hello, Sir. Greetings for the evening. Could you help describe how to use many tables in a microservice architecture using Spring, JPA, and MySQL to achieve pagination data? Using a mapping column and the necessary numerous tables, I am able to achieve pagination data in a monolithic application. But how is this possible with microservices? Would you kindly create a video? It will be really helping us.
can anyone tell me, is "API Gateway" and "Spring Cloud Gateway" different or both are same thing?