Menu
I want to introduce Zuul through Spring Cloud as an API Gateway in front of a few services.
I have some design doubts around Authentication. The Authentication would be handled by Spring Security, which comes before Zuul in the servlet filter chain.
My concern:
the Gateway would sit in front of many services
some services may expose endpoints which do not require authentication
some services may expose endpoints which need a Session Id and some with a token", an arbitrary opaque value (for example downloading a file if you know a "hard to guess" url) In the API Gateway/Spring Security you can configure all the endpoints with their specific authentication requirements.
In terms of managing the API Gateway:
Thanks, Adrian
464
It handles all the requests and performs the dynamic routing of microservice applications. It works as a front door for all the requests. It is also known as Edge Server. Zuul is built to enable dynamic routing, monitoring, resiliency, and security.
Zuul 1 and Archaius 1 have both been superseded by later versions that are not backward compatible. The following Spring Cloud Netflix modules and corresponding starters will be placed into maintenance mode: spring-cloud-netflix-archaius. spring-cloud-netflix-hystrix-contract.
Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more.
Spring boot to launch individual services Netflix Zuul as the API gateway I have also written a Zuul PRE filter that checks for an Access Token, contacts the IDP and create a JWT. The JWT is then added to the header for the request forwarded to the downstream service.
6 Zuul Gateway - setSendZuulResponse & removeRouteHost Related 38 Zuul - Api Gateway Authentication 25 Spring Cloud + Zuul + JWT for Value/Reference Tokens 0 zuul : Bearer authentication not accepted
Zuul Auth Example. Use Zuul and Spring Security for a global authentication via the popular JWT token. The service to issue the JWT token. The client POST {username,password} to /login. This service will authenticate the username and password via Spring Security, generate the token, and issue it to client.
Netflix Zuul as the API gateway I have also written a Zuul PRE filter that checks for an Access Token, contacts the IDP and create a JWT. The JWT is then added to the header for the request forwarded to the downstream service.
We are using Spring Session to replicate the session across all of our services that sit behind a Zuul Edge Server. Zuul will authenticate the user which populates the users credentials and inserts the authenticated user into the session. This is then replicated across all the services and each service is responsible for their own security rules and settings. So really, all Zuul is doing is looking the user up in spring security and the services on the backend are enforcing the security rules as they apply to their needs. This way, you can change each service independently making the Gateway just a dumb proxy.
A good example of this is in Dave Syers tutorial about Spring Security and an Angular JS app. I also posted another question related to this which contained a sample of how we are doing this as well which might help.
117
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
