英文:
Microservice Authentication and Authorization using JWT
问题
我已创建了两个微服务,分别是 A 和 B。每个微服务都有自己的数据库和用于存储用户名和密码的用户表。我正在使用相同的签名密钥来生成所有微服务中的密钥。
A 微服务的用户可以轻松访问其微服务的安全 API。但是,假设我想访问 B 微服务的安全 API,当我在 Spring 安全上下文中使用 UserDetailsService 设置身份验证对象时,它将给我一个错误,因为 A 微服务的用户在 B 微服务的用户表中不存在。
为了在微服务之间使用 JWT 令牌维护安全的 API 通信,我应该做什么?
英文:
I have created two microservices Let A and B. Every microservice having its own database and its user table for storing username and password. I am maintaining same Signing key for generating key in all microservice.
User of A microservice can access secure api of its microservice easily. But suppose i want to access secure api of B microservice then it will give me error while setting authentication object in spring security context using UserDetailsService because A microservice user is not exist in B microservice User table.
What i have to do for maintaining secure api communication between microservices with JWT Token?
答案1
得分: 1
在微服务架构中,我们需要一个单独的微服务认证服务。所有请求都将在API网关中针对此认证服务进行验证。认证服务将为有效的请求返回JWT,然后将其传递给所有微服务。
您可以参考以下链接以更好地理解:
https://microservices.io/patterns/security/access-token.html
https://microservices.io/patterns/apigateway.html
英文:
In Micro-service architecture we need to have a separate Micro-service Auth Service. All the request would be validated against this Auth service at API Gateway. Auth service would return JWT for valid requests and that would be passed to all micro-services.
You can refer below for better understanding:
https://microservices.io/patterns/security/access-token.html
https://microservices.io/patterns/apigateway.html
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论