使用Spring Boot保护微服务免受另一个微服务的攻击。

huangapple go评论70阅读模式
英文:

Secure microservices from another microservice in Spring Boot

问题

我有2个微服务,其中一个负责使用JWT和Spring Security进行授权和身份验证,我有授权服务、用户存储库、安全配置等等...
我想使用这一个来保护另一个微服务,我进行了大量搜索并感到困惑,一些教程和示例使用Zuul和Eureka,一些使用OAuth 2.0而不使用JWT,是否可以只使用JWT并将第一个微服务作为“授权服务器”?
当客户端想要访问微服务2中的“受保护的端点”时,它应该使用微服务1来验证令牌。
我希望有一种简单的方法来实现这一点,任何帮助或有用的链接将不胜感激!

英文:

I have 2 microservices, one if them is responsible of authorization and authentication using JWT and Spring Security, i have auth service, user repo, security configs and so on...
I want to secure the other microservice using this one, i have searched a lot and got confused, some tutorials and examples are using zuul and eureka, some use OAuth 2.0 without jwt, is it possible to use jwt and just make the first microservice as an "Authorization server" ?

When the client want to access the "secured endpoints" from Microservice 2, it should verify the token using Microservice 1
I want an easy way to do that and any help or useful links will be appreciated !

答案1

得分: 0

您的客户如何访问您的微服务?如果您希望在未经微服务1(认证服务)的先前身份验证的情况下阻止对微服务2(目标服务)的访问,那么您需要通过某种方式将对目标服务的调用路由到验证已经在认证服务中发生的地方。

这可以通过几种方式来实现...在代理应用程序中,通过将代理功能添加到认证服务本身,通过像Istio这样的网络层/工具等方式。您将部署应用程序的方式以及部署在哪里将对您的解决方案产生影响。

英文:

How do your clients access your microservices? If you want to prevent access to microservices2 (the target service) without previous authentication on microservices1 (the auth service) then you need to route calls to the target service through something that verifies that authentication has happened with the auth service.

This could be done several ways ... in a proxy app, by adding proxy functionality to the auth service itself, by network layers/tools like istio, etc. How and where you will be deploying your applications will have an impact on your solution.

答案2

得分: 0

你想要的与微服务架构和实践相悖。
在微服务架构中,每个服务必须独立于其他服务。但在这种情况下,当您想要用另一个微服务保护一个微服务时,这是不正确的。

最好和最完整的安全模型是使用一个OAuth服务器,该服务器检查发送到网关的每个请求是否具有令牌,并检查授权。
我认为此链接很有用。

英文:

What you want is against microservices architecture and practices.
In the microservice architecture, each service must be independent from the other. But in this scenario, when you want to secure one microservice with another microservice, it is not right.

The best and most complete security model is to use an OAUTH server that checks every request sent to the gateway to have a token and check authorization.
I think this link is useful

huangapple
  • 本文由 发表于 2023年7月10日 19:21:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/76653227.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定