In this section we will dive deep into the springboot security in Microservices and go through the detailed lifecycle of a request and response for.
1 Authentication and Authorization Flow
- Every request to our backend will route through API Gateway which is registered as a client in eureka.
- Api gateway has the authentication filter which checks if the request has the JWT token for the routes that are not in route validator.
- If the request have the JWT token it validates it using JWT util method validate.
- Suppose if the token is valid then the request will propogate to the respective service.
- If the token is not valid our global exception handler will catch the unauthorized exception and send the response.
- The authentication service is responsible for the actual authentication and is the copy of SpringSecurityOAuthJWT.
- It has login and register endpoints which are responsible for registeration and giving JWT tokens.
- If someone directly trys to access the service the service wont allow the request as it only accepts request from the API Gateway.
- This is handled by JWT token which is generated be the API Gateway with a security key that the Services knows.
- So when the request is sent from API Gateway it is first verified that it has valid JWT token.
- Only then the request will be handled and give a valid response
Before building and running the backend we have to ensure that the application properties files has setup correctly and accordingly.
Following are the must have properties.
spring.application.name=OAuthSecurity
spring.security.oauth2.client.registration.google.client-id = {your_google_client_id}
spring.security.oauth2.client.registration.google.client-secret = {your_google_client_secret}
spring.security.oauth2.client.registration.github.client-id = {your_github_client_id}
spring.security.oauth2.client.registration.github.client-secret = {your_github_client_secret}
security.jwt.token.secret-key: {your-jwt-token-secret}
security.jwt.token.expire-length: {you-token-expiry-in-milliseconds}
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url = jdbc:mysql://localhost:3306/{your-desired-db}
spring.datasource.username = {your-mysql-username}
spring.datasource.password = {your-mysql-password}
spring.jpa.hibernate.ddl-auto = update
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImplPlease add these app properties in your application and donot forget to replace the configurations {your-configs}.
After adding the application properties. Use the following commands to spin up the spring security project.
cd {all microservices}
mvn spring-boot:run- Backend is now ready to accept the requests.
Access the frontend to start using the proejct
- SpringSecurityStarter (OAuth2, JWT, Username password) SpringSecurityOAuthJWT.
For support, email talharizwan.me@gmail.com If you like and using this project please donot Forget to Star it as it means alot to me. Thanks.