How does security work in a microservice architecture?

R

revukvr2021-05-16 01:20:28

Java

revukvr, 2021-05-16 01:20:28

Hello! I'm doing a project with microservice architecture. And it is not entirely clear how authorization should work. I have a gateway service and a security service. On the forums they write that it should work like this ... security gives JWT. The user makes a request with a JWT to the gateway, and he must check the JWT in the security service. But in the examples, they do JWT validation in the gateway service and do not access security. It turns out in words one thing, but in practice another. Can anyone suggest how it should work? How should jwt authorization be? and how should the services work with each other with authorization? now they directly make requests, and not through gateway.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

O

Orkhan, 2021-05-16
@revukvr

Spring Security runs on the Gateway service.

For each of the microservices that need to be secured, Spring Security is connected. Also Spring Security is added to gateway. Those. there is no call to a separate security microservice.