Microservices Security Using JWT | Spring Cloud Gateway | JavaTechie
Ғылым және технология
This tutorial will guide you How to secure your microservices with with JWT Authentication using Spring Cloud Gateway.
We are going to discuss an architecture in which one microservice will act as a api gateway service which does central authentication, redirect an incoming request to other microservices. The main advantage of this architecture is you can easily add multiple microservices to the system and all authentication, authorization will be taken care from a central unit
#Javatechie #Microservice #Security #JWT
Spring boot microservice Live course Just started (Recordings available)
Hurry-up & Register today itself!
COURSE LINK : javatechie5246.ongraphy.com/
PROMO CODE : Java40
GitHub:
github.com/Java-Techie-jt/jwt...
Blogs:
/ javatechie
Facebook:
/ javatechie
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community ,
you are free to use source code from above mentioned GitHub account
Пікірлер: 453
I feel like your explanations are even better than people who have english as their first language lol. You really do have a gift for this!
This is the best channel about Spring and stuffs of all KZread. Thank you Java Techie.
Best course available in youtube. Thankfully it is free. Keep up the good work
I love you. Finally the architecture I'm looking for. A lot of tutorial are covering authentication for only one microservice and you are probably the only one that approaches the problem keeping in mind the whole microservice architecture.
@Javatechie
Жыл бұрын
Thank you so much Lukasz for appreciating my work 🥰🥰
@hkkabir2024
7 ай бұрын
you worth millions of like
Much waited ❤ Thank you sir for your wonderful teaching and the knowledge your sharing .
bro you helped me a lot, thank you very much and greetings from Argentina
THIS IS THE VIDEO I WAS LOOKING FOR, THANKS SO MUCH FROM COLOMBIA
Best video you can find for JWT auth ❤
Thank you so much for clear explain no one will explain like you.
Nobody explains like you do..Thank you very much for the video.
Fantastic video and an outstanding explanation ❤🔥. Thank you so much!!!
Thank you for such an awesome lecture. We many of us benefit from such work. Continue teaching brother
Searching every where finally got it thanks sir 😀
Excellent Work....Thank you
I had been waiting for this topic for long time. Finally wait is over.
This is what, I was waiting for ,Very Helpful for me
Grateful for such a wonderful insight on Microservices security. It will definitely help me to improve skills in my projects. Thankyou so much for the efforts. I'm learning a lot from your channel. Awaiting for more interesting videos.
@Javatechie
Жыл бұрын
Thanks buddy keep learning 😃
Actually without your tutorial I couldn't learn easily new things implementation in spring app... You are Guru. Thanks lot.
@Javatechie
Жыл бұрын
Thank you Siva . Keep learning 😃
it's awsome,, I was trying to solve this kind of problem and this tutorial helps me a lot. Thank You so much for the video tutorial.
Thanks Sir , Good explanation, your course was clear and understandable.
Excellent Explanation. this is the Video i was looking for. thanks
You are super talented man.clear explanation .Thank you
Great Video sir, completely Awesome...Add the role based security through api gateway.
Thanks!! Helpful for basic understanding.
I've been waiting this long, thanks java techie greetings from peru😎
Wonderful. Thank you very much for sharing
Hey Basant Anna, this is awesome 👌thanks for such a smooth flow..its really a very complex topic & nightmare for interview candidates.
No words Mind Blowing
Good explanation, your course was clear and understandable.
Thanks so much Basant. Appreciate your efforts. I am learning lot from your videos. Waiting for more videos.
thanks for giving us this much excellent content and awesome video
Nice video we learn couple of thing related to microservices and spring security ❤❤❤
Hi Basant sir, Jwt in microservices explanation is so good. Thank you so much...
Thanks a lot. I am looking for security in Microservices architecture. It is one of the best way, you have explained.
@Javatechie
11 ай бұрын
Glad to hear that😊
Thanks for sharing the knowledge ❤
This is Gold Boss... Thanks a ton for this video.. I lost most of my interview only because of not answering how to security is implemented in micro services question.... Appreciate your efforts.
@Javatechie
Жыл бұрын
Thank you buddy 🙂
Awesome explanation !!! Really i feel that you are one of the most amazing solution architect !!!
@Javatechie
10 ай бұрын
Thank you for appreciating buddy. I am just a senior software Engineer not an architect 🤪🤪
well explained concepts, thank you
Thank you for this tutorial... Kudos
Thank you for this wonderful video❤️❤️
Loved your explaination ❤❤❤❤
superb clear video
Awesome video Bhai.. much needed.. thanks a lot for the content shared. 🎉
Waited last couple of month to get solution which you explain about validate and filter the request form spring cloud getway. ##you make my weekend Basant Sir. Thank you Sir
@Javatechie
Жыл бұрын
Thanks buddy 😊. Keep learning 👍
Just what I needed. 👍
The best explanation
Thank you, Basant Bhai...
Looks really simple, just as I used to implement the JWT service in a monolithic way, but porting everything to a new independent webservice to validate JWT to access any endpoint without compromising the other webservices.
You're a life saver!
👍 very nice 🙂
Great job
Thank you for the great video. What do you think of integrating Datadog into your spring boot applications so that there is a centralized location to view everything related to your applications
love you bro you are helping so much
This Video is really helpful, Pls. Can you cover Role base authentication and Authorization on the individual microservices?
Thank you again.
This was Awesome!
Nice detailed video..
Awesome videos. Hats off to you in explaining it in a very simple and easy manner. One question. May I know if we have a requirement to secure our swiggy and restaurant service endpoint and grant access based on role, then how we can achieve this requirement .
very helpful thankyou
Thank you bro 🎉
Thank you very much for providing such a detailed explanation. Your video is undoubtedly superior to paid courses that tend to overcomplicate things and stretch on for more than 8 hours. I have a question: If I were to call Swiggy or a restaurant service directly, bypassing the gateway or discovery service, how would I handle authentication?
Thanks a lot 🙏
Thanks for the tutorial. I was waiting for this. How to handle token expired case.
Thank you so much. Can you do a video share how to config authorization with JWT in microservices ?
Thaaaaaaaaaaaaanks man! nice video
Really helpful. But I have couple of questions. You generated auth token in the same module where you register user and authenticate user. Is it a good practice? If I have 50 module that is registered with the api gateway, where should I generate refresh token? What is the best practice and what is best architecture ?
Wow Very Nicely Explained In Easy To Understand Manner. 1 Request can you please show how to implement role based authentication with Spring API Gateway ?
@Javatechie
Жыл бұрын
Yes buddy it's in queue i will upload soon
thanks a lot
Wooooow.... i seached a lot for this kind of scenario but i did not find and in so many interviews i faced this question and got stucked. A million thanks basanth.... it helps us a looooot......👏👏👏🤝🤝🤝🙏🙏🙏 Thanks you so much Next Please do videos on TESTING(mockito) microservices end to end and GLOBAL EXCEPTIONAL HANDLING (please think about it)
@Javatechie
Жыл бұрын
I will share the link with what you mentioned which i already uploaded. Even if you can search in the channel it's already there buddy
@Javatechie
Жыл бұрын
Exception handling : kzread.info/dash/bejne/mYSixo-hqrDFZqQ.html
@Javatechie
Жыл бұрын
Mockito testing: kzread.info/dash/bejne/epxlmax9oNaxocY.html
Thanks for sharing ❤ But how can we authenticate based on role. Here we can access the whole microservice but how can we access some end points of one microservice and other endpoint for another role.
Hi sir , great video . I have one question why we cant use simply OncePerRequestFilter here ? AbstractGatewayFilterFactory forcing many things like some un-necessary Config class , adding WebFlux depenecny even though we not even using any Webflux features .
Very good coverage ! I find the RouteValidator to be superficial. Why not using annotations on endpoints ?
A theoretical/conceptual question: Can we call this security API layer (identity-service) as an internal OAauth server? Since all authentication and authorization features have been delegated to this api for a client to be able to access a "resource server", it looks like a OAuth to me.
Hello Basant sir, just one question : we are providing token based only on user name if it exsits in db , is it good like generally we should provide on credentials match?
Thanks a lot. Jai jagarnath
Nice work man, please implement the swegger this application which is used for api documentation, thanks in advance
Thanks !!
Loved the explanations!! But, how can i do a role based authentication, like admin and user for example? I've faced with this question and got stucked. I wonder if you can help me.
Your explanation is amazing. Learned lot of concepts with this practical example. I have a request hope you would look into it. I need to integrate same service and gateway with AWS cognito as auth service. Possible to do one video on this. ?
@Javatechie
Жыл бұрын
Yes I will try that
Tq bro. I have one question . in statefull we save session in server side and same thing in stateless we are storing token what is the diff?
You are such a wonderful guy to share this useful information. Big thank you . When we have feature flag in external file and if you go toggle console and update it , will it change the flag in external file ? Also is there a way I can have some string values instead of Boolean value ?
@Javatechie
Жыл бұрын
Thanks buddy 🙂. No toggle switch won't update in file also i don't think we can set any string value for flag
HI, You created separate service for authentication purpose. what's the practice follow in real world? .I think API gateway will used for authentication right or what ?
Thanks for your informative vidoe, but I one quesiton if some know swiggy-service or restaurant-service end point then he/she can by pass the api-getway and directly call respective service, so how I can ensure that swiggy or restaurant service only accept request from api gateway
Thank you Basant ❤, this is like rock I really appreciate your time and efforts. Could you please also make a video for swagger in microservices services?
@Javatechie
Жыл бұрын
Swagger i have already implemented please check in my microservice playlist
@tararamgoyal2220
Жыл бұрын
@@Javatechie Thanks
You have one of the best educational channels out there. I would love to give you a constructive opinion: It would be great if you could change your microphone into something clearer, like what the java brain and Navin have. Trust me, it makes a huge difference.
@Javatechie
Жыл бұрын
Thanks Filz , i noted it and going forward i will come with better audio quality. Need to look into rode configuration
@archanasingh3060
Жыл бұрын
@@Javatechie 🎉d o 😢😢😢😮😊😂😅😅😅😅😮😮😮😮😮😅😮fq😢😢😢😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮
@Javatechie
Жыл бұрын
Archana not getting you
@filz4461
Жыл бұрын
@@Javatechie I think, that's a bot.
@Javatechie
Жыл бұрын
Even not getting you buddy. What do you mean by bot
Sir, Thanks for the great content ... sir how can we do role based authentication ? if role is user then user can access respective url and so on . pls suggest.
Thanks so much, it is the Best tutorial ive seen. I have one question. Hoy can I get the current loged user and roles from the servíces to make autorizations
@Javatechie
Жыл бұрын
Please check the next video you will get logged in user info but regarding Authorization i am working on it
What if you want to add roles to the service routes? Do you need to setup that at the token level?
what if we will cal the restarount api without gateway. from for exemple 8081. What will happen then? will auth work if i try without gateway ?
When i am trying to access through post man with identity service routes via gateway its giving me like "An expected CSRF token cannot be found". I guess my request has not been forwarded from api gateway to auth service. Because its preventing me due to spring security impl in api gateway. When i try to access it from a browser it redirects me to login page. What is the issue ?
Hello.. you are using 9898 port to token which is not part of the api-gateway , right ? then why you added this auth/token in Validator in api-gateway.
Hi Basant, Thank you for sharing the knowledge and for the informative content. I have one doubt...can we implement spring cloud gateway in kubernetes cluster or in any cloud platform ? Is it ideal to use spring cloud gateway as gateway API or cloud provided API gateway?
@Javatechie
8 ай бұрын
Yes we can in AWS please check my AWS playlist already i have done this video
Hi sir! I am grateful for this tutorial. In this tutorial you have two client services, one gate way, one security service and you added security in Api Gate. I like the way you did it. But i need to move forward and add some Authorization. Suppose in swiggy service there are some end points what only admin can access and some end points normal user can access. How to apply this type of Authorization. Would you please make second part of this tutorial please? I am following this tutorial and trying to learn. I tried to implement the security directly in the API GATE-WAY service. But that was not easy because gate-way supports webflux not the web.
@ASHISHKUMAR-jh9kw
Ай бұрын
make use of method level authorization and roles
@Javatechie
Ай бұрын
Yes I am still not finding any solution for this approach. Will check and update you
@sadiulhakim7814
Ай бұрын
@@Javatechie Thanks
@sadiulhakim7814
Ай бұрын
@@Javatechie I saw others using OAuth2 to solve this problem. KeyCloak is one of them.
Hi sir, I am using os linux and jdk1.8 for company project. But i have to practice whatever i learn from ur videos, Can you plz make 1 video how can we use projectwise different java versions in same system in eclipse IDE?
Direct to the point, that's the kind of videos I like! But i have a question: Which is the difference between secure microservices with JWT and securing them using Api Key, as you show us in one of your previous videos?
@Javatechie
Жыл бұрын
Thanks buddy. In case of api key you need to manually map key with specific service where jwt will be generic no manual mapping required
@hectorcortez7866
Жыл бұрын
@@Javatechie so in terms of best approach JWT would be a posible solution
@Javatechie
Жыл бұрын
Yes that's what my understanding
1:11:00 The rest call from gateway to auth service is not working. It is throwing an error saying cannot call from java.lang.illegalstateexception: block()/blockfirst()/blocklast() are blocking, which is not supported in thread reactor-http-nio-1. Please let me know if someone can help in this
instead of completely using spring cloud stack we can make this more OSS (open source stack) like every micro service is containerised (dockerised) then use KONG as API gateway. this way we can make the configuration more simple and reduce tight coupling.
@mirarima8877
Жыл бұрын
Could you please explain more about how that works?
@user-pi6wv9jn8j
11 ай бұрын
can you please come with your hands on similar like this using KONG.
after implementing spring security to microservices it will only validate token when URL passed through the API Gateway, what if we try to hit the URL of the particular service, how to stop that?
Firstly Thank you for all your tutorials. I tried this api gateway implementation and getting "An expected CSRF token cannot be found" when calling authenticate or register apis through gateway. It works if I directly call authentication service. Could you please help with this.
instead of using custom auth service can we use Azure AD with gateway?- with the same logic?