Spring Cloud Gateway for Stateless Microservice Authorization

preview_player
Показать описание
Improving and maintaining tech agility, time to market, and application modernization is challenging as the number of microservices we own and manage grows. How do you track who uses your applications? How can you establish and enforce common policies or flows to authenticate and authorize permissible use? How can you ensure effective governance?

In this talk, we'll share the approach at TD Ameritrade to solve these cross-cutting functions in an efficient and effective way. We'll discuss why and how we decided on API Gateway using Spring Cloud Gateway; the different use cases we're solving; our implementation for authentication and authorization leveraging IDP, OAuth2, and JSON web tokens; and how we brought the whole solution together for microservices running on Pivotal Platform.
Architects and developers attending this talk will see how the API Gateway pattern can help to successfully modernize web platforms with greater tech agility and faster time to market.

Speakers: Saravanan Paramasivam; Software Engineer, TD Ameritrade; Chris Jackson; Senior Developer, TD Ameritrade; Taher Saif; Sr. Manager, TD Ameritrade

Filmed at SpringOne Platform 2019

  1. SpringDeveloper
  2. Web Development (Interest)
  3. spring
  4. pivotal
  5. Web Application (Industry) Web Application Framework (Software Genre)
  6. Java (Programming Language)
Рекомендации по теме
Spring Cloud Gateway 0:36:32

Spring Cloud Gateway for Stateless Microservice Authorization

How to use 0:11:00

How to use the Spring Cloud Gateway Filter for Authentication | Microservices 3

Spring Cloud Gateway: 0:46:45

Spring Cloud Gateway: Resilience, Security, and Observability by Thomas Vitale @ Spring I/O 2022

Protect Your Microservices 0:28:10

Protect Your Microservices with Spring Cloud Gateway

Spring Cloud API 0:09:46

Spring Cloud API Gateway Filters with Example|SpringBoot|Microservice|Explained in English

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

Spring Cloud Gateway: 0:43:21

Spring Cloud Gateway: Resilience and Security • Thomas Vitale • GOTO 2021

Spring Cloud Gateway 0:17:13

Spring Cloud Gateway Filters Tutorial

Spring Cloud Gateway: 0:51:15

Spring Cloud Gateway: Resilience, Security, and Observability by Thomas Vitale

Spring Cloud Gateway 0:17:55

Spring Cloud Gateway Hello World Example

Securing Microservices with 0:55:48

Securing Microservices with API Key Based Auth - Spring Cloud Gateway | JavaTechie

Spring Cloud Microservices 0:11:07

Spring Cloud Microservices | Spring Cloud Gateway(Route, Predicate, Filter) | Dev2Prod Coding

Spring Cloud Gateway: 1:08:37

Spring Cloud Gateway: Resilience, Security, and Observability w/ Thomas Vitale

Reactive Java Microservices 0:31:53

Reactive Java Microservices with Spring Cloud Gateway

How Spring Cloud 0:25:16

How Spring Cloud Gateway Orchestrated Our App Modernization

Spring Cloud Gateway 0:08:41

Spring Cloud Gateway with OAuth2 Authorization Server | Authorization Server with Spring Security 2

Spring Cloud Gateway 0:11:59

Spring Cloud Gateway | Spring Boot

What is a 0:01:45

What is a stateless API Gateway? - KrakenD

Microservices Explained in 0:05:17

Microservices Explained in 5 Minutes

Top 6 Most 0:04:21

Top 6 Most Popular API Architecture Styles

How to implement 0:09:02

How to implement Spring Cloud Api Gateway filter - Pre Filter?

Tanzu Talk: Spring 0:32:26

Tanzu Talk: Spring Cloud Gateway, with Chris Sterling

How to configure 0:05:47

How to configure and use filters in API Gateway - Spring Cloud Starter Gateway

Spring Cloud API 0:08:38

Spring Cloud API Gateway ( End to End Example Series )

Комментарии
Автор

Could you please share a sample code implementation of the example of external IDP and token exchange?

ChinmayaDas
Автор

Def great vid. Thanks for the clear and clean explanations.

qwarlockz
Автор

Just those of us watching this now. Monolithic Architecture is not old school. It’s in fact should be the de-facto standard to start writing your application using a “Modular”approach until you find the need to migrate to “Microservices”.

khajalieubarrie
Автор

JWT is one of the best choices for Microservice AuthZ per my dev experience so far.

qinlingzhou
Автор

I'd like to get more information, on how access token between FE and gateway acts. What if IDP doesn't support that?

ogyct
Автор

Where can I find some example of your gateway api? Did you use and authorization code for the first token and client credentials for the second?

guillermopereira
Автор

How does each microservice verify the JWT token it receives is the valid one. Even if it verifies that it is valid by calculating decoding and decrypting how it identify this user request is authorized one.

cookiestechies
Автор

Hi! Why do we need to forward JWT token to microservices? Is it used to provide user information?

thanhlongtruong
Автор

FWIW JWT tokens standard says Encryption is optional

kellyfj
Автор

Can some one post Github link for this

princegovind
Автор

How will microservices verify that jwt is valid or not?

adityabansal
Автор

Also 29:01 FYI Signing is not the same as encryption

kellyfj
Автор

It could have been great if there was a practical example of the implementation. That could have really helped

pradhyumnakandamuru
Автор

Aggregating Data on the Gateway can be problematic, would not recommend that. Don't put business logic on the gateway.

noimah
Автор

Why offload something as important as identity to a third party?
That seems like a security issue...

kenmagg