Microservices Security Using JWT | Spring Cloud Gateway | JavaTechie

Поделиться
HTML-код
  • Опубликовано: 23 дек 2024

Комментарии •

  • @treefrog9392
    @treefrog9392 Год назад +37

    I feel like your explanations are even better than people who have english as their first language lol. You really do have a gift for this!

  • @impertator644
    @impertator644 Год назад +32

    I love you. Finally the architecture I'm looking for. A lot of tutorial are covering authentication for only one microservice and you are probably the only one that approaches the problem keeping in mind the whole microservice architecture.

    • @Javatechie
      @Javatechie  Год назад +1

      Thank you so much Lukasz for appreciating my work 🥰🥰

    • @hkkabir2024
      @hkkabir2024 Год назад +1

      you worth millions of like

    • @shortcuter4
      @shortcuter4 12 дней назад

      Is it still applicable in 2024, in the latest version of spring?

  • @pierreescudie1634
    @pierreescudie1634 3 месяца назад +2

    Finally found an understandable tutorial about securing a Spring Cloud Gateway microservices architecture! A thousand times thank you sir!

  • @shanmukpaila6956
    @shanmukpaila6956 2 месяца назад +1

    We need this kind of videos. It is an end to end tutorial for microservices with security + JWT. Plz make videos on real time deployments with microservice architecture.

  • @inhtruongvu7618
    @inhtruongvu7618 Год назад

    00:05 Triển khai Bảo mật dựa trên JWT trong microservice bằng Spring Cloud Gateway
    07:12 Hai dịch vụ vi mô, Swiggi Service và dịch vụ nhà hàng, đang liên lạc với nhau thông qua API Gateway.
    21:19 Cần phải viết một phương pháp để đăng ký người dùng, tạo mã thông báo và xác thực mã thông báo
    28:07 Đã triển khai các điểm cuối xác thực và xác thực mã thông báo.
    41:40 Xác định Dịch vụ chi tiết người dùng của riêng bạn để xác thực người dùng
    48:42 Đã hoàn tất triển khai dịch vụ nhận dạng
    1:02:00 Xác thực mã thông báo trong API Gateway
    1:09:10 Triển khai logic xác thực mã thông báo JWT trong Cổng
    1:22:07 Triển khai bảo mật microservice bằng xác thực JWT
    Crafted by Merlin AI.

  • @sunilchandran4u
    @sunilchandran4u Год назад +1

    This is Gold Boss... Thanks a ton for this video.. I lost most of my interview only because of not answering how to security is implemented in micro services question.... Appreciate your efforts.

  • @sivakumar-df9kk
    @sivakumar-df9kk Год назад +1

    Actually without your tutorial I couldn't learn easily new things implementation in spring app...
    You are Guru. Thanks lot.

    • @Javatechie
      @Javatechie  Год назад

      Thank you Siva . Keep learning 😃

  • @cristianlozadapadilla4896
    @cristianlozadapadilla4896 Год назад +3

    THIS IS THE VIDEO I WAS LOOKING FOR, THANKS SO MUCH FROM COLOMBIA

  • @dattatraybharde2902
    @dattatraybharde2902 Год назад +3

    Great Video sir, completely Awesome...Add the role based security through api gateway.

  • @sunderkrishnaupreti561
    @sunderkrishnaupreti561 Год назад +3

    Nobody explains like you do..Thank you very much for the video.

  • @TinoReyna1984
    @TinoReyna1984 10 месяцев назад

    Looks really simple, just as I used to implement the JWT service in a monolithic way, but porting everything to a new independent webservice to validate JWT to access any endpoint without compromising the other webservices.

  • @vedhlikith6252
    @vedhlikith6252 Год назад +5

    Best course available in youtube. Thankfully it is free. Keep up the good work

  • @ousmanefofana4495
    @ousmanefofana4495 5 месяцев назад +1

    i love you brother, you are the best teacher for learners in this field.

  • @naidu12341
    @naidu12341 8 месяцев назад +1

    No words Mind Blowing

  • @manoharanrajendiran568
    @manoharanrajendiran568 5 дней назад +1

    Hi , Boss, Thanks for the video , i am following you since 2018, your videos help me to get move forward .

  • @Akash-tq1ui
    @Akash-tq1ui Год назад +4

    Hi Basant ,
    Very useful tutorial however I have one doubt, In production when the token is generated by passing a valid username and password it should automatically pass the token to the gateway right but here I saw that you are manually passing the token to the gateway through Postman for accessing microservices, My question is how we can automatically pass the token to the gateway for accessing microservices when the token is generated

    • @Javatechie
      @Javatechie  Год назад +2

      Your question is genuine but this automatically stuff needs to handle from UI not from the backend

    • @Akash-tq1ui
      @Akash-tq1ui Год назад

      @@Javatechie ok thank you!

  • @baleshwariaddula4775
    @baleshwariaddula4775 9 месяцев назад +1

    Thank you so much for clear explain no one will explain like you.

  • @davidevangelista1774
    @davidevangelista1774 Год назад +1

    This is the best channel about Spring and stuffs of all RUclips. Thank you Java Techie.

  • @viveksingh-rt4py
    @viveksingh-rt4py 10 месяцев назад +1

    Awesome videos. Hats off to you in explaining it in a very simple and easy manner. One question.
    May I know if we have a requirement to secure our swiggy and restaurant service endpoint and grant access based on role, then how we can achieve this requirement .

  • @cd62
    @cd62 Год назад +1

    Waited last couple of month to get solution which you explain about validate and filter the request form spring cloud getway. ##you make my weekend Basant Sir.
    Thank you Sir

    • @Javatechie
      @Javatechie  Год назад

      Thanks buddy 😊. Keep learning 👍

  • @vaishali1843
    @vaishali1843 Год назад +1

    1:11:00 The rest call from gateway to auth service is not working. It is throwing an error saying cannot call from java.lang.illegalstateexception: block()/blockfirst()/blocklast() are blocking, which is not supported in thread reactor-http-nio-1. Please let me know if someone can help in this

  • @Nexgenstory
    @Nexgenstory 4 месяца назад +2

    Could you explain me : Client -> Security Service (GenerateToken) -> API Gateway -> MicroService1 (validate JWT) this flow is fine . What happen we request come directly to Client-> Microservice1 . How to check JWT for each endpoint.

    • @aishaprasad5555
      @aishaprasad5555 4 месяца назад +3

      How to block each microservice endpoint to access??

    • @PrajwalKuchewar
      @PrajwalKuchewar 2 месяца назад +1

      The API Gateway is like the front door to your entire microservices setup. Every request coming in or going out passes through it. Think of it as a super-secure, load-balanced gatekeeper that makes sure only the right people and requests get in.
      Once you’ve validated requests at the gateway, there’s no need to worry about extra authentication for internal services since they aren’t directly accessible from the outside world. This setup keeps everything neat, secure, and centralized, so your microservices can focus on what they do best-without worrying about who’s knocking on the door.

  • @sonliman2192
    @sonliman2192 4 месяца назад +2

    This video is very useful for me . Thank you for your time and explanation

  • @sadiulhakim7814
    @sadiulhakim7814 Год назад +5

    Hi sir! I am grateful for this tutorial. In this tutorial you have two client services, one gate way, one security service and you added security in Api Gate. I like the way you did it. But i need to move forward and add some Authorization. Suppose in swiggy service there are some end points what only admin can access and some end points normal user can access. How to apply this type of Authorization. Would you please make second part of this tutorial please? I am following this tutorial and trying to learn. I tried to implement the security directly in the API GATE-WAY service. But that was not easy because gate-way supports webflux not the web.

    • @ASHISHKUMAR-jh9kw
      @ASHISHKUMAR-jh9kw 8 месяцев назад +1

      make use of method level authorization and roles

    • @Javatechie
      @Javatechie  8 месяцев назад +2

      Yes I am still not finding any solution for this approach. Will check and update you

    • @sadiulhakim7814
      @sadiulhakim7814 8 месяцев назад

      @@Javatechie Thanks

    • @sadiulhakim7814
      @sadiulhakim7814 8 месяцев назад

      @@Javatechie I saw others using OAuth2 to solve this problem. KeyCloak is one of them.

    • @anon_geek
      @anon_geek 3 месяца назад

      @@Javatechie Hey, I found your video helpful, however I wanted to inquire, did you find any solution for this approach?

  • @truthpath184
    @truthpath184 Год назад +1

    Hi Basant sir, Jwt in microservices explanation is so good. Thank you so much...

  • @pavankumarmantha
    @pavankumarmantha Год назад +6

    instead of completely using spring cloud stack we can make this more OSS (open source stack) like every micro service is containerised (dockerised) then use KONG as API gateway. this way we can make the configuration more simple and reduce tight coupling.

    • @mirarima8877
      @mirarima8877 Год назад +1

      Could you please explain more about how that works?

    • @amankumar-f4n5r
      @amankumar-f4n5r Год назад

      can you please come with your hands on similar like this using KONG.

  • @manoharanagiaploshan4348
    @manoharanagiaploshan4348 Год назад +1

    Searching every where finally got it thanks sir 😀

  • @MohitKumar-bc1rs
    @MohitKumar-bc1rs Год назад +1

    Best video you can find for JWT auth ❤

  • @arundhwajiiith
    @arundhwajiiith Год назад +1

    Thanks a lot.
    I am looking for security in Microservices architecture. It is one of the best way, you have explained.

  • @hkkabir2024
    @hkkabir2024 Год назад +2

    Hello sir. there is api still open for each microservice. like calling the order in it's own microservice with port like localhost: 8082 then api is open . if anyone can call that api wihout gateway and security then what is the usage of jwt ???

    • @Javatechie
      @Javatechie  Год назад +1

      Simple question can you please answer me how the user will know about the endpoints of your microservice ?

    • @hkkabir2024
      @hkkabir2024 Год назад +2

      @@Javatechie using url or somehow user know the endpoint or hacker know the endpoint. so the endpoints are not secured for each MS. you have to reconsider your code and try to figure out how to secure all the endpoints separately also

    • @Javatechie
      @Javatechie  Год назад +1

      @@hkkabir2024 no buddy it will be known by user only if you exposed it . If we are doing that then it's the wrong approach then what is the need for a gateway?

  • @TalhaHussain-zy9gw
    @TalhaHussain-zy9gw 6 месяцев назад +7

    It is authenticated only when it routes through the gateway. But the end point for the micro services are still open how to secure that?

    • @vinaygoswami5374
      @vinaygoswami5374 5 месяцев назад

      I think we need to implement spring security at service level for each service

    • @ahammedhussain9335
      @ahammedhussain9335 4 месяца назад

      Is there any solution for this issue?

    • @vinaygoswami5374
      @vinaygoswami5374 4 месяца назад +1

      @@ahammedhussain9335 I think the services need not to be public, so we cannot access them directly, we can only access them through gateway as the end user, and at gateway we filter request to check for the token and authentication for routing the request to the appropriate service.

    • @darshanrajashekhar5914
      @darshanrajashekhar5914 4 месяца назад

      No no just implement cross origin bro

    • @vinaygoswami5374
      @vinaygoswami5374 4 месяца назад

      @@darshanrajashekhar5914 please elaborate

  • @nileshdasarwad1668
    @nileshdasarwad1668 6 дней назад +1

    Thank you so much sir for wonderful explanation ❤

  • @arnold123user
    @arnold123user Год назад +1

    since springboot 3.0 you dont have to do @EnableDiscoveryClient annotation. It is enough that dependency is defined in pom.xml

    • @Javatechie
      @Javatechie  Год назад

      I haven't tried , will check and update you

  • @sahilpatel2885
    @sahilpatel2885 Год назад +1

    I had been waiting for this topic for long time. Finally wait is over.

  • @alegutierrezmusic
    @alegutierrezmusic Месяц назад

    Thank you so much great video. Just wanted to mention that oauth 2.1 removed the password grant type so a generated client_credentials would be a better option, and would like to see an updated video on that implementation.

  • @C410-u7t
    @C410-u7t Год назад +1

    Let me ask you a question. If, for example, I try to access the restaurant service directly (giving the restaurant service port), that is, without going through Gateway, I will skip the validate token part, right? So the restaurant service isn't protected at all, is it?

    • @Javatechie
      @Javatechie  Год назад

      Then what is the need of the API gateway buddy? If you will directly expose your microservice endpoints to users

    • @C410-u7t
      @C410-u7t Год назад

      ​@@Javatechie The point is, if a hacker knows the port of my services (for somehow), he can easily access them.

    • @omkarprakashbhosale8338
      @omkarprakashbhosale8338 Год назад

      Do you get any solution regarding this

    • @omkarprakashbhosale8338
      @omkarprakashbhosale8338 Год назад

      ​@@Javatechie then how disallow it...?....bcz if somebody knows our port...he can access it

    • @Javatechie
      @Javatechie  Год назад

      Knowing only port how someone can access buddy? We shouldn't expose our microservice endpoints even though it's exposed then we need to implement cross origin so that if the request comes from only api gateway then only allow that.

  • @premraj.m
    @premraj.m 9 месяцев назад +1

    52:00 Auth service integrate with Gateway
    56:00 Validate token

  • @suresh1250
    @suresh1250 8 месяцев назад +1

    Thank you very much for providing such a detailed explanation. Your video is undoubtedly superior to paid courses that tend to overcomplicate things and stretch on for more than 8 hours.
    I have a question: If I were to call Swiggy or a restaurant service directly, bypassing the gateway or discovery service, how would I handle authentication?

    • @vivekbansal-bc9eg
      @vivekbansal-bc9eg 4 месяца назад +1

      you can't but you can make that api endpoint in api gateway itself

  • @umeshchandra6201
    @umeshchandra6201 Год назад +1

    Excellent Explanation. this is the Video i was looking for. thanks

  • @rachidbenkitou9023
    @rachidbenkitou9023 Год назад +1

    Good explanation, your course was clear and understandable.

  • @AlmustaphaTukurUmar
    @AlmustaphaTukurUmar Год назад +3

    This Video is really helpful, Pls. Can you cover Role base authentication and Authorization on the individual microservices?

    • @ramojiseemakurthi155
      @ramojiseemakurthi155 Месяц назад +1

      My approach for this is to apply filters to individual microservice,
      in which set up the securitycontextholder
      which would look something like below
      UsernamePasswordAuthenticationToken authenticationToken =
      new UsernamePasswordAuthenticationToken(username, null, authorities);
      SecurityContextHolder.getContext().setAuthentication(authenticationToken);
      This is working for me.

  • @Full-Stack-Project
    @Full-Stack-Project Год назад +1

    Nice video we learn couple of thing related to microservices and spring security ❤❤❤

  • @AmitBenShimon
    @AmitBenShimon Год назад +2

    why did you copy the code of "/validate" to gateway? It's useless now in the identity-service if you run this piece of code from the gateway

    • @Javatechie
      @Javatechie  Год назад

      Rather than doing another rest call to identity service i have used it in gateway itself

    • @AmitBenShimon
      @AmitBenShimon Год назад +1

      @@Javatechie i get that, but if this was the goal all along, then why did we implement this in the id-service to begin with? I want to avoid duplicate code.

  • @PrashantJannu
    @PrashantJannu 6 месяцев назад +1

    Thanks aTon Sir ❤, No one can match your Explanation level 👍

  • @ManishNegi-il1kf
    @ManishNegi-il1kf 5 месяцев назад +2

    Its a very best content which i ever seen in across youtube .. thanks basant keep it up..

  • @SayemHasnat-e4h
    @SayemHasnat-e4h Год назад +1

    it's awsome,,
    I was trying to solve this kind of problem and this tutorial helps me a lot.
    Thank You so much for the video tutorial.

  • @Mohamed-uf5jh
    @Mohamed-uf5jh 11 месяцев назад +1

    Thanks Sir , Good explanation, your course was clear and understandable.

  • @faixan13
    @faixan13 10 месяцев назад

    finally someone addressed this scenario with proper explanation. Thanks as always.
    one question that if auth service also has to pass through api gateway and we didn't add filter param in gateways routes for auth service then why we are checking those urls through validators in authentication filter ? because request will never land on filter in case of /register and /token api

    • @Javatechie
      @Javatechie  10 месяцев назад

      No usually we should do a rest call to identify service from gateway to validate and get token but here to avoid that I have directly used jwt logic in gateway that's why it's confusing for you

    • @faixan13
      @faixan13 10 месяцев назад

      ​@@Javatechie but that rest call we are doing lately when all the checks are true before that. I am talking about that "if" condition in start (validator.isSecured.test(exchange.getRequest())) {
      because in this condition we are checking /register and /token urls to bypass the token check and according to implementation when we will call register or token it would never land on Authentication Filter.
      let me know if I am missing something still.

    • @Javatechie
      @Javatechie  10 месяцев назад

      That's correct right. In the filter we had token validation logic right? So when i don't want to authenticate the user for the first time login then why do you want this to be delegated to filter what is the sense here ?
      Let me know if I understand your concern correctly. If not please drop an email to javatechie4u@gmail.com

    • @faixan13
      @faixan13 10 месяцев назад

      @@Javatechie no I dont want to authenticate for the first time.
      I am just saying that, main if condition is of no use when we will call /register or /token , it does not matter if the condition is there or not.
      Will email no problem

    • @Javatechie
      @Javatechie  10 месяцев назад

      @@faixan13 okay simple things buddy remove those 2 url from validator don't bypass it and run your app then test . Hope you will get your point.

  • @pvsree
    @pvsree Год назад +1

    Explained very well. My doubt is if there are 100s of microservices all the call will go through API gate way and the auth Service, how to handle API gateway or auth service failure ?

    • @Javatechie
      @Javatechie  Год назад

      You need to handle it through DR . In microservice world 🌎 no guarantee of 0 downtime

    • @pvsree
      @pvsree Год назад

      @@Javatechie thanks

  • @sidimohamedelhamed4419
    @sidimohamedelhamed4419 Год назад +1

    Thank you! how is it going if i have the UserData in an other service, is there any video with this case ?

    • @Javatechie
      @Javatechie  Год назад

      In our case also user data available in other services right

  • @MedAliJelidi
    @MedAliJelidi Год назад +1

    Thank you! but i have a question! is this enough in term of security in my application and how can i add more security layers

    • @Javatechie
      @Javatechie  Год назад

      This is the way to implement in microservice but if you want more secure then better use 3rd party identity providers like okta or keyclok. I already uploaded a video of keyclok using microservice

  • @MustafaCam-uv5fr
    @MustafaCam-uv5fr 5 месяцев назад +1

    great job Sr. does it come with new spring boot verison

  • @ВитяМаксимов-л9ш
    @ВитяМаксимов-л9ш 3 месяца назад +2

    Bro, thank you!!! God bless you!!!

  • @erichhc9698
    @erichhc9698 Год назад +2

    I've been waiting this long, thanks java techie greetings from peru😎

  • @sandeepjayaram83
    @sandeepjayaram83 6 месяцев назад +1

    Very good explanation, have one doubt in jwt tutorial you mentioned to validate token you passed token and user details object , but here in api gateway you are passing just token , what if I modify token , and how api gateway is validating modified token since we are not passing user details object

    • @Javatechie
      @Javatechie  6 месяцев назад

      In jwt from token we extract user details . We Don't pass user details explicitly

    • @sandeepjayaram83
      @sandeepjayaram83 6 месяцев назад

      @@Javatechie was mentioning about below method , can u plz explain here we are just passing token we r not extracting username
      public void validateToken(final String token) {
      Jwts.parserBuilder().setSigningKey(getSignKey()).build().parseClaimsJws(token);
      }

    • @Javatechie
      @Javatechie  6 месяцев назад

      Please Debug parseClaim method you Will understand from token what all we are extracting

  • @phanimc11211
    @phanimc11211 Год назад +2

    Thank you very much for the video., if restaurant service has to call swiggy service using rest template, now we have to include jwt token in httpheaders otherwise we will get 401 authorization as we have implemented jwt authentication is my understanding correct please let me know

    • @Javatechie
      @Javatechie  Год назад

      No phani , we haven't implemented security in microservice level we have added on gateway level so inter communication doesn't require any authentication mechanism

    • @phanimc11211
      @phanimc11211 Год назад +1

      @@Javatechie 🙏🙏👍thanks

  • @giansiccardi6151
    @giansiccardi6151 6 месяцев назад +1

    bro you helped me a lot, thank you very much and greetings from Argentina

  • @yuvrajph4754
    @yuvrajph4754 Год назад +1

    Awesome video Bhai.. much needed.. thanks a lot for the content shared. 🎉

  • @jahc007
    @jahc007 Год назад +1

    Thanks so much, it is the Best tutorial ive seen. I have one question. Hoy can I get the current loged user and roles from the servíces to make autorizations

    • @Javatechie
      @Javatechie  Год назад +1

      Please check the next video you will get logged in user info but regarding Authorization i am working on it

  • @jh_super_soccer
    @jh_super_soccer Год назад +1

    This is what, I was waiting for ,Very Helpful for me

  • @sriramvenky7926
    @sriramvenky7926 Год назад +1

    thanks for giving us this much excellent content and awesome video

  • @priyakoli5572
    @priyakoli5572 Месяц назад +1

    Do we need to remember JwtService class? i mean do we need to remember all the methods what all it does or we already have it written somewhere in any libraries?

    • @Javatechie
      @Javatechie  Месяц назад

      No nothing to remember it's just how we play with token that's what we have define in that classes. I don't find any utility library as such

  • @RustemReizov
    @RustemReizov Год назад +1

    Why did you create bean UserDetailsService if CustomUserDetailsService anotated with @Component?
    Wouldn't it be better create argument UserDetailsService into authenticationProvider method?

    • @Javatechie
      @Javatechie  Год назад

      Buddy i create a bean of interface where the implementation is CustomUDService

    • @RustemReizov
      @RustemReizov Год назад +1

      @@Javatechie Isn't it unnecessary to create a bean? @Component itself creates the bean, you can simply pass it to the method?

    • @Javatechie
      @Javatechie  Год назад

      Got your points and Agree buddy

  • @kaushikmitra1982
    @kaushikmitra1982 Год назад +1

    Awesome explanation !!! Really i feel that you are one of the most amazing solution architect !!!

    • @Javatechie
      @Javatechie  Год назад

      Thank you for appreciating buddy. I am just a senior software Engineer not an architect 🤪🤪

  • @tanvirahmed7399
    @tanvirahmed7399 Год назад +1

    If I want to add userId to the order table as a primary key then how can I get the current logged-in user so that I can take the user credential then take userId and place it into the order table?

    • @Javatechie
      @Javatechie  Год назад

      From controller method just call principal.getUserName()

    • @tanvirahmed7399
      @tanvirahmed7399 Год назад

      ​@@Javatechie Thanx for the reply.
      what about swaggy microservice or restaurant microservice. there has no security configuration so how I can get the logged-in user from swaggy or restaurant microservice?

  • @kd7944
    @kd7944 Год назад +1

    Wonderful. Thank you very much for sharing

  • @dineshrajput1821
    @dineshrajput1821 Месяц назад

    In the gateway service when we create authfilter is good to copy default methods and paste them or memorize them bc there is a lot methods? at 59:52 onwards

  • @saurabhmaurya6964
    @saurabhmaurya6964 Год назад +1

    is there any way to get the exact exception message in response ? in gateway

    • @Javatechie
      @Javatechie  Год назад

      Yes we can do that

    • @saurabhmaurya6964
      @saurabhmaurya6964 Год назад

      @@Javatechie how ...i tried with global exception handling but for that web dependency required..but web and gateway both are not compatible with each other.. so how are to?..

    • @Javatechie
      @Javatechie  Год назад

      Yes correct but gateway we have used wwbflux right so we can use global exception handling for reactive approach but wait let me do some cross check will update in same thread

    • @Javatechie
      @Javatechie  Год назад

      Can't we play with the fallback method of resilense4j

    • @saurabhmaurya6964
      @saurabhmaurya6964 Год назад

      @@Javatechie so we have to write fallback method to get the proper exception...am I right?..

  • @vaderashyam7207
    @vaderashyam7207 Год назад +3

    Wow Very Nicely Explained In Easy To Understand Manner.
    1 Request can you please show how to implement role based authentication with Spring API Gateway ?

    • @Javatechie
      @Javatechie  Год назад +2

      Yes buddy it's in queue i will upload soon

  • @supun_sandaruwan
    @supun_sandaruwan Год назад +1

    superb clear video

  • @priyakoli5572
    @priyakoli5572 Месяц назад +1

    Can we explain this when we were asked in interview explain security in microservices and where you will implement in API Gateway or in each microservices?

    • @Javatechie
      @Javatechie  Месяц назад +1

      Yes you can absolutely explain this architecture or just explicitly new identity service which i mentioned in presentation both approach acceptable

  • @nirmesh44
    @nirmesh44 Год назад +1

    The best explanation

  • @filz4461
    @filz4461 Год назад +4

    You have one of the best educational channels out there. I would love to give you a constructive opinion: It would be great if you could change your microphone into something clearer, like what the java brain and Navin have. Trust me, it makes a huge difference.

    • @Javatechie
      @Javatechie  Год назад +2

      Thanks Filz , i noted it and going forward i will come with better audio quality. Need to look into rode configuration

    • @archanasingh3060
      @archanasingh3060 Год назад +1

      ​@@Javatechie 🎉d o 😢😢😢😮😊😂😅😅😅😅😮😮😮😮😮😅😮fq😢😢😢😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮

    • @Javatechie
      @Javatechie  Год назад

      Archana not getting you

    • @filz4461
      @filz4461 Год назад

      @@Javatechie I think, that's a bot.

    • @Javatechie
      @Javatechie  Год назад

      Even not getting you buddy. What do you mean by bot

  • @adanali3652
    @adanali3652 Год назад

    You are super talented man.clear explanation .Thank you

  • @lucienmakutano3574
    @lucienmakutano3574 11 месяцев назад +1

    Thank you for this tutorial... Kudos

  • @anhtai5332
    @anhtai5332 Год назад +1

    Thank you so much. Can you do a video share how to config authorization with JWT in microservices ?

  • @rounakmaity4
    @rounakmaity4 6 месяцев назад +1

    Excellent Work....Thank you

  • @PatilShantanu-c2t
    @PatilShantanu-c2t Год назад +1

    Thank you, Basant Bhai...

  • @ShantanuSharma26
    @ShantanuSharma26 4 месяца назад

    Great Video! Need some more info : How do we avoid scattering secret? it can be stolen from code repo. How will the services be talking to each other? How will they get the token? Also how to enable HTTPS with proper handling of secrets.

  • @geosystems2106
    @geosystems2106 9 месяцев назад

    Very good coverage ! I find the RouteValidator to be superficial. Why not using annotations on endpoints ?

  • @vamsikrishna8643
    @vamsikrishna8643 Год назад +1

    Nice work man, please implement the swegger this application which is used for api documentation, thanks in advance

  • @serigneibrahimafall6322
    @serigneibrahimafall6322 Год назад +1

    Wonderful and clearly explained. I want just to know how to access authentication info (principal for example) and how to do authorization if needed in microservices

    • @Javatechie
      @Javatechie  Год назад +1

      Please check the video below 👇 you will get an idea ruclips.net/video/qODoDq5_hAM/видео.html

    • @serigneibrahimafall6322
      @serigneibrahimafall6322 Год назад +1

      @@Javatechie Thanks a lot

  • @AjayGupta-ob8oe
    @AjayGupta-ob8oe Год назад +1

    Thanks for sharing the knowledge ❤

  • @Canarticho
    @Canarticho Год назад +1

    Hello basant, should I define the sessionCreationPolicy to SessionCreationPolicy.STATELESS inside the securityFilterChain to precise I don't want to use jsessionid ?

  • @ViswanathSandilyaJandhyala
    @ViswanathSandilyaJandhyala 11 месяцев назад +1

    Hi @javatechie
    I have a question. What is i dont want to validate the token in cloud-gateway. every request which is coming to gateway and cloud-gateway has to call identity-service to validate the token and send back to cloud-gateway and based on the response it will call the endpoint or throw an exception. Is it possible ??

    • @Javatechie
      @Javatechie  11 месяцев назад

      Yes it's absolutely possible that is what I explained in PPT but while explaining code I have added validateToken logic in gateway but you can do that easily just refer flow it will be dead easy

  • @dhirajchavan8364
    @dhirajchavan8364 Год назад +1

    Thanks!! Helpful for basic understanding.

  • @vivekbansal-bc9eg
    @vivekbansal-bc9eg 4 месяца назад +1

    Won't the rest template call to identity service will be blocking and will lead to an issue?

    • @Javatechie
      @Javatechie  4 месяца назад

      Yes it should be synchronous

  • @shivansh7100
    @shivansh7100 11 месяцев назад +1

    Hi Basant, Its really good explanation, I have one doubt, how should we handle @PreAuthorize in our microservices in case we are following this pattern.
    Please do answer me , its really urgent for me.

    • @Javatechie
      @Javatechie  11 месяцев назад

      Hello Shivansh , I am also not sure about your question if we will go with pre Authorize annotations then in every microservice we need to implement security but that's what is not advisable.i am looking into solution will update you once I find

    • @shivansh7100
      @shivansh7100 10 месяцев назад +1

      @@Javatechie thanks

  • @xiaoze3234
    @xiaoze3234 Месяц назад +1

    may i know why feign cannot use within the custom filter,i had issue that my feign is null

    • @Javatechie
      @Javatechie  Месяц назад

      I guess we can use it. But not sure whether will it work with traditional api call or not will check and update

  • @malam3958
    @malam3958 Год назад +1

    Thanks for sharing this video.
    I have one question. Do we need of validator.isSecure for endpoints /token, /register, /validateToken? I think no because we are not applying filter for IdentityService then obviously API Gateway will not use the filter. Please correct me I am wrong.

    • @Javatechie
      @Javatechie  Год назад

      Yes it's required otherwise wise how can we bipass the request. Currently I am not calling identity service api but as per best practices it's good to do rest API call to validate the token hence above URL required to bypass

  • @Crazyfactzz123
    @Crazyfactzz123 9 месяцев назад +1

    Thank you for this wonderful video❤️❤️

  • @gopisambasivarao5282
    @gopisambasivarao5282 Год назад

    Thanks so much Basant. Appreciate your efforts. I am learning lot from your videos. Waiting for more videos.

  • @romanas7587
    @romanas7587 10 месяцев назад +1

    Loved your explaination ❤❤❤❤

  • @sudheerkumar-tp1mg
    @sudheerkumar-tp1mg Год назад +1

    Hi Sir, actually regarding sso in every RUclips tutorial up to okta telling, but how to modify the database of existing application because already users everything is present, please suggest any video on this.

  • @fsoldierdeth
    @fsoldierdeth Год назад +1

    i have a question, what if i have 3 microservices (agency -> service -> activities ) and i want to get all activities from the services that an agency offers, do i need to ask for the token 3 times?

    • @Javatechie
      @Javatechie  Год назад +1

      It should be done in one go , simply we are applying security on the entry point not in individual microservice

  • @ManivannanBeat
    @ManivannanBeat 5 месяцев назад

    Could you please tell me, what kind of design pattern have you used in the microservice apoplication

  • @AvinashJ21
    @AvinashJ21 7 месяцев назад +1

    Thank you so much !!
    But how can we restrict direct access to individual microservices

    • @Javatechie
      @Javatechie  7 месяцев назад +1

      Only one way to avoid exposing them

  • @kevinameda2711
    @kevinameda2711 Год назад +1

    Thank you for such an awesome lecture. We many of us benefit from such work. Continue teaching brother

  • @krishnan6201
    @krishnan6201 Год назад +1

    how spring cloud check that request came from web or mobile app and executes corresponding version of RequestMapping method. can you please clarify my query?

    • @Javatechie
      @Javatechie  Год назад

      There is no such mechanism whether it's mobile or web app endpoint will always be the same buddy .

    • @krishnan6201
      @krishnan6201 Год назад

      @@Javatechie i am facing interview questions about it. i can't able to answer that. what could expert answer from you. plz help me on this.

    • @Javatechie
      @Javatechie  Год назад

      For desktop or mobile view frontend team needs to design responsive pages. Nothing to do from the backend

    • @krishnan6201
      @krishnan6201 Год назад +1

      thanks @@Javatechie

  • @pratheeban3650
    @pratheeban3650 Год назад +1

    Basant can you tell me how to JWT token pass through one service to another service as we only sent the payload (order details) to call restaurant API. Here how JWT propagation happening

    • @Javatechie
      @Javatechie  Год назад

      Jwt will only pass to api gateway for authentication It won't pass to other microservices Please debug the filter class you will understand