Microservices Security Using JWT | Spring Cloud Gateway | JavaTechie

Поделиться
HTML-код
  • Опубликовано: 20 сен 2024
  • This tutorial will guide you How to secure your microservices with with JWT Authentication using Spring Cloud Gateway.
    We are going to discuss an architecture in which one microservice will act as a api gateway service which does central authentication, redirect an incoming request to other microservices. The main advantage of this architecture is you can easily add multiple microservices to the system and all authentication, authorization will be taken care from a central unit
    #Javatechie #Microservice #Security #JWT
    Spring boot microservice Live course Just started (Recordings available)
    Hurry-up & Register today itself!
    COURSE LINK : javatechie5246...
    PROMO CODE : Java40
    GitHub:
    github.com/Jav...
    Blogs:
    / javatechie
    Facebook:
    / javatechie
    guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
    Disclaimer/Policy:
    --------------------------------
    Note : All uploaded content in this channel is mine and its not copied from any community ,
    you are free to use source code from above mentioned GitHub account

Комментарии • 490

  • @Nexgenstory
    @Nexgenstory Месяц назад +2

    Could you explain me : Client -> Security Service (GenerateToken) -> API Gateway -> MicroService1 (validate JWT) this flow is fine . What happen we request come directly to Client-> Microservice1 . How to check JWT for each endpoint.

    • @aishaprasad5555
      @aishaprasad5555 Месяц назад +3

      How to block each microservice endpoint to access??

  • @pierreescudie1634
    @pierreescudie1634 24 дня назад +2

    Finally found an understandable tutorial about securing a Spring Cloud Gateway microservices architecture! A thousand times thank you sir!

  • @treefrog9392
    @treefrog9392 Год назад +35

    I feel like your explanations are even better than people who have english as their first language lol. You really do have a gift for this!

  • @impertator644
    @impertator644 Год назад +28

    I love you. Finally the architecture I'm looking for. A lot of tutorial are covering authentication for only one microservice and you are probably the only one that approaches the problem keeping in mind the whole microservice architecture.

    • @Javatechie
      @Javatechie  Год назад +1

      Thank you so much Lukasz for appreciating my work 🥰🥰

    • @hkkabir2024
      @hkkabir2024 10 месяцев назад +1

      you worth millions of like

  • @cd62
    @cd62 Год назад +1

    Waited last couple of month to get solution which you explain about validate and filter the request form spring cloud getway. ##you make my weekend Basant Sir.
    Thank you Sir

    • @Javatechie
      @Javatechie  Год назад

      Thanks buddy 😊. Keep learning 👍

  • @sunilchandran4u
    @sunilchandran4u Год назад +1

    This is Gold Boss... Thanks a ton for this video.. I lost most of my interview only because of not answering how to security is implemented in micro services question.... Appreciate your efforts.

  • @vedhlikith6252
    @vedhlikith6252 Год назад +5

    Best course available in youtube. Thankfully it is free. Keep up the good work

  • @sivakumar-df9kk
    @sivakumar-df9kk Год назад +1

    Actually without your tutorial I couldn't learn easily new things implementation in spring app...
    You are Guru. Thanks lot.

    • @Javatechie
      @Javatechie  Год назад

      Thank you Siva . Keep learning 😃

  • @sonliman2192
    @sonliman2192 Месяц назад +2

    This video is very useful for me . Thank you for your time and explanation

  • @ousmanefofana4495
    @ousmanefofana4495 Месяц назад +1

    i love you brother, you are the best teacher for learners in this field.

  • @arundhwajiiith
    @arundhwajiiith Год назад +1

    Thanks a lot.
    I am looking for security in Microservices architecture. It is one of the best way, you have explained.

  • @dattatraybharde2902
    @dattatraybharde2902 9 месяцев назад +3

    Great Video sir, completely Awesome...Add the role based security through api gateway.

  • @pavankumarmantha
    @pavankumarmantha Год назад +5

    instead of completely using spring cloud stack we can make this more OSS (open source stack) like every micro service is containerised (dockerised) then use KONG as API gateway. this way we can make the configuration more simple and reduce tight coupling.

    • @mirarima8877
      @mirarima8877 Год назад +1

      Could you please explain more about how that works?

    • @amankumar-f4n5r
      @amankumar-f4n5r Год назад

      can you please come with your hands on similar like this using KONG.

  • @davidevangelista1774
    @davidevangelista1774 Год назад +1

    This is the best channel about Spring and stuffs of all RUclips. Thank you Java Techie.

  • @cristianlozadapadilla4896
    @cristianlozadapadilla4896 Год назад +3

    THIS IS THE VIDEO I WAS LOOKING FOR, THANKS SO MUCH FROM COLOMBIA

  • @PrashantJannu
    @PrashantJannu 2 месяца назад +1

    Thanks aTon Sir ❤, No one can match your Explanation level 👍

  • @TinoReyna1984
    @TinoReyna1984 7 месяцев назад

    Looks really simple, just as I used to implement the JWT service in a monolithic way, but porting everything to a new independent webservice to validate JWT to access any endpoint without compromising the other webservices.

  • @truthpath184
    @truthpath184 11 месяцев назад +1

    Hi Basant sir, Jwt in microservices explanation is so good. Thank you so much...

  • @baleshwariaddula4775
    @baleshwariaddula4775 6 месяцев назад +1

    Thank you so much for clear explain no one will explain like you.

  • @filz4461
    @filz4461 Год назад +4

    You have one of the best educational channels out there. I would love to give you a constructive opinion: It would be great if you could change your microphone into something clearer, like what the java brain and Navin have. Trust me, it makes a huge difference.

    • @Javatechie
      @Javatechie  Год назад +2

      Thanks Filz , i noted it and going forward i will come with better audio quality. Need to look into rode configuration

    • @archanasingh3060
      @archanasingh3060 Год назад +1

      ​@@Javatechie 🎉d o 😢😢😢😮😊😂😅😅😅😅😮😮😮😮😮😅😮fq😢😢😢😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮

    • @Javatechie
      @Javatechie  Год назад

      Archana not getting you

    • @filz4461
      @filz4461 Год назад

      @@Javatechie I think, that's a bot.

    • @Javatechie
      @Javatechie  Год назад

      Even not getting you buddy. What do you mean by bot

  • @SayemHasnat-e4h
    @SayemHasnat-e4h Год назад +1

    it's awsome,,
    I was trying to solve this kind of problem and this tutorial helps me a lot.
    Thank You so much for the video tutorial.

  • @sunderkrishnaupreti561
    @sunderkrishnaupreti561 Год назад +2

    Nobody explains like you do..Thank you very much for the video.

  • @AlmustaphaTukurUmar
    @AlmustaphaTukurUmar 9 месяцев назад +2

    This Video is really helpful, Pls. Can you cover Role base authentication and Authorization on the individual microservices?

  • @maheshy5168
    @maheshy5168 Год назад +1

    Wooooow.... i seached a lot for this kind of scenario but i did not find and in so many interviews i faced this question and got stucked. A million thanks basanth.... it helps us a looooot......👏👏👏🤝🤝🤝🙏🙏🙏 Thanks you so much
    Next Please do videos on TESTING(mockito) microservices end to end and GLOBAL EXCEPTIONAL HANDLING (please think about it)

    • @Javatechie
      @Javatechie  Год назад

      I will share the link with what you mentioned which i already uploaded. Even if you can search in the channel it's already there buddy

    • @Javatechie
      @Javatechie  Год назад

      Exception handling : ruclips.net/video/gPnd-hzM_6A/видео.html

    • @Javatechie
      @Javatechie  Год назад

      Mockito testing: ruclips.net/video/Hh17JDpsKqc/видео.html

  • @ManishNegi-il1kf
    @ManishNegi-il1kf Месяц назад +2

    Its a very best content which i ever seen in across youtube .. thanks basant keep it up..

  • @viveksingh-rt4py
    @viveksingh-rt4py 7 месяцев назад +1

    Awesome videos. Hats off to you in explaining it in a very simple and easy manner. One question.
    May I know if we have a requirement to secure our swiggy and restaurant service endpoint and grant access based on role, then how we can achieve this requirement .

  • @sadiulhakim7814
    @sadiulhakim7814 9 месяцев назад +5

    Hi sir! I am grateful for this tutorial. In this tutorial you have two client services, one gate way, one security service and you added security in Api Gate. I like the way you did it. But i need to move forward and add some Authorization. Suppose in swiggy service there are some end points what only admin can access and some end points normal user can access. How to apply this type of Authorization. Would you please make second part of this tutorial please? I am following this tutorial and trying to learn. I tried to implement the security directly in the API GATE-WAY service. But that was not easy because gate-way supports webflux not the web.

    • @ASHISHKUMAR-jh9kw
      @ASHISHKUMAR-jh9kw 4 месяца назад +1

      make use of method level authorization and roles

    • @Javatechie
      @Javatechie  4 месяца назад +2

      Yes I am still not finding any solution for this approach. Will check and update you

    • @sadiulhakim7814
      @sadiulhakim7814 4 месяца назад

      @@Javatechie Thanks

    • @sadiulhakim7814
      @sadiulhakim7814 4 месяца назад

      @@Javatechie I saw others using OAuth2 to solve this problem. KeyCloak is one of them.

    • @anon_geek
      @anon_geek 25 дней назад

      @@Javatechie Hey, I found your video helpful, however I wanted to inquire, did you find any solution for this approach?

  • @MohitKumar-bc1rs
    @MohitKumar-bc1rs Год назад +1

    Best video you can find for JWT auth ❤

  • @AnilKumar-cc8px
    @AnilKumar-cc8px Год назад +3

    Grateful for such a wonderful insight on Microservices security. It will definitely help me to improve skills in my projects. Thankyou so much for the efforts. I'm learning a lot from your channel. Awaiting for more interesting videos.

    • @Javatechie
      @Javatechie  Год назад +1

      Thanks buddy keep learning 😃

  • @manoharanagiaploshan4348
    @manoharanagiaploshan4348 Год назад +1

    Searching every where finally got it thanks sir 😀

  • @vaderashyam7207
    @vaderashyam7207 Год назад +3

    Wow Very Nicely Explained In Easy To Understand Manner.
    1 Request can you please show how to implement role based authentication with Spring API Gateway ?

    • @Javatechie
      @Javatechie  Год назад +2

      Yes buddy it's in queue i will upload soon

  • @suresh1250
    @suresh1250 5 месяцев назад +1

    Thank you very much for providing such a detailed explanation. Your video is undoubtedly superior to paid courses that tend to overcomplicate things and stretch on for more than 8 hours.
    I have a question: If I were to call Swiggy or a restaurant service directly, bypassing the gateway or discovery service, how would I handle authentication?

    • @vivekbansal-bc9eg
      @vivekbansal-bc9eg Месяц назад +1

      you can't but you can make that api endpoint in api gateway itself

  • @sahilpatel2885
    @sahilpatel2885 Год назад +1

    I had been waiting for this topic for long time. Finally wait is over.

  • @aadiraj6126
    @aadiraj6126 Год назад +2

    Hey Basant Anna, this is awesome 👌thanks for such a smooth flow..its really a very complex topic & nightmare for interview candidates.

  • @erichhc9698
    @erichhc9698 Год назад +2

    I've been waiting this long, thanks java techie greetings from peru😎

  • @ShantanuSharma26
    @ShantanuSharma26 Месяц назад

    Great Video! Need some more info : How do we avoid scattering secret? it can be stolen from code repo. How will the services be talking to each other? How will they get the token? Also how to enable HTTPS with proper handling of secrets.

  • @aryanaryan9759
    @aryanaryan9759 Год назад +3

    Much waited ❤ Thank you sir for your wonderful teaching and the knowledge your sharing .

  • @monikaraut5266
    @monikaraut5266 Год назад +2

    I am new to microservices & your videos helped me a lott🙌🙌 also can you please tell me, what should I use for role based authorisation in microservices.
    I am working on project which is a web portal for sanctioning government applications, It has user & admin as roles.
    Please guide🙌

    • @SmitBudgetalizer
      @SmitBudgetalizer Год назад

      I am working on jwt token microservices.
      How to logout user or expire token imediate?

  • @Akash-tq1ui
    @Akash-tq1ui Год назад +4

    Hi Basant ,
    Very useful tutorial however I have one doubt, In production when the token is generated by passing a valid username and password it should automatically pass the token to the gateway right but here I saw that you are manually passing the token to the gateway through Postman for accessing microservices, My question is how we can automatically pass the token to the gateway for accessing microservices when the token is generated

    • @Javatechie
      @Javatechie  Год назад +2

      Your question is genuine but this automatically stuff needs to handle from UI not from the backend

    • @Akash-tq1ui
      @Akash-tq1ui Год назад

      @@Javatechie ok thank you!

  • @naidu12341
    @naidu12341 5 месяцев назад +1

    No words Mind Blowing

  • @andywang4189
    @andywang4189 Месяц назад +1

    Quite informative, thanks!

  • @Mohamed-uf5jh
    @Mohamed-uf5jh 8 месяцев назад +1

    Thanks Sir , Good explanation, your course was clear and understandable.

  • @kevinameda2711
    @kevinameda2711 10 месяцев назад +1

    Thank you for such an awesome lecture. We many of us benefit from such work. Continue teaching brother

  • @giansiccardi6151
    @giansiccardi6151 3 месяца назад +1

    bro you helped me a lot, thank you very much and greetings from Argentina

  • @Full-Stack-Project
    @Full-Stack-Project Год назад +1

    Nice video we learn couple of thing related to microservices and spring security ❤❤❤

  • @umeshchandra6201
    @umeshchandra6201 Год назад +1

    Excellent Explanation. this is the Video i was looking for. thanks

  • @kaushikmitra1982
    @kaushikmitra1982 Год назад +1

    Awesome explanation !!! Really i feel that you are one of the most amazing solution architect !!!

    • @Javatechie
      @Javatechie  Год назад

      Thank you for appreciating buddy. I am just a senior software Engineer not an architect 🤪🤪

  • @berkaybb5733
    @berkaybb5733 Месяц назад

    Nice explanation! Only thing I'm concerning is that why did you filter and authenticate user in gateway directly rather than routing to IDENTITY service and authenticate?

  • @gopisambasivarao5282
    @gopisambasivarao5282 Год назад

    Thanks so much Basant. Appreciate your efforts. I am learning lot from your videos. Waiting for more videos.

  • @rachidbenkitou9023
    @rachidbenkitou9023 9 месяцев назад +1

    Good explanation, your course was clear and understandable.

  • @jh_super_soccer
    @jh_super_soccer Год назад +1

    This is what, I was waiting for ,Very Helpful for me

  • @milanfaizal
    @milanfaizal 11 дней назад +1

    Awesome video.

  • @roshanpatro5777
    @roshanpatro5777 Год назад +1

    Fantastic video and an outstanding explanation ❤‍🔥. Thank you so much!!!

  • @pranoydas9654
    @pranoydas9654 Год назад +1

    In Gateway service, can you please show us role based authentication. You just showed authentication part but not authorisation. Please show us. It’s very important

  • @vaishali1843
    @vaishali1843 Год назад +1

    1:11:00 The rest call from gateway to auth service is not working. It is throwing an error saying cannot call from java.lang.illegalstateexception: block()/blockfirst()/blocklast() are blocking, which is not supported in thread reactor-http-nio-1. Please let me know if someone can help in this

  • @dhirajchavan8364
    @dhirajchavan8364 Год назад +1

    Thanks!! Helpful for basic understanding.

  • @faixan13
    @faixan13 7 месяцев назад

    finally someone addressed this scenario with proper explanation. Thanks as always.
    one question that if auth service also has to pass through api gateway and we didn't add filter param in gateways routes for auth service then why we are checking those urls through validators in authentication filter ? because request will never land on filter in case of /register and /token api

    • @Javatechie
      @Javatechie  7 месяцев назад

      No usually we should do a rest call to identify service from gateway to validate and get token but here to avoid that I have directly used jwt logic in gateway that's why it's confusing for you

    • @faixan13
      @faixan13 7 месяцев назад

      ​@@Javatechie but that rest call we are doing lately when all the checks are true before that. I am talking about that "if" condition in start (validator.isSecured.test(exchange.getRequest())) {
      because in this condition we are checking /register and /token urls to bypass the token check and according to implementation when we will call register or token it would never land on Authentication Filter.
      let me know if I am missing something still.

    • @Javatechie
      @Javatechie  7 месяцев назад

      That's correct right. In the filter we had token validation logic right? So when i don't want to authenticate the user for the first time login then why do you want this to be delegated to filter what is the sense here ?
      Let me know if I understand your concern correctly. If not please drop an email to javatechie4u@gmail.com

    • @faixan13
      @faixan13 7 месяцев назад

      @@Javatechie no I dont want to authenticate for the first time.
      I am just saying that, main if condition is of no use when we will call /register or /token , it does not matter if the condition is there or not.
      Will email no problem

    • @Javatechie
      @Javatechie  7 месяцев назад

      @@faixan13 okay simple things buddy remove those 2 url from validator don't bypass it and run your app then test . Hope you will get your point.

  • @yuvrajph4754
    @yuvrajph4754 Год назад +1

    Awesome video Bhai.. much needed.. thanks a lot for the content shared. 🎉

  • @serigneibrahimafall6322
    @serigneibrahimafall6322 Год назад +1

    Wonderful and clearly explained. I want just to know how to access authentication info (principal for example) and how to do authorization if needed in microservices

    • @Javatechie
      @Javatechie  Год назад +1

      Please check the video below 👇 you will get an idea ruclips.net/video/qODoDq5_hAM/видео.html

    • @serigneibrahimafall6322
      @serigneibrahimafall6322 Год назад +1

      @@Javatechie Thanks a lot

  • @kd7944
    @kd7944 Год назад +1

    Wonderful. Thank you very much for sharing

  • @sriramvenky7926
    @sriramvenky7926 Год назад +1

    thanks for giving us this much excellent content and awesome video

  • @MustafaCam-uv5fr
    @MustafaCam-uv5fr 2 месяца назад +1

    great job Sr. does it come with new spring boot verison

  • @RanuMishra-es1xf
    @RanuMishra-es1xf 2 месяца назад

    keep it up good work.

  • @anhtai5332
    @anhtai5332 Год назад +1

    Thank you so much. Can you do a video share how to config authorization with JWT in microservices ?

  • @pvsree
    @pvsree 11 месяцев назад +1

    Explained very well. My doubt is if there are 100s of microservices all the call will go through API gate way and the auth Service, how to handle API gateway or auth service failure ?

    • @Javatechie
      @Javatechie  11 месяцев назад

      You need to handle it through DR . In microservice world 🌎 no guarantee of 0 downtime

    • @pvsree
      @pvsree 11 месяцев назад

      @@Javatechie thanks

  • @vamsikrishna8643
    @vamsikrishna8643 10 месяцев назад +1

    Nice work man, please implement the swegger this application which is used for api documentation, thanks in advance

  • @adanali3652
    @adanali3652 Год назад

    You are super talented man.clear explanation .Thank you

  • @huetzinc
    @huetzinc 4 месяца назад

    13:44 Comienza a crear el proyecto identity-service (lo hace desde el Spring initializer de su IDE IntelliJ)

  • @AvinashJ21
    @AvinashJ21 4 месяца назад +1

    Thank you so much !!
    But how can we restrict direct access to individual microservices

    • @Javatechie
      @Javatechie  4 месяца назад +1

      Only one way to avoid exposing them

  • @RustemReizov
    @RustemReizov 9 месяцев назад +1

    My English is poor. Maybe you talked about this. I understood correctly that in a real project we do not need to create a method for validating tokens in the identity service, because validation needs to be implemented only in Spring Gateway?

    • @Javatechie
      @Javatechie  9 месяцев назад

      We can keep it in the gateway that's what I did in this video but it's a bad practice because the key thumb rules of microservice is to segregate functionality to different modules so if I keep security and routing in the same application then it violates the principle isn't it?

  • @damumahendar
    @damumahendar 10 месяцев назад +1

    Excellent work , but the website u use for getting the secret is not working any more . so people are suffering to get the secret and cant able to use the full potential of the work you have done here . pls give an alternative way to get secret from else where . i was suffering for a week for validating JWT and routing . this came as a life saver . Thanks much for a fablous work . i would like to do a donation . if u have any payment portal pls let me know .

    • @Javatechie
      @Javatechie  10 месяцев назад

      Ohh is it , the last time I tried it works since these are open-source we can't predict from any website will check alternative and update in thread

    • @damumahendar
      @damumahendar 9 месяцев назад +1

      Hi @@Javatechie , Appreciate you're reading the comments . if you make shorts for generating the secret please share the link here and the spring security video description .

  • @AmitBenShimon
    @AmitBenShimon Год назад +2

    why did you copy the code of "/validate" to gateway? It's useless now in the identity-service if you run this piece of code from the gateway

    • @Javatechie
      @Javatechie  Год назад

      Rather than doing another rest call to identity service i have used it in gateway itself

    • @AmitBenShimon
      @AmitBenShimon Год назад +1

      @@Javatechie i get that, but if this was the goal all along, then why did we implement this in the id-service to begin with? I want to avoid duplicate code.

  • @shahidmdghouse
    @shahidmdghouse Год назад +1

    Your explanation is amazing. Learned lot of concepts with this practical example.
    I have a request hope you would look into it. I need to integrate same service and gateway with AWS cognito as auth service. Possible to do one video on this. ?

  • @udayreddy9619
    @udayreddy9619 Год назад +1

    Thanks for sharing ❤
    But how can we authenticate based on role.
    Here we can access the whole microservice but how can we access some end points of one microservice and other endpoint for another role.

  • @arnold123user
    @arnold123user Год назад +1

    since springboot 3.0 you dont have to do @EnableDiscoveryClient annotation. It is enough that dependency is defined in pom.xml

    • @Javatechie
      @Javatechie  Год назад

      I haven't tried , will check and update you

  • @Crazyfactzz123
    @Crazyfactzz123 6 месяцев назад +1

    Thank you for this wonderful video❤️❤️

  • @rajraushan3190
    @rajraushan3190 11 месяцев назад +1

    really helpful, but I have a doubt, what if someone directly access the microservice url by bypassing the api gateway. how to handle that?

    • @Javatechie
      @Javatechie  11 месяцев назад

      How does someone know your URL, if you are sharing then it strictly breaks the microservice contract

  • @rounakmaity4
    @rounakmaity4 3 месяца назад +1

    Excellent Work....Thank you

  • @thammayyaarava2259
    @thammayyaarava2259 Год назад +1

    It was the best tutorial I found on this concept... Thank you sir... And one doubt for authorization we have to call the security service other wise we have to write the security code in Api Gate way itself these are the two possibilities otherwise is there any other best practice is there sir? ..... Open question question for all java developers out there thanks in advance

    • @Javatechie
      @Javatechie  Год назад

      No these are the only 2 options if you are using your own security impl if you are using any third party like keyclok then it's not required

    • @thammayyaarava2259
      @thammayyaarava2259 Год назад +1

      ​@@Javatechiethanks for responding ❤

  • @rahimkhan-fh9dd
    @rahimkhan-fh9dd Год назад +3

    Hey Basant, Once again you delivered nice content which we were looking since long time. I locally setup up and tried it working fine. I have a concern here
    If user directly request to 'Swiggy App' or 'Restaurent Service' then he able to get all details without providing JWT token.
    How secure these 2 apps if user directly send request?

    • @Javatechie
      @Javatechie  Год назад

      Hi Rahim think practically why you will expose swiggy and restaurant microservice endpoints directly to the end user. If that is the case API gateway itself is no use right .
      So we should only expose api gateway endpoints that is how we can force everyone to use gateway with token

    • @sumanthkatapally1697
      @sumanthkatapally1697 Год назад +1

      @@Javatechie Hi that was a great explanation, but I have a question. Is there any way we can secure swiggy and restaurant microservice and use it in gateway as well?

    • @Javatechie
      @Javatechie  Год назад +1

      Again we landed in the same context . If this is your requirement then you should avoid using gateway

    • @rahimkhan-fh9dd
      @rahimkhan-fh9dd Год назад +1

      @@Javatechie We can make secure swiggy and restuarent apps too.
      Currently I am on similar kind of project where we secure each microservices app.
      I will update here later.

    • @sumanthkatapally1697
      @sumanthkatapally1697 Год назад

      @@rahimkhan-fh9dd Can you provide more details. It would be helpful. Thanks.

  • @shivansh7100
    @shivansh7100 8 месяцев назад +1

    Hi Basant, Its really good explanation, I have one doubt, how should we handle @PreAuthorize in our microservices in case we are following this pattern.
    Please do answer me , its really urgent for me.

    • @Javatechie
      @Javatechie  8 месяцев назад

      Hello Shivansh , I am also not sure about your question if we will go with pre Authorize annotations then in every microservice we need to implement security but that's what is not advisable.i am looking into solution will update you once I find

    • @shivansh7100
      @shivansh7100 7 месяцев назад +1

      @@Javatechie thanks

  • @ujjawalk2148
    @ujjawalk2148 7 месяцев назад +1

    Great explanation, but you only cover authentication part dosnt cover authorization , can explain that

  • @three_bachelors
    @three_bachelors Год назад +2

    Hello Sir ,
    In spring data mongodb one annotation is there @Encrypted , How can i use for Encryption with AWs KMS please make a video for this topic
    One more , How to modify RequestBody, response body in Interceptor and pass to controller.

  • @lucienmakutano3574
    @lucienmakutano3574 8 месяцев назад +1

    Thank you for this tutorial... Kudos

  • @inhtruongvu7618
    @inhtruongvu7618 10 месяцев назад

    00:05 Triển khai Bảo mật dựa trên JWT trong microservice bằng Spring Cloud Gateway
    07:12 Hai dịch vụ vi mô, Swiggi Service và dịch vụ nhà hàng, đang liên lạc với nhau thông qua API Gateway.
    21:19 Cần phải viết một phương pháp để đăng ký người dùng, tạo mã thông báo và xác thực mã thông báo
    28:07 Đã triển khai các điểm cuối xác thực và xác thực mã thông báo.
    41:40 Xác định Dịch vụ chi tiết người dùng của riêng bạn để xác thực người dùng
    48:42 Đã hoàn tất triển khai dịch vụ nhận dạng
    1:02:00 Xác thực mã thông báo trong API Gateway
    1:09:10 Triển khai logic xác thực mã thông báo JWT trong Cổng
    1:22:07 Triển khai bảo mật microservice bằng xác thực JWT
    Crafted by Merlin AI.

  • @chandrasekarangengadharan2520
    @chandrasekarangengadharan2520 Год назад +1

    Hi Java Techie, Thanks, you have covered the Authentication part, if you could add Authorization part ,it would be great.

    • @Javatechie
      @Javatechie  Год назад

      I am looking for this solution buddy will update shortly

    • @GauravSharma-ry5qf
      @GauravSharma-ry5qf 9 месяцев назад +1

      @@Javatechie any update on that sir

    • @Javatechie
      @Javatechie  9 месяцев назад +1

      No updates. I did postmortem in Google but didn't find any solution so far . Only one approach available where you need to create microservices specific to Role which is not a good practice

    • @GauravSharma-ry5qf
      @GauravSharma-ry5qf 9 месяцев назад

      @@Javatechie ok thanks

  • @AjayGupta-ob8oe
    @AjayGupta-ob8oe Год назад +1

    Thanks for sharing the knowledge ❤

  • @aziztolearn
    @aziztolearn 4 месяца назад

    Why calling validate endpoint from auth-service(identity-service) was bad idea? I don't understand.

  • @saikrishna4661
    @saikrishna4661 4 месяца назад

    Hello Can I directly come to this video withOut watching your previous videos of springSecurity?

  • @nirmesh44
    @nirmesh44 Год назад +1

    The best explanation

  • @anmolvanced3262
    @anmolvanced3262 10 месяцев назад

    I didn’t understand the need of spring security dependency in identity service, ok you are using auth manager and user details service but it you are permitting all requests for them other then that req no req will come … tue validation of jwt token can be done only with jwt dependency.. correct me if i am wrong

  • @supun_sandaruwan
    @supun_sandaruwan Год назад +1

    superb clear video

  • @romanas7587
    @romanas7587 7 месяцев назад +1

    Loved your explaination ❤❤❤❤

  • @MedAliJelidi
    @MedAliJelidi Год назад +1

    Thank you! but i have a question! is this enough in term of security in my application and how can i add more security layers

    • @Javatechie
      @Javatechie  Год назад

      This is the way to implement in microservice but if you want more secure then better use 3rd party identity providers like okta or keyclok. I already uploaded a video of keyclok using microservice

  • @malam3958
    @malam3958 10 месяцев назад +1

    Thanks for sharing this video.
    I have one question. Do we need of validator.isSecure for endpoints /token, /register, /validateToken? I think no because we are not applying filter for IdentityService then obviously API Gateway will not use the filter. Please correct me I am wrong.

    • @Javatechie
      @Javatechie  10 месяцев назад

      Yes it's required otherwise wise how can we bipass the request. Currently I am not calling identity service api but as per best practices it's good to do rest API call to validate the token hence above URL required to bypass

  • @PatilShantanu-c2t
    @PatilShantanu-c2t Год назад +1

    Thank you, Basant Bhai...

  • @p1262
    @p1262 7 месяцев назад

    Loved the explanations!! But, how can i do a role based authentication, like admin and user for example? I've faced with this question and got stucked. I wonder if you can help me.

  • @hamzabadar7032
    @hamzabadar7032 Год назад

    Great explanation but Authorization concept is missing, can you please add lecture for it as well.

  • @developersatish
    @developersatish 9 месяцев назад +1

    love you bro you are helping so much

  • @C410-u7t
    @C410-u7t Год назад +1

    Let me ask you a question. If, for example, I try to access the restaurant service directly (giving the restaurant service port), that is, without going through Gateway, I will skip the validate token part, right? So the restaurant service isn't protected at all, is it?

    • @Javatechie
      @Javatechie  Год назад

      Then what is the need of the API gateway buddy? If you will directly expose your microservice endpoints to users

    • @C410-u7t
      @C410-u7t Год назад

      ​@@Javatechie The point is, if a hacker knows the port of my services (for somehow), he can easily access them.

    • @omkarprakashbhosale8338
      @omkarprakashbhosale8338 Год назад

      Do you get any solution regarding this

    • @omkarprakashbhosale8338
      @omkarprakashbhosale8338 Год назад

      ​@@Javatechie then how disallow it...?....bcz if somebody knows our port...he can access it

    • @Javatechie
      @Javatechie  Год назад

      Knowing only port how someone can access buddy? We shouldn't expose our microservice endpoints even though it's exposed then we need to implement cross origin so that if the request comes from only api gateway then only allow that.