0

I am building an application which I'm intending to deploy on Pivotal Web Services. I want to secure the application using Spring Security. The Security should be role-based, and users should be able to register themselves in my application.

I want the application to work in a stateless way, I know how to handle a "user system" like this when it comes to stateful systems, using sessions, but I am completely clueless to handle this on PWS where you have multiple instances of the same application.

What's the best way to handle this? Do I have to set up an OAUTH2 server for this?

Kristof
  • 1,684
  • 2
  • 23
  • 49

1 Answers1

4

You can use sessions on cloudfoundry. The router actually knows how to handle stickiness using jsessionId. The java buildpack also supports session replication and it's very simple to setup.

The fact that you have multiple instances should not be a problem as long as you use session replication. Take a look at Spring Session as well, it should help you understand how to manage user state.

As per authentication, you don't need to use oAuth2. You can just use BASIC or any sort of authentication supported by Spring Security

If you want to leverage Spring Cloud, take a look at Spring Cloud Security It's very simple to start a resource server and then using @EnableSSO on your applications. I'd recommend a good reading of Spring Security before diving into Spring Cloud Security.

Dr. Syer wrote a phenomenal blog entry on how to secure microservices using the api gateway pattern. <--- READ THIS

It's a lot to take, but it's the kind of question that is not easily answered without requiring some research first.

Vinicius Carvalho
  • 3,994
  • 4
  • 23
  • 29