3

We have one monolithic application having more than 10 services like user management, fleet booking, feedback and etc developed on spring rest.

We want to migrate to Microservices(Spring Boot + Cloud + Netflix OSS).

Below are my questions : How can we implement security for all our rest services (with own user database)? How to implement api gateway from security stand point ?

PKumar
  • 516
  • 9
  • 20

1 Answers1

3

This is a bit wide question to be asked, but here is a solution from my experience. If you have your own user/pass db then apply spring security, include spring security in every micro service, spring security in each one will query the DB that you have for user/pass and the session, when user authenticates. This way all services will be secured.

Oauth2 is another solution

Check this links too: https://spring.io/blog/2015/10/19/springone2gx-2015-replay-securing-microservices-with-spring-cloud-security

https://spring.io/blog/2014/11/07/webinar-replay-security-for-microservices-with-spring-and-oauth2

Adelin
  • 18,144
  • 26
  • 115
  • 175
  • Thanks Adelin for quick response. Actually I am looking for some security token to be passed for every services. Like my own auth service will give the token and for subsequesnt rest call I will pass the token. My question is how to do it ? – PKumar Jul 28 '16 at 07:42
  • 1
    I think Oauth is the answer, oauth works in token ... – Adelin Jul 28 '16 at 08:30