Reputation: 9
secure service-to-service communication in an app generated using JWT authentication
I read the really interesting articles:
http://stytex.de/blog/2016/03/25/jhipster3-microservice-tutorial/ http://stytex.de/blog/2016/09/15/jhipster-3-dot-7-secure-service-communication/
My question is: how can I implement secure service-to-service communication in an application generated using JWT?
I suppose AuthorizedFeignClient annotation is only available for applications generated using OAuth2.
Thanks, Mic
Upvotes: 0
Views: 370
Answers (1)
Reputation: 3145
It depends on how strict you see "service-to-service" communication.
Case 1: "authenticated" is enough or you want to forward the user's permissions (authorities, roles...) to the next service
Then you can use @AuthorizedUserFeignClient to enable token forwarding. Here the first microservice act as the user when making requests to the second microservice.
Case 2: request microservice should have different permissions than the user
In certain situations, you want to have different access control rules, when a request is done by a microservice, not user.
This problem is not trivial and one of the core use cases for the OAuth2 way of microservice security.
Upvotes: 1
Related Questions
- How to get and use authentication token for JHipster Microservice JWT
- How to handle the authentication between microservices when the application originates the call
- Microservices to microservices communication securely
- JHipster: web service without an authentication
- How to secure communication between 2 Spring Boot microservices using OAuth2?
- JWT authentication of jhipster application
- Extending a Jhipster JWT (Spring) monolith application to support impersonation
- JHipster: How to make secure calls to microservices from UAA server with unauthenticated user
- authenticate spring boot app (using jwt) from android app
- Secure REST Api with Spring boot and JWT