spring-security - Communication between two microservices in JHipster using JWT
问题描述
I'm building a small microservice-based webapp using JHipster with JWT authorization. The Architecture is simple, one gateway and two services with repositories. The problem that I had for the last few hours is the communication between the two backend-services.
At first, I tried to find a token on the services themself, but couldn't find it. If I just missed it in all the docs (quite overwhelming when beginning with the full stack :P), I would be happy to revert my changes and use the predefined token.
My second approach was that each service will authorize itself with the gateway at PostConstruct and save the token in memory to use it each API call. It works without a problem, but I find it hard to believe that this functionality is not already programmed in JHipster.
So my question is whether my approach is usual? If neither is true and there are some best-practices for it, I'm also interested in them.
解决方案
这取决于用例。
对于用户请求,一种常见的做法是:调用服务将其收到的令牌转发给其他服务,而不通过网关起诉@AuthorizedFeignClient。
对于计划作业等后台任务,可以应用您的方法,或者您也可以发布长寿命令牌,只要它们通过角色具有有限权限即可。这样您就不必通过网关。
Keycloak 的离线代币方法也可以激发您的灵感。
推荐阅读
- angular - 如何将动态 XHR 内容动态导入模板?
- php - 使用php在Mysql数据库中存储数据时遇到问题
- sql-server - 如何在 SQL Server 中将二进制转换为整数
- shell - 如何从文件中提取或剪切特定数据?
- typescript - TSLint 不会抱怨缺少导入
- sql - 是否可以以这种格式显示 2 个 SQL 语句的结果?
- jestjs - 如何配置 Jest 以使用 ES5
- windows - Windows C API:wincrypt 和 sspi 有什么区别?
- gdb - 使用 GDB 调试 xinetd 服务
- php - 使用“upload_dir”选项时,Symfony 4“Easy admin”上传目录不会改变