-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
106 lines (103 loc) · 10.9 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<html>
<head>
<title>microservices-example-auth/README.md at master · manojgulahe/microservices-example-auth</title>
<meta name="google-site-verification" content="xeUZDOizn_V5KgUyDRYRZyLuPLKYQQofGBDqjyPkokE" />
<meta name="description" content="microservices authentication and authorization using consul as service discovery with spring cloud and spring boot - manojgulahe/microservices-example-auth">
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub">
<link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub">
<meta property="fb:app_id" content="1401488693436528">
<meta name="twitter:image:src" content="https://avatars3.githubusercontent.com/u/5054671?s=400&v=4" /><meta name="twitter:site" content="@github" /><meta name="twitter:card" content="summary" /><meta name="twitter:title" content="manojgulahe/microservices-example-auth" /><meta name="twitter:description" content="microservices authentication and authorization using consul as service discovery with spring cloud and spring boot - manojgulahe/microservices-example-auth" />
<meta property="og:image" content="https://avatars3.githubusercontent.com/u/5054671?s=400&v=4" /><meta property="og:site_name" content="GitHub" /><meta property="og:type" content="object" /><meta property="og:title" content="manojgulahe/microservices-example-auth" /><meta property="og:url" content="https://github.com/manojgulahe/microservices-example-auth" /><meta property="og:description" content="microservices authentication and authorization using consul as service discovery with spring cloud and spring boot - manojgulahe/microservices-example-auth" />
</head>
<article class="markdown-body entry-content container-lg" itemprop="text"><h1><a id="user-content-microservices-example-auth" class="anchor" aria-hidden="true" href="https://github.com/manojgulahe/microservices-example-auth/blob/master/README.md"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>microservices-example-auth</h1>
<p>Authentication is main component for microservices architeture. Many different types of architecture is available on internet.
I have implimented it with OAuth and Consul as service discovery.</p>
<h2><a id="user-content-prerequisites" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Prerequisites</h2>
<p>Install Consul on your system. Download consul from <a href="https://www.consul.io/" rel="nofollow">https://www.consul.io/</a>.
Run consul using instruction from website <a href="https://learn.hashicorp.com/consul/getting-started/install" rel="nofollow">https://learn.hashicorp.com/consul/getting-started/install</a>
Also need to install mongodb as database.</p>
<h3><a id="user-content-create-database-in-mongodb" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Create database in mongodb</h3>
<p>Create oauth-db in mongodb
Create collection as authClientDetails
Insert following document</p>
<pre><code>{
"clientId": "browser",
"clientSecret": "$2a$10$fWNTd3H.u7G/aNROVQSifebOkZ2xzU5nUPOCI2Ld42M8E25/ljJqK",
"scopes": "ui",
"grantTypes": "refresh_token,password,client_credentials"
}
{
"clientId": "account-service",
"clientSecret": "$2a$10$fWNTd3H.u7G/aNROVQSifebOkZ2xzU5nUPOCI2Ld42M8E25/ljJqK",
"scopes": "server",
"grantTypes": "refresh_token,client_credentials,password"
}
</code></pre>
<p>Create collection as user
Insert following document</p>
<pre><code>{
"activated": true,
"authorities": ["ROLE_USER"],
"password": "$2a$10$fWNTd3H.u7G/aNROVQSifebOkZ2xzU5nUPOCI2Ld42M8E25/ljJqK",
"username": "randomuser"
}
</code></pre>
<h2><a id="user-content-description-of-component" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Description of component</h2>
<p>ZuulServer -- gateway for all services. You have access services from gateway only. In real environment you will face CROS issue because all services are running on different ports. Gateway resolve that issue
AuthService -- It is a OAuth server which will authenticate and authorize user using spring security.
AccountService -- It is a Resource server. All other service will be resource server.</p>
<h3><a id="user-content-execution-steps" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Execution Steps</h3>
<ul>
<li>Start Consul server</li>
<li>Run Zuul service</li>
<li>Run Auth service</li>
<li>Lastly Run Account service</li>
</ul>
<h4><a id="user-content-zuul-service" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Zuul Service</h4>
<p>This only work as gateway. Application.yml file contains routes which is very important part it will forward to service disovery. And service discovery will take route your request to runing services. You can run mutiple authservice and account service. Service discovery(consul) will take responsibility to route request to correct service.</p>
<h4><a id="user-content-auth-service" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Auth service</h4>
<p>This is authentication and authorization server. It will create a token and store it into database. All properties stored in bootstrap.yml because it will load before application start. Health check up api is require for consul. It used by consul for heart beat check else consul conside service is down.</p>
<h4><a id="user-content-account-service" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Account Service</h4>
<p>This is resource service. As per OAuth flow if you want to access resource servers you need OAuth token. Authorization flow is used in this example.</p>
<h3><a id="user-content-api-flow" class="anchor" aria-hidden="true"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>API Flow</h3>
<pre><code>Post API
http://localhost:8081/uaa/oauth/token
Form submission
grant_type : password
username : randomuser
password : 1234
To generate token.
Respose will be like
{
"access_token": "fb5e13a7-e41e-4dc4-8ec9-6ed6db69c30c",
"token_type": "bearer",
"refresh_token": "2587af85-72da-426a-a4e1-babb1b71f2ac",
"expires_in": 42910,
"scope": "server"
}
</code></pre>
<pre><code>Post API To create User
http://localhost:8080/accounts/
Header
Authorization: Bearer fb5e13a7-e41e-4dc4-8ec9-6ed6db69c30c
Body
{
"username":"NewUser",
"password":"1234"
}
Respose will be like
{
"id": "5eb65fd5ecef38584d967aaf",
"username": "NewUser"
}
</code></pre>
<p>This api internally calls auht service for user creation. As we have used oauth sso resouce server with FeignClient will
relay token to calling service. Used EnableOAuth2Sso annotaion in resource server.</p>
<p>It also have one more API</p>
<pre><code>Get Current user
http://localhost:8080/uaa/user/current
Header
Authorization: Bearer fb5e13a7-e41e-4dc4-8ec9-6ed6db69c30c
</code></pre>
</article>
</html>