Tutorial. Spring Cloud API Gateway security with JSON Web Tokens

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello my name is and I am a lead software engineer at Oriole in this video tutorial I want to show you how to secure your microservices architecture with Json web tokens you'll learn how to implement token authentication mechanism to authorize and verify users in the system one [Music] let's develop a maven Java project first it will be a root folder for all of our microservices we create the first microservice called Discovery service to connect all other services it will check and discover any available service and tie it to the whole system once we add a discovery service module it appears in our root project folder and root palm.xml file [Music] now let's configure our servers by adding an application.yaml and putting a couple of simple configs specific to the Discovery service in the palm.xml file we need to inject dependencies that will make our microservice a discovery service we'll use spring Cloud starter Netflix Eureka server which is the main dependency we need here it will provide us with a discovery functionality foreign our main class by adding two annotations spring boot application and enable Eureka server [Music] [Music] we rename the main class to Discovery service and running to see if it works properly [Music] when the discovery service starts you can go to the localhost 8761 and see a default spring Discovery service dashboard including all the microservices registered with the Eureka service [Music] step two now let's add a config service it's a basic service for microservices infrastructure that will hold all the configurations for our services [Music] foreign to add a new module config service go to palm.xml and inject the required dependencies spring Cloud config server and spring Cloud starter Netflix UV client now all Maven servers are downloaded [Music] let's set up our config service by adding the application.yaml file here we Define what port we want the config service to run on and the URI where the actual integration will be stored we also add a bootstrap.yaml file to store additional configuration it will be the same for other microservices [Music] let's update the main class and add the following annotations spring boot application enable Eureka client and enable config service [Music] rename the main class and run it as you see it fails however that's fine we are going to solve this problem step 3 here's the case related to the URI where a config file is stored we need to use an existing git repository you can create any public repository and upload a simple application.yamla file with the relevant configuration it says to the config service where the discovery service is located so it can locate it and register itself we need a URL for this git repository to replace it with the URI we have in our application.yaml file in the config service foreign it and look at how it starts let's run both services you should always start with the discovery service [Music] [Music] as you see in the logs our microservices are now connected [Music] let's move forward step 4 the next step is to create the our service create a new module and add the required dependencies they are spring boost starter web alarm book spring Cloud starter Netflix Eureka client spring Cloud config server [Music] and a couple of dependencies related to the building JW tokens [Music] import them [Music] [Music] now check the name of a main class our service and annotate it with the spring boot application [Music] go to the resources folder and create an application.yaml file name the service as our service and add the JWT secret and expiration [Music] 5. foreign now let's create our project folders controllers and services and JWT utils class in the service folder this class will be responsible for building and validating the access tokens let's quickly fill it up with functionality [Music] add secret and expiration data from the config file [Music] we also need a key class that will hash our JWT string and run the encryption processor foreign [Music] [Music] let's add a couple of methods to make the require gw2 functionality get claims method to extract all the encrypted data from the token [Music] get expiration method to get the expiry date of our token [Music] generate to build our JWT token [Music] [Music] foreign [Music] [Music] we can combine these two methods as it won't make the code unreadable let's do it [Music] step 6 now we add in our service first we need to rename our main class to a house application and create another service as a service class inject a rest template and gwtu tools beans here [Music] let's Implement our register method it will register and save a user to the database in the user service microservice which we'll create later [Music] [Music] the request will come first to the all service using the resting plate then we'll pass execution to the user service and simulate a DB call to save the user [Music] after that return access and refresh token to our newly generated user [Music] thank you [Music] [Music] [Music] thank you let's add user vo a user value object to store user information like ID email password enroll it's the data type rule exchanged with the user service [Music] thank you [Music] [Music] foreign [Music] [Music] [Music] thank you now we have an endpoint that accepts an owls request with user data and passes it to user servers if all is right we get back a user value object entity with an ID that means the user is registered and we can apply an ID to their entity step 7 [Music] let's add a bootstrap.yaml file to the all service [Music] step 8 the next step is to create a user service module let's rename the main class to user application [Music] in the palm.xml file we add the following dependencies spring boot starter wrap lumbar spring Cloud starter Netflix Eureka client spring Cloud config server [Music] foreign [Music] to user application and annotate it with spring boot application [Music] let's also create project folders such as controllers entities and services [Music] and add a user controller class to hold our primary endpoints [Music] we need the same class as in our service a user value object class to hold the return time that will send back to our service if registration is complete [Music] user functionality is stored in user service will Mark the saving GTB as it's not the purpose of this video and focus on the essential functionality [Music] foreign [Music] [Music] here we'll use the date object milliseconds as an ID for the user mock up the save operation and return a user value in response let's quickly add an endpoint in user controller [Music] [Music] foreign [Music] comes to our service to register endpoint it will be passed to the user service controller to save the user let's add application.yaml and bootstrap.yaml files and we are done with user service [Music] [Music] step 9 the next big lift is a gateway service let's create a module Gateway service and inject the required dependencies spring Cloud starter Gateway spring Cloud starter Netflix hysterics spring Cloud starter networks urea client and a couple of libraries related to JW tokens all requests will first come to a Gateway so we must validate tokens [Music] rename the main class to Gateway application and annotate it with spring boot application and enable Eureka client create an application.yaml file and put the configuration here name the application we also need a JWT secret and expiration in this service thank you copy the bootstrap.yaml file from any other microservice to this service [Music] we need a jwtu tools class with almost the same functionality as in our service except for building a token method [Music] foreign [Music] [Music] [Music] validator [Music] thank you here we provide Uris that are opened and won't require authentication and a method that will check if the requested endpoint is secured or open to the world [Music] foreign next we add a Gateway config class here we put configuration and enable histrix annotation this class will be responsible for handling all microservices roles it will check to what microservice the request should be passed apply a security filter and then pass the request to the required service [Music] [Music] thank you [Music] for now we put null as a filter object and update this code when the authentication filter is created let's create it [Music] [Music] [Music] [Music] thank you [Music] step 10 authentication filter will Implement Gateway filter so we have to implement a filter method here we will check first if requests should be authenticated foreign we'll add our smithing method that will check for authorization heater in request [Music] [Music] if it's not present we'll return an unauthorized error [Music] if the heater is present we must check the token for validity and expiration [Music] as you remember we have an appropriate method in a JWT YouTube's class that help us to check if the Aus token is valid [Music] foreign step 11. let's clear the error we imported a request class from the wrong package we can update the house Missing Method to check for authorization heater [Music] now it's ready for execution step 12 we must also remove null from a return statement and replace it with a chain dot filter it Exchange the secrets we use are too small and can pose an error as they are not fully secure let's make them longer strings start to run the services one by one remember to start from the discovery service then we'll run a config service foreign service and Gateway service the order doesn't matter here the last one is a user service just keep in mind to run the discovery service at the beginning this is very important let's check the microservices dashboard as you see our Discover service registered all our microservices displayed on the dashboard now is the time to make the first request we execute a register request which is an opened not secure request at the all servers it Returns the tokens in response so our flow is working the logs here show that the request is passed to user service and the response is returned via our service let's add a secure endpoint to the user service so we won't be able to access it without authentication as we did with the registering point let's try it out in a postman [Music] restart the user service and add this request to postman it gets the endpoint to users slash secured [Music] here we see an error it appears that we are not authorized step 13. let's adjust it add an authorization header and use a token we call it in the register response [Music] then execute to get a response as you see everything works as expected note that we get a response only when we provide a valid house heater now our microservices security works perfectly [Music] we hope you find this information helpful stay tuned for our next educational video tutorials

Info

Channel: ORIL

Views: 4,992

Rating: undefined out of 5

Keywords: software, software development, java, spring boot, security, tutorial, API Gateway, Spring cloud

Id: gAQfaExykbU

Channel Id: undefined

Length: 29min 43sec (1783 seconds)

Published: Thu Jun 15 2023