Microservices Security Using JWT | Spring Cloud Gateway | JavaTechie
Рет қаралды 146,737
Жыл бұрынThis tutorial will guide you How to secure your microservices with with JWT Authentication using Spring Cloud Gateway.
We are going to discuss an architecture in which one microservice will act as a api gateway service which does central authentication, redirect an incoming request to other microservices. The main advantage of this architecture is you can easily add multiple microservices to the system and all authentication, authorization will be taken care from a central unit
#Javatechie #Microservice #Security #JWT
Spring boot microservice Live course Just started (Recordings available)
Hurry-up & Register today itself!
COURSE LINK : javatechie5246.ongraphy.com/
PROMO CODE : Java40
GitHub:
github.com/Java-Techie-jt/jwt...
Blogs:
/ javatechie
Facebook:
/ javatechie
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community ,
you are free to use source code from above mentioned GitHub account
@treefrog9392 Жыл бұрын
I feel like your explanations are even better than people who have english as their first language lol. You really do have a gift for this!
@vedhlikith6252 Жыл бұрын
Best course available in youtube. Thankfully it is free. Keep up the good work
@davidevangelista1774 Жыл бұрын
This is the best channel about Spring and stuffs of all KZfaq. Thank you Java Techie.
@impertator644 Жыл бұрын
I love you. Finally the architecture I'm looking for. A lot of tutorial are covering authentication for only one microservice and you are probably the only one that approaches the problem keeping in mind the whole microservice architecture.
@Javatechie Жыл бұрын
Thank you so much Lukasz for appreciating my work 🥰🥰
@hkkabir2024 8 ай бұрын
you worth millions of like
@aryanaryan9759 Жыл бұрын
Much waited ❤ Thank you sir for your wonderful teaching and the knowledge your sharing .
@cristianlozadapadilla4896 Жыл бұрын
THIS IS THE VIDEO I WAS LOOKING FOR, THANKS SO MUCH FROM COLOMBIA
@MohitKumar-bc1rs 10 ай бұрын
Best video you can find for JWT auth ❤
@sahilpatel2885 Жыл бұрын
I had been waiting for this topic for long time. Finally wait is over.
@roshanpatro5777 Жыл бұрын
Fantastic video and an outstanding explanation ❤🔥. Thank you so much!!!
@sunderkrishnaupreti561 Жыл бұрын
Nobody explains like you do..Thank you very much for the video.
@baleshwariaddula4775 4 ай бұрын
Thank you so much for clear explain no one will explain like you.
@local_super_soccer Жыл бұрын
This is what, I was waiting for ,Very Helpful for me
@manoharanagiaploshan4348 Жыл бұрын
Searching every where finally got it thanks sir 😀
@sivakumar-df9kk Жыл бұрын
Actually without your tutorial I couldn't learn easily new things implementation in spring app... You are Guru. Thanks lot.
@Javatechie Жыл бұрын
Thank you Siva . Keep learning 😃
@dattatraybharde2902 7 ай бұрын
Great Video sir, completely Awesome...Add the role based security through api gateway.
@aadiraj6126 Жыл бұрын
Hey Basant Anna, this is awesome 👌thanks for such a smooth flow..its really a very complex topic & nightmare for interview candidates.
@user-ym6tb5xb2v 9 ай бұрын
it's awsome,, I was trying to solve this kind of problem and this tutorial helps me a lot. Thank You so much for the video tutorial.
@AnilKumar-cc8px Жыл бұрын
Grateful for such a wonderful insight on Microservices security. It will definitely help me to improve skills in my projects. Thankyou so much for the efforts. I'm learning a lot from your channel. Awaiting for more interesting videos.
@Javatechie Жыл бұрын
Thanks buddy keep learning 😃
@erichhc9698 Жыл бұрын
I've been waiting this long, thanks java techie greetings from peru😎
@sunilchandran4u Жыл бұрын
This is Gold Boss... Thanks a ton for this video.. I lost most of my interview only because of not answering how to security is implemented in micro services question.... Appreciate your efforts.
@Javatechie Жыл бұрын
Thank you buddy 🙂
@kevinameda2711 8 ай бұрын
Thank you for such an awesome lecture. We many of us benefit from such work. Continue teaching brother
@naidu12341 3 ай бұрын
No words Mind Blowing
@umeshchandra6201 Жыл бұрын
Excellent Explanation. this is the Video i was looking for. thanks
@kd7944 Жыл бұрын
Wonderful. Thank you very much for sharing
@arundhwajiiith Жыл бұрын
Thanks a lot. I am looking for security in Microservices architecture. It is one of the best way, you have explained.
@Javatechie Жыл бұрын
Glad to hear that😊
@Mohamed-uf5jh 6 ай бұрын
Thanks Sir , Good explanation, your course was clear and understandable.
@dhirajchavan8364 Жыл бұрын
Thanks!! Helpful for basic understanding.
@cd62 Жыл бұрын
Waited last couple of month to get solution which you explain about validate and filter the request form spring cloud getway. ##you make my weekend Basant Sir. Thank you Sir
@Javatechie Жыл бұрын
Thanks buddy 😊. Keep learning 👍
@sriramvenky7926 Жыл бұрын
thanks for giving us this much excellent content and awesome video
@adanali3652 Жыл бұрын
You are super talented man.clear explanation .Thank you
@Full-Stack-Project Жыл бұрын
Nice video we learn couple of thing related to microservices and spring security ❤❤❤
@rachidbenkitou9023 6 ай бұрын
Good explanation, your course was clear and understandable.
@gopisambasivarao5282 Жыл бұрын
Thanks so much Basant. Appreciate your efforts. I am learning lot from your videos. Waiting for more videos.
@truthpath184 9 ай бұрын
Hi Basant sir, Jwt in microservices explanation is so good. Thank you so much...
@TinoReyna1984 5 ай бұрын
Looks really simple, just as I used to implement the JWT service in a monolithic way, but porting everything to a new independent webservice to validate JWT to access any endpoint without compromising the other webservices.
@yuvrajph4754 Жыл бұрын
Awesome video Bhai.. much needed.. thanks a lot for the content shared. 🎉
@Crazyfactzz123 4 ай бұрын
Thank you for this wonderful video❤️❤️
@akumarsingh85 Жыл бұрын
Just what I needed. 👍
@lucienmakutano3574 6 ай бұрын
Thank you for this tutorial... Kudos
@AjayGupta-ob8oe 10 ай бұрын
Thanks for sharing the knowledge ❤
@rounakmaity4 Ай бұрын
Excellent Work....Thank you
@kaushikmitra1982 Жыл бұрын
Awesome explanation !!! Really i feel that you are one of the most amazing solution architect !!!
@Javatechie Жыл бұрын
Thank you for appreciating buddy. I am just a senior software Engineer not an architect 🤪🤪
@PrashantJannu 23 күн бұрын
Thanks aTon Sir ❤, No one can match your Explanation level 👍
@berkslv Жыл бұрын
You're a life saver!
@supun_sandaruwan Жыл бұрын
superb clear video
@romanas7587 5 ай бұрын
Loved your explaination ❤❤❤❤
@user-ko6ds4uo6j Жыл бұрын
Thank you, Basant Bhai...
@user-lz7wx7dg5f 5 ай бұрын
This was Awesome!
@BrilliantMindsZw Жыл бұрын
well explained concepts, thank you
@SupriyaMondal3 Жыл бұрын
Thank you again.
@nirmesh44 Жыл бұрын
The best explanation
@giansiccardi6151 Ай бұрын
bro you helped me a lot, thank you very much and greetings from Argentina
@rathan235 Жыл бұрын
Great job
@IT_Ocean 8 ай бұрын
Nice detailed video..
@vinodhreddy6227 Жыл бұрын
👍 very nice 🙂
@user-vq1po5bv5u 7 ай бұрын
love you bro you are helping so much
@RanuMishra-es1xf 23 күн бұрын
keep it up good work.
@psudhakarreddy6548 Жыл бұрын
Thank you bro 🎉
@AlmustaphaTukurUmar 7 ай бұрын
This Video is really helpful, Pls. Can you cover Role base authentication and Authorization on the individual microservices?
@medAmineRg 7 ай бұрын
very helpful thankyou
@AnandSingh-ke4yy Жыл бұрын
Thanks a lot 🙏
@nachiro_dev Ай бұрын
Thaaaaaaaaaaaaanks man! nice video
@viveksingh-rt4py 5 ай бұрын
Awesome videos. Hats off to you in explaining it in a very simple and easy manner. One question. May I know if we have a requirement to secure our swiggy and restaurant service endpoint and grant access based on role, then how we can achieve this requirement .
@suresh1250 3 ай бұрын
Thank you very much for providing such a detailed explanation. Your video is undoubtedly superior to paid courses that tend to overcomplicate things and stretch on for more than 8 hours. I have a question: If I were to call Swiggy or a restaurant service directly, bypassing the gateway or discovery service, how would I handle authentication?
@ilyababcenco6864 7 ай бұрын
thanks a lot
@pavankumarmantha Жыл бұрын
instead of completely using spring cloud stack we can make this more OSS (open source stack) like every micro service is containerised (dockerised) then use KONG as API gateway. this way we can make the configuration more simple and reduce tight coupling.
@mirarima8877 Жыл бұрын
Could you please explain more about how that works?
@user-pi6wv9jn8j Жыл бұрын
can you please come with your hands on similar like this using KONG.
@AshwaryRajput 7 ай бұрын
Thanks !!
@maheshy5168 Жыл бұрын
Wooooow.... i seached a lot for this kind of scenario but i did not find and in so many interviews i faced this question and got stucked. A million thanks basanth.... it helps us a looooot......👏👏👏🤝🤝🤝🙏🙏🙏 Thanks you so much Next Please do videos on TESTING(mockito) microservices end to end and GLOBAL EXCEPTIONAL HANDLING (please think about it)
@Javatechie Жыл бұрын
I will share the link with what you mentioned which i already uploaded. Even if you can search in the channel it's already there buddy
@Javatechie Жыл бұрын
Exception handling : kzfaq.info/get/bejne/nbael5CZ37PDZnU.html
@Javatechie Жыл бұрын
Mockito testing: kzfaq.info/get/bejne/fs5haq111dmvoZc.html
@vaderashyam7207 Жыл бұрын
Wow Very Nicely Explained In Easy To Understand Manner. 1 Request can you please show how to implement role based authentication with Spring API Gateway ?
@Javatechie Жыл бұрын
Yes buddy it's in queue i will upload soon
@premraj.m 4 ай бұрын
52:00 Auth service integrate with Gateway 56:00 Validate token
@deepakbhagat3772 Жыл бұрын
Thanks a lot. Jai jagarnath
@sadiulhakim7814 7 ай бұрын
Hi sir! I am grateful for this tutorial. In this tutorial you have two client services, one gate way, one security service and you added security in Api Gate. I like the way you did it. But i need to move forward and add some Authorization. Suppose in swiggy service there are some end points what only admin can access and some end points normal user can access. How to apply this type of Authorization. Would you please make second part of this tutorial please? I am following this tutorial and trying to learn. I tried to implement the security directly in the API GATE-WAY service. But that was not easy because gate-way supports webflux not the web.
@ASHISHKUMAR-jh9kw 2 ай бұрын
make use of method level authorization and roles
@Javatechie 2 ай бұрын
Yes I am still not finding any solution for this approach. Will check and update you
@sadiulhakim7814 2 ай бұрын
@@Javatechie Thanks
@sadiulhakim7814 2 ай бұрын
@@Javatechie I saw others using OAuth2 to solve this problem. KeyCloak is one of them.
@anhtai5332 10 ай бұрын
Thank you so much. Can you do a video share how to config authorization with JWT in microservices ?
@ainigma100 Жыл бұрын
Thank you for the great video. What do you think of integrating Datadog into your spring boot applications so that there is a centralized location to view everything related to your applications
@inhtruongvu7618 8 ай бұрын
00:05 Triển khai Bảo mật dựa trên JWT trong microservice bằng Spring Cloud Gateway 07:12 Hai dịch vụ vi mô, Swiggi Service và dịch vụ nhà hàng, đang liên lạc với nhau thông qua API Gateway. 21:19 Cần phải viết một phương pháp để đăng ký người dùng, tạo mã thông báo và xác thực mã thông báo 28:07 Đã triển khai các điểm cuối xác thực và xác thực mã thông báo. 41:40 Xác định Dịch vụ chi tiết người dùng của riêng bạn để xác thực người dùng 48:42 Đã hoàn tất triển khai dịch vụ nhận dạng 1:02:00 Xác thực mã thông báo trong API Gateway 1:09:10 Triển khai logic xác thực mã thông báo JWT trong Cổng 1:22:07 Triển khai bảo mật microservice bằng xác thực JWT Crafted by Merlin AI.
@anupamkumartejaswi9210 Жыл бұрын
Thanks for the tutorial. I was waiting for this. How to handle token expired case.
@filz4461 Жыл бұрын
You have one of the best educational channels out there. I would love to give you a constructive opinion: It would be great if you could change your microphone into something clearer, like what the java brain and Navin have. Trust me, it makes a huge difference.
@Javatechie Жыл бұрын
Thanks Filz , i noted it and going forward i will come with better audio quality. Need to look into rode configuration
@archanasingh3060 Жыл бұрын
@@Javatechie 🎉d o 😢😢😢😮😊😂😅😅😅😅😮😮😮😮😮😅😮fq😢😢😢😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮😮
@Javatechie Жыл бұрын
Archana not getting you
@filz4461 Жыл бұрын
@@Javatechie I think, that's a bot.
@Javatechie Жыл бұрын
Even not getting you buddy. What do you mean by bot
@shahidmdghouse Жыл бұрын
Your explanation is amazing. Learned lot of concepts with this practical example. I have a request hope you would look into it. I need to integrate same service and gateway with AWS cognito as auth service. Possible to do one video on this. ?
@Javatechie Жыл бұрын
Yes I will try that
@vamsikrishna8643 7 ай бұрын
Nice work man, please implement the swegger this application which is used for api documentation, thanks in advance
@tararamgoyal2220 Жыл бұрын
Thank you Basant ❤, this is like rock I really appreciate your time and efforts. Could you please also make a video for swagger in microservices services?
@Javatechie Жыл бұрын
Swagger i have already implemented please check in my microservice playlist
@tararamgoyal2220 Жыл бұрын
@@Javatechie Thanks
@faixan13 5 ай бұрын
finally someone addressed this scenario with proper explanation. Thanks as always. one question that if auth service also has to pass through api gateway and we didn't add filter param in gateways routes for auth service then why we are checking those urls through validators in authentication filter ? because request will never land on filter in case of /register and /token api
@Javatechie 5 ай бұрын
No usually we should do a rest call to identify service from gateway to validate and get token but here to avoid that I have directly used jwt logic in gateway that's why it's confusing for you
@faixan13 5 ай бұрын
@@Javatechie but that rest call we are doing lately when all the checks are true before that. I am talking about that "if" condition in start (validator.isSecured.test(exchange.getRequest())) { because in this condition we are checking /register and /token urls to bypass the token check and according to implementation when we will call register or token it would never land on Authentication Filter. let me know if I am missing something still.
@Javatechie 5 ай бұрын
That's correct right. In the filter we had token validation logic right? So when i don't want to authenticate the user for the first time login then why do you want this to be delegated to filter what is the sense here ? Let me know if I understand your concern correctly. If not please drop an email to javatechie4u@gmail.com
@faixan13 5 ай бұрын
@@Javatechie no I dont want to authenticate for the first time. I am just saying that, main if condition is of no use when we will call /register or /token , it does not matter if the condition is there or not. Will email no problem
@Javatechie 5 ай бұрын
@@faixan13 okay simple things buddy remove those 2 url from validator don't bypass it and run your app then test . Hope you will get your point.
@snahasisghosh6625 9 ай бұрын
Really helpful. But I have couple of questions. You generated auth token in the same module where you register user and authenticate user. Is it a good practice? If I have 50 module that is registered with the api gateway, where should I generate refresh token? What is the best practice and what is best architecture ?
@serigneibrahimafall6322 Жыл бұрын
Wonderful and clearly explained. I want just to know how to access authentication info (principal for example) and how to do authorization if needed in microservices
@Javatechie Жыл бұрын
Please check the video below 👇 you will get an idea kzfaq.info/get/bejne/p7V0oqeimsXMcYE.html
@serigneibrahimafall6322 Жыл бұрын
@@Javatechie Thanks a lot
@kalaiselvankesavel2971 Жыл бұрын
You are such a wonderful guy to share this useful information. Big thank you . When we have feature flag in external file and if you go toggle console and update it , will it change the flag in external file ? Also is there a way I can have some string values instead of Boolean value ?
@Javatechie Жыл бұрын
Thanks buddy 🙂. No toggle switch won't update in file also i don't think we can set any string value for flag
@futbalhight 10 ай бұрын
Thanks a lot. I learn so much with your videos. Question please: How can I check the user's role when the request is executed in the microservice?
@Javatechie 10 ай бұрын
Please check this video and you will get an idea 💡kzfaq.info/get/bejne/p7V0oqeimsXMcYE.html
@jahc007 Жыл бұрын
Thanks so much, it is the Best tutorial ive seen. I have one question. Hoy can I get the current loged user and roles from the servíces to make autorizations
@Javatechie Жыл бұрын
Please check the next video you will get logged in user info but regarding Authorization i am working on it
@huetzinc 2 ай бұрын
13:44 Comienza a crear el proyecto identity-service (lo hace desde el Spring initializer de su IDE IntelliJ)
@monikaraut5266 Жыл бұрын
I am new to microservices & your videos helped me a lott🙌🙌 also can you please tell me, what should I use for role based authorisation in microservices. I am working on project which is a web portal for sanctioning government applications, It has user & admin as roles. Please guide🙌
@user-ks4ji5lr3q Жыл бұрын
I am working on jwt token microservices. How to logout user or expire token imediate?
@salahinrocky5638 8 ай бұрын
Thanks for your informative vidoe, but I one quesiton if some know swiggy-service or restaurant-service end point then he/she can by pass the api-getway and directly call respective service, so how I can ensure that swiggy or restaurant service only accept request from api gateway
@p1262 5 ай бұрын
Loved the explanations!! But, how can i do a role based authentication, like admin and user for example? I've faced with this question and got stucked. I wonder if you can help me.
@hectorcortez7866 Жыл бұрын
Direct to the point, that's the kind of videos I like! But i have a question: Which is the difference between secure microservices with JWT and securing them using Api Key, as you show us in one of your previous videos?
@Javatechie Жыл бұрын
Thanks buddy. In case of api key you need to manually map key with specific service where jwt will be generic no manual mapping required
@hectorcortez7866 Жыл бұрын
@@Javatechie so in terms of best approach JWT would be a posible solution
@Javatechie Жыл бұрын
Yes that's what my understanding
@Akash-tq1ui 9 ай бұрын
Hi Basant , Very useful tutorial however I have one doubt, In production when the token is generated by passing a valid username and password it should automatically pass the token to the gateway right but here I saw that you are manually passing the token to the gateway through Postman for accessing microservices, My question is how we can automatically pass the token to the gateway for accessing microservices when the token is generated
@Javatechie 9 ай бұрын
Your question is genuine but this automatically stuff needs to handle from UI not from the backend
@Akash-tq1ui 9 ай бұрын
@@Javatechie ok thank you!
@hamzabadar7032 Жыл бұрын
Great explanation but Authorization concept is missing, can you please add lecture for it as well.
@udayreddy9619 10 ай бұрын
Thanks for sharing ❤ But how can we authenticate based on role. Here we can access the whole microservice but how can we access some end points of one microservice and other endpoint for another role.
@lucasmolpda 11 ай бұрын
A theoretical/conceptual question: Can we call this security API layer (identity-service) as an internal OAauth server? Since all authentication and authorization features have been delegated to this api for a client to be able to access a "resource server", it looks like a OAuth to me.
@arghyamitra3281 Жыл бұрын
Hi sir , great video . I have one question why we cant use simply OncePerRequestFilter here ? AbstractGatewayFilterFactory forcing many things like some un-necessary Config class , adding WebFlux depenecny even though we not even using any Webflux features .
@srikanthyadav1589 Жыл бұрын
Tq bro. I have one question . in statefull we save session in server side and same thing in stateless we are storing token what is the diff?
@GopalDas-sw6ym 3 ай бұрын
Sir, Thanks for the great content ... sir how can we do role based authentication ? if role is user then user can access respective url and so on . pls suggest.
@TalhaHussain-zy9gw 28 күн бұрын
It is authenticated only when it routes through the gateway. But the end point for the micro services are still open how to secure that?
@vinaygoswami5374 8 күн бұрын
I think we need to implement spring security at service level for each service
@ankushmane2336 Жыл бұрын
Hi Basant, Grateful for such a wonderful insight into Microservices security. I like this video. Could you please add a video on role-based authentication and authorization with the Spring boot microservices? Thank you so much.
@Javatechie Жыл бұрын
Thanks buddy 😊, Yes i am working on that
@ramyal5371 Жыл бұрын
@@Javatechie Appreciated your effort..waiting for the video.
@karthikeyanrm3446 8 ай бұрын
@@Javatechieis this available in the channel ? Please let us know
Java Techie
Рет қаралды 58 М.
Java Techie
Рет қаралды 158 М.
Java Techie
Рет қаралды 110 М.
Spring I/O
Рет қаралды 10 М.
DotNet Core Central
Рет қаралды 32 М.
Java Techie
Рет қаралды 208 М.
Java Techie
Рет қаралды 284 М.
Buy Smart┃Магазин ноутбуков
Рет қаралды 858 М.
lev89k
Рет қаралды 1,6 МЛН
Техно Гарри
Рет қаралды 27 М.
Wylsacom
Рет қаралды 649 М.
Immersed
Рет қаралды 113 МЛН
Brother-live_mob
Рет қаралды 929 М.