Another way is to implement a ClientHttpRequestInterceptor or ClientHttpRequestInitializer and pass it to the RestClient. Inside the new class then can set the bearer header.
Great content! In the intro you explaining what the roles are of the api gateway and microservice in relation with the auth server. What if you validate the token via the api gateway, is it still necessary to validate it also via the microservice? If you validate the token with the api gateway then the microservices are not secure right, like what if I make a direct request to a microservice then there is no token validation.
If token validation is only performed at gateway then the infrastructure setup should not allow direct access to downstream Microservices. Some companies implement that way to improve performance. But, if you have to expose APIs directly to other Microservices as well, I recommend to validate the token at Microservice level too.
@@sivalabs Thanks for the clarification! Have you also created a video tutorial on using an API Cloud Gateway as an OAuth2 resource server? I'm currently attempting to implement it myself, but I'm facing issues with CORS, likely because OAuth2 resource servers also have CORS security measures. I attempted to adapt the SecurityConfig file from your order-service for the API gateway, but unfortunately, it doesn't seem to work because my API gateway is a reactive application rather than a servlet.
Hi Siva. Why does your IDE look so cool? Is it the standard theme for IntelliJ IDEA Ultimate? And can I copy that theme on IDEA Community as well? I really want that layout!
@@sivalabsThanks. I noticed u switched from windows to macOS for development. Do you recommend it? I've been wanting to change and buy a macbook pro for quite some time now. For example, my work now I run locally ~ 8 microservices with redis, mysql, kafka in docker. Sometimes I run the angular frontend as well; and Windows struggles with the RAM. Was it amazing for you when u bought a mac?
For reference: Spring Security OAuth 2 Tutorial Series: www.sivalabs.in/spring-security-oauth2-tutorial-introduction/
Thanks for the video! Many things to keep in mind when setting up security for microservices. Learned a lot!
great content. Can you please make more videos on Keycloak and Spring Boot?
Thank you so much❤❤❤❤
Another way is to implement a ClientHttpRequestInterceptor or ClientHttpRequestInitializer and pass it to the RestClient. Inside the new class then can set the bearer header.
Great content!
In the intro you explaining what the roles are of the api gateway and microservice in relation with the auth server.
What if you validate the token via the api gateway, is it still necessary to validate it also via the microservice?
If you validate the token with the api gateway then the microservices are not secure right, like what if I make a direct request to a microservice then there is no token validation.
If token validation is only performed at gateway then the infrastructure setup should not allow direct access to downstream Microservices. Some companies implement that way to improve performance. But, if you have to expose APIs directly to other Microservices as well, I recommend to validate the token at Microservice level too.
@@sivalabs Thanks for the clarification!
Have you also created a video tutorial on using an API Cloud Gateway as an OAuth2 resource server? I'm currently attempting to implement it myself, but I'm facing issues with CORS, likely because OAuth2 resource servers also have CORS security measures. I attempted to adapt the SecurityConfig file from your order-service for the API gateway, but unfortunately, it doesn't seem to work because my API gateway is a reactive application rather than a servlet.
Hi Shiva, Similar to Keycloak is it possible to retain DB data as well? I mean to preserve order and catalog data once created in the DB, thanks
You can define a volume and map it to the path "/var/lib/postgresql/data".
Hi Siva. Why does your IDE look so cool? Is it the standard theme for IntelliJ IDEA Ultimate? And can I copy that theme on IDEA Community as well? I really want that layout!
I am using Intellij IDEA New UI and installed "Atom Material Icons" and using "Dark" theme.
@@sivalabsThanks. I noticed u switched from windows to macOS for development. Do you recommend it? I've been wanting to change and buy a macbook pro for quite some time now.
For example, my work now I run locally ~ 8 microservices with redis, mysql, kafka in docker. Sometimes I run the angular frontend as well; and Windows struggles with the RAM. Was it amazing for you when u bought a mac?