1, authentication and authorization is done in each resource server in the security architecture of the micro-services, so there are a lot of limitations. It is not conducive to expansion.
Under the micro-service architecture should be at this level zuul gateway to unified treatment
Create a gateway service
I have configured the access appears on 401, because you access it requires you to have access rights will have this problem
Second, the simple analog gateway
Three filter
Use pre executed before
logic
tokenInfo put in a request
2, the filter audit
Logging, the execution order is 2
3 Authorization filter
Second, based on the gateway and JWT process rights Oauth2
2.1 authentication server in the transformation of use jwt
Use the keys, more secure
key generation
keytool -genkeypair -alias mvp -keyalg RSA -keystore D:\mvp.key
There are video https
Get the token test
Tamper-resistant but not anti-leak and no one can see inside information
2.2 Gateway server configurations and resources
Database configuration should
Previous filters do not, use Oauth2
The access token release url
orderServer Configuration
API to get the user name in
Get the token test
Default Yes Yes oauth2-resouce
The gateway configuration database, you can access emptied resourceIDs
2.3 Service token passing
price in service
Third, limiting the gateway
Now use the mysql actual use redis
Request by the time quota
