Microservices with Spring Boot, Oauth2 Authorization, Identity Provider, Service Discovery and Docker Containers
Setting an authentication server of its own is much more adopted as a common solution for a service oriented architecture. Since the monolithic application is losing grasp in favor of a microservices architecture, and security being a core part of almost every application, the need to separate its logic in its own application has almost flowed naturally and a separate implementation is nowadays common to many application developers.
In this series of posts, we are going to explore how we can implement a security service that other services can call for their authentication and authorization. We will start by setting a basic application up using Spring Boot, one that will be calling another service dedicated to authorization and authentication. The latter will be using Oauth2 to act as an authorization server; we will dive further by making it an identity provider, by building an authentication process on top of the authorization offered by Oauth2. We will see how we can power our application by using social identity providers such as Facebook and Gmail.
Although the main aspect being addressed here will be web security, we will be exploring, at the same time, some components of a service oriented cloud environment such as data exchange formats (throug data transfer objects - DTOs), a service discovery (using Netflix Eureka) and taking advantage of the latter by using Netflix Feign interfaces for data exchange. We will end by addressing the deployment of the created services through containers namely docker and multi-container deployments with the docker-compose tool.
Ultimately, we want to produce an architecture similar to the one of this web site, which from a business perspective, has five services (as explained in Let's model the business model post):
- A Blogging Service
- A Social / Community Service
- An Authentication Service
- A Shop Service
- A photo sharing application service (developed, a MEAN application)
Below is the list of books that have helped in producing this series:
The source code of this series will be made available on github.
Please have a look at the posts included within series below.
A basic Spring Boot service for a cloud based environment covering routing for both the user interface and the resource server through Oauth2.
Abstracting CRUD Operations to apply the DRY Principles for the Service and DAO Layers
Security configuration for an Authentication Service using a custom UserPrincipal and Mysql
Using Oauth2 to authenticate and handle authorization in the the services of the business domain.
Persisting Oauth2 clients and access tokens to a Mysql database, migrating from access tokens to JWT and using TokenConverter and TokenEnhancer to include more data within the token payload; using JOSE to sign the JWT to be issued.
Using Netflix Eureka in a Spring-cloud based environment for service discovery
Authenticating a Spring Boot Application through an authentication Server through Oauth2, Authorization Code, a custom PrincipalExtractor and configurations.
Using Feign Clients to exchange data between services of the cloud-based Spring Boot Applications through Feign configurations.
Implementing a client credentials grant type for the data exchange using Feign Clients
Exploring the use of data transfer objects for API exchanges and using a model mapper for conversion from an entity to a DTO and vice-versa.
Catching run-time exception using Hystrix
Using social Identity Providers within a Single Sign On Server in a service oriented architecture
Using PrincipalExtractor and AuthoritiesExtractor to extract the user profile from the identity provider's exposed and custom implemented userinfo endpoint
Using a dedicated Spring Boot Application to host other services properties files through the use of profiles.
Using Maven to automate the build of a Spring Boot Application
A docker-compose file for the Spring Cloud based microservices, mysql databases, MEAN components