Part 2. Edge security

 

The first microservice that you built and secured in part 1 is a good way to get started. But in practice, or in a production deployment, the approach you follow in securing a microservice is bit different from what you did in part 1. This part of the book takes you through securing a microservice at the edge (or at the entry point) in a typical microservices deployment. In most cases, microservices are behind a set of APIs that is exposed to the outside world via an API gateway. An API gateway is the entry point to the microservices deployment, which screens all incoming messages for security.

Chapter 3 takes you through the consumer landscape of your microservices and teaches you how to deploy a Spring Boot microservice behind the Zuul API gateway. You’ll also learn how to enforce OAuth 2.0-based security at this gateway. At the end of the chapter, you’ll have an API that is exposed to the client applications via the Zuul API gateway, and the Zuul API gateway will route the requests to the Spring Boot microservice.

Chapter 4 extends the use case that you built in chapter 3 by developing a single-page application (SPA) with Angular. You will also learn how to secure a SPA with OpenID Connect. Then you’ll have an end-to-end use case working. A user can log into the SPA with OpenID Connect, and then the SPA talks to the Spring Boot microservice on behalf of the user via the Zuul API gateway.