Part 2 Edge Security

The first microservice that you built and secured in part 1 is a good way to get started. But in practice, or in a production deployment, the approach you follow in securing a microservice is bit different from what you did in part 1. This part of the book takes you through securing a microservice at the edge (or at the entry point) in a typical microservices deployment. In most cases, microservices are behind a set of APIs that is exposed to the outside world via an API gateway. An API gateway is the entry point to the microservices deployment, which screens all incoming messages for security.

Chapter 3 takes you through the consumer landscape of your microservices and teaches you how to deploy a Spring Boot microservice behind the Zuul API gateway. You will also learn in chapter 3, how to enforce OAuth 2.0 based security at the Zuul API gateway. At the end of chapter 3, you have an API that is exposed to the client applications via the Zuul API gateway, and the Zuul API gateway routes the requests to the Spring Boot microservice.

Chapter 4 extends the use case that you built in chapter 3 by developing a single-page application (SPA) with Angular. You will also learn how to secure an SPA with OpenID Connect. Now you have an end-to-end use case working. A user can log into the SPA with OpenID Connect, and then the SPA talks to the Spring Boot microservice on behalf of the user via the Zuul API gateway.