Chapter 7. Securing your microservices
This chapter covers
- Learning why security matters in a microservice environment
- Understanding the OAuth2 standard
- Setting up and configuring a Spring-based OAuth2 service
- Performing user authentication and authorization with OAuth2
- Protecting your Spring microservice using OAuth2
- Propagating your OAuth2 access token between services
Security. The mention of the word will often cause an involuntary groan from the developer who hears it. You’ll hear them mutter and curse under their breath, “It’s obtuse, hard to understand, and even harder to debug.” Yet you won’t find any developer (except maybe for inexperienced developers) say that that they don’t worry about security.
A secure application involves multiple layers of protection, including
- Ensuring that the proper user controls are in place so that you can validate that a user is who they say they are and that they have permission to do what they’re trying to do
- Keeping the infrastructure the service is running on patched and up-to-date to minimize the risk of vulnerabilities.
- Implementing network access controls so that a service is only accessible through well-defined ports and accessible to a small number of authorized servers