concept follow curl command in category microservice

appears as: following curl commd

Microservices Security in Action

Microservices Security in Action

This is an excerpt from Manning's book Microservices Security in Action.

Assuming that you still have a valid orderId (d59dbd56-6e8b-4e06-906f-59990ce2e330) from a successful request to the POST /orders operation, try to make a GET /orders/{id} request with the preceding token to see whether it’s successful. You can use the following curl command to make this request. Note that the orderId used in the example won’t be the same orderId you got when you tried to create an order yourself. Use the one that you received instead of the one used in this example. Also make sure to replace the value of the token in the Authorization header with what you got in section 2.5.1:

to see more go to 2 First steps in securing microservices

Run the following curl command, which talks to the STS and gets a JWT. You should be familiar with the request, which is a standard OAuth 2.0 request following the password grant type. We use password grant type here only as an example, and for simplicity. In a production deployment, you may pick authorization code grant type or any other grant type that fits better for your use cases. (In appendix A, we discuss OAuth 2.0 grant types in detail.)

to see more go to 7 Securing east/west traffic with JWT

Now let’s invoke the Order Processing microservice with the following curl command with no security token. As expected, you should see an error message:

\> curl -k  https://localhost:9443/orders/11

{"error":"unauthorized","error_description":
         "Full authentication is required to access this resource"}
copy

To invoke the Order Processing microservice with proper security, you need to get a JWT from the STS using the following curl command. This example assumes that the security token service discussed in the preceding section still runs on HTTPS port 8443. For clarity, we removed the long JWT in the response and replaced it with the value jwt_access_token:

\> curl -v -X POST --basic -u applicationid:applicationsecret \
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
-k -d "grant_type=password&username=peter&password=peter123&scope=foo" \
https://localhost:8443/oauth/token

{
"access_token":"jwt_access_token",
"token_type":"bearer",
"refresh_token":"",
"expires_in":1533280024,
"scope":"foo"
}
copy

Now let’s invoke the Order Processing microservice with the JWT we got from the curl command. Set the same JWT in the HTTP Authorization Bearer header using the following curl command and invoke the Order Processing microservice. Because the JWT is a little lengthy, you can use a small trick when using the curl command. First, export the JWT to an environmental variable (TOKEN), and then use that environmental variable in your request to the Order Processing microservice:

to see more go to 7 Securing east/west traffic with JWT
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest