Skip to content

Use Zuul and Spring Security for a global authentication.

License

Notifications You must be signed in to change notification settings

deniswsrosa/zuul-auth-example

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Zuul Auth Example

Use Zuul and Spring Security for a global authentication via the popular JWT token.

Modules

1. auth-center

The service to issue the JWT token.

  • The client POST {username,password} to /login.
  • This service will authenticate the username and password via Spring Security, generate the token, and issue it to client.
2. backend-service

Provide three simple services:

  • /admin
  • /user
  • /guest
3. api-gateway

The Zuul gateway:

  • Define Zuul routes to auth-center and backend-service.
  • Verify JWT token.
  • Define role-based auth via Spring Security:
    • /login is public to all.
    • /backend/admin can only be accessed by role ADMIN.
    • /backend/user can only be accessed by role USER.
    • /backend/guest is public to all.

Run and Verify

1. Compile and package
mvn clean package
2. Start services
java -jar auth-center/target/auth-center-1.0.0.jar
java -jar backend-service/target/backend-service-1.0.0.jar
java -jar api-gateway/target/api-gateway-1.0.0.jar
3. Get tokens
curl -i -H "Content-Type: application/json" -X POST -d '{"username":"doc88","password":"doc88"}' http://localhost:8080/login

You will see the token in response header for user doc88. Note that the status code 401 will be returned if you provide incorrect username or password. And similarly, get token for user admin:

curl -i -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/login

The user admin is defined with two roles: USER and ADMIN, while doc88 is only a USER.

4. Verify

The general command to verify if the auth works is as follows:

curl -i -H "Authorization: Bearer token-you-got-in-step-3" http://localhost:8080/backend/user

or without token:

curl -i http://localhost:8080/backend/user

You can change the token and the URL as need. To sum up, the following table represents all possible response status codes while sending requests to different URLs with different tokens:

/backend/admin /backend/user /backend/guest
admin token (role USER ADMIN) 200 200 200
doc88 token (role USER) 403 200 200
no token 401 401 200

About

Use Zuul and Spring Security for a global authentication.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%