Use Zuul and Spring Security for a global authentication via the popular JWT token.
The service to issue the JWT
token.
- The client POST
{username,password}
to/login
. - This service will authenticate the username and password via
Spring Security
, generate the token, and issue it to client.
Provide three simple services:
/admin
/user
/guest
The Zuul
gateway:
- Define
Zuul
routes toauth-center
andbackend-service
. - Verify
JWT
token. - Define role-based auth via
Spring Security
:/login
is public to all./backend/admin
can only be accessed by roleADMIN
./backend/user
can only be accessed by roleUSER
./backend/guest
is public to all.
mvn clean package
java -jar auth-center/target/auth-center-1.0.0.jar
java -jar backend-service/target/backend-service-1.0.0.jar
java -jar api-gateway/target/api-gateway-1.0.0.jar
curl -i -H "Content-Type: application/json" -X POST -d '{"username":"doc88","password":"doc88"}' http://localhost:8080/login
You will see the token in response header for user doc88
. Note that the status code 401
will be returned if you provide incorrect username or password. And similarly, get token for user admin
:
curl -i -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/login
The user admin
is defined with two roles: USER
and ADMIN
, while doc88
is only a USER
.
The general command to verify if the auth works is as follows:
curl -i -H "Authorization: Bearer token-you-got-in-step-3" http://localhost:8080/backend/user
or without token:
curl -i http://localhost:8080/backend/user
You can change the token and the URL as need. To sum up, the following table represents all possible response status codes while sending requests to different URLs with different tokens:
/backend/admin | /backend/user | /backend/guest | |
---|---|---|---|
admin token (role USER ADMIN ) |
200 | 200 | 200 |
doc88 token (role USER ) |
403 | 200 | 200 |
no token | 401 | 401 | 200 |