I use jhipster to generate UAA and gateway, but when I access their API interfaces through the gateway, it's like this: “http://xxx.xxx.xxx.xxx:8080/services/uaa/api/account ”, I want to remove the word "services", what should I do?
Please have a look at how to write a custom RouteLocator in Spring Cloud Gateway doc and you may have also to modify GatewayResource and of course frontend code.
Also, you must understand that gateway routing should be determined on something in the incoming request or it will not work for resources which have same path in all services like swagger-ui JSON spec.
Related
We are implementing microservices with JHipster and we have a scenario where we need a specific resource in one of our microservices to be available via Gateway without the need for authorization/authentication.
What sort of configuration should be done in the microservice app or gateway in order to achieve such behavior?
You need to give access to the resource on that microservice, so the resource is accessible from the gateway without authentication.
In you microservice, edit SecuritConfiguration exclude service from .antMatchers("/api/**").authenticated() and add ,for example, .antMatchers("/api/service1").permitAll() line before that.
I created a microservice project with a gateway & stuff, and I've some interrogation on one of the gateway spring property.
I've this one on my gateway's application-dev.yml (also prod):
jhipster:
gateway:
authorized-microservices-endpoints:
app1: /api,/v2/api-docs
I'm suspecting that the 'app1' shall be replaced by one or all my microservices (and maybe the UAA one too), but I don't know what it does.
Any description or insight on it?
Regards,
The jhipster.gateway.authorized-microservices-endpoints config variable controls access to your microservices when requested through the gateway. In the case of the example, only /api (API endpoints) and /v2/api-docs (Swagger docs) are accessible through the gateway for the app1 microservice.
This means if you try to request an API mapping that is not present in the list (such as an actuator endpoint http://gateway:8080/app1/management/info) it will fail. You can still make the request directly to the microservice if you needed to.
By default, all paths are open to any microservice. To secure your apps, you will need to add your microservices to the list and set the accessible endpoints.
In summary, this config lets you reduce the attack surface of your microservices. Here's a link to the related JHipster issue where this was added. You can also find details in JHipster's Gateway documentation.
I had a Soap service which was consumed by another service. Now, our architecture has changed and the consumer has no access to the source Soap service, so we have to adapt our public API, developed with node.js, in order to communicate both services. Something like a bridge between them.
This has to be this way because we can't move the consumer service into the private environment where the Soap service has been placed, and also we can't modify the consumer in order to be able to query REST services.
I've tried to make it work with different libraries, as:
rest-to-soap-mapper To make calls to the Soap service from the API. I've been able to call it but I can't see how the original consumer could call this API as a Soap service.
soapThis is supposed to be a client and a server, and should be able to help me to reach what I want, but when I try to configure it as server, as it is explained in this example, I get some errors...(I just have the wsdl url to configur it).
soap-server It seems that I need to build the service in the API...if I could point to the external Soap service I think it could work...
So do you know any way to 'build' this bridge with any of these tools or any other?
We are splitting rest api monolith into microservices and we encountered following issue
Let us assume the following
project is asp.net mvc, hosted on iis
project is hosted on dedicated server (not a cloud)
monolith rest api had urls defined such as www.domain.com/orders/ www.domain.com/tickets/ etc
When splitting monolith to microservice, ideal situation would be that we end up with
ms1 -> www.domain.com/orders/
ms2 -> www.domain.com/tickets/
Since microservices do not usually correlate with resources this could get messy, for example one microservice could serve more then one resource, or on resource could be served by more then one microservice.
fe.
www.domain.com/tickets/ (ms1)
www.domain.com/tickets/reports (ms2)
or
www.domain.com/tickets (ms1)
www.domain.com/orders (ms1)
What would be solution for this?
Use IIS rewrite to match resource with microservice
fe. GET www.domain.com/tickets/5 via iis rewrite to call -> ticketsms.domain.com/tickets/5
Use API gateway to route request to proper microservice endpoint
fe.
GET www.domain.com/tickets/5 via API gateway to call -> ticketsms.domain.com/tickets/5
So basically the primary goal is to have full rest api apear like
GET www.domain.com/tickets/5
GET www.domain.com/orders/5
POST www.domain.com/orders/
GET www.domain.com/invoices/100
etc
So are iis rewrite and api gateway are the only two options here?
Should microservices be exposed directly to the clients, or should they go trought API gateway. Is API gateway overkill in this scenario?
The API gateway definitely adds value - what you split is your implementation into smaller units (the microservices) - it allows you to manage, monitor and govern the API interfaces centrally as a single unit, separately from the implementation(s).
Exposing individual microservice endpoints might not be easy to manage - for instance, you would need to apply access control policies separately to each.
I am using Spring Cloud ZUUL as gateway to all downstream services.
I now have a NodeJS based service which I also route using Spring Cloud ZUUL and Spring Cloud SideCar.
The NodeJS based service references some static content, images,css and also javascript.
When ZUUL is routing the request to NodeJS via the SideCar, I see the static content and javasript files are not been downloaded.
The url for them points to the host and port of ZUUL instance, instead of the host and port of the actual downstream service. So, it seems like I need to add some configuration to route to the static resources within the downstream app, in this case, NodeJS app or something similar.
Can someone help me with the right way to approach this issue.
active blocking sensitive headers
routes:
node-service:
sensitiveHeaders: Cookie,Set-Cookie