As I'm choosing the central user authentication module, I found Jhipster provided uaa and keycloak/okta. In my opinion, keycloak may be more general as it is used by all kinds of applications and can easily integrate with other systems, but uaa seems to be well integrated with other jhipster modules. How can I choose from the two? Thanks!
Related
I'd like to generate with jHipster an UAA like application with the front end and backend in a monolithic application. I'd like to use the uaa Oauth2 server in order to connect with other application. Am i forced to generate a gateway + registry + uaa in order to achieve that?
Nope, in monolith all necessary oauth2 routine services will be there
UAA is not intended to works with monolith application, only in microservices environment.
If you want to have an SSO login with oauth2 I suggest you to generate your monolith with oauth2 option. Then you can choose between both Okta and keycloak.
JHipster provides docker-compose config to run a keycloak with docker (https://www.jhipster.tech/security/#oauth2).
Hope this can help you.
I've setup a POC with the following components:
JHipster registry
JHipster API gateway
2 JHipster microservices
The communication works very well between these components.
Another requirement of my POC is to register an legacy webservice(SOAP or REST not developed with JHipster) in the JHipster gateway.
Is it possible?
I would want to use the API Gateway as a unique entry point for all the clients(external and internal)to access all the webservices of my company.
Thank you.
Two important criteria are service discovery and security.
For service discovery, JHipster offers 2 options: JHipster Registry (Eureka) and HashiCorp Consul. Consul is better suited for legacy apps as it is less invasive because you can use DNS resolution and templates and a sidecar proxy approach.
For security, legacy apps should be able to consume authentication tokens to apply authorizations.
Is there a way to configure JHipster microservice application with the Cloudfoundry UAA?
During generation of microservice application with Yeoman JHipster generator it gives us an option to select UAA application provided by JHipster for authentication. However I don't want to use UAA application provided by JHipster.
I have other applications in cloudfoundry which use UAA instance provided by Cloudfoundry. So I want to configure the same with JHipster.
Any help is appreciated.
Can JHipster gateway work with non-java, non JHipster microservices? Say, by importing swagger.json of the target microsevrice and by making those microservice instances register with jH registry and UAA?
Yes it should work as long as the microservice exposes its swagger spec at /v2/api-docs. The service should register with the JHipster registry probably using Spring Cloud Netflix Sidecar as explained by David Steiman in this article and David is also the man behind UAA for JHipster.
I have setup my Jhipster Uaa server, gateways and others micro services and i want to use #AuthorizedFeignClient annotation for inter-service-communication as well explained here : https://jhipster.github.io/using-uaa/
But i cannot find it into the java source generated(Jhispter Release 3.11.0).
Did i have to copy manually in my project this only 2 classes found in jhispter github generator for the moment ? (because still in beta ?) :
.../client/_AuthorizedFeignClient.java
and
.../client/_OAuth2InterceptedFeignConfiguration.java
Thanks,
Francois
currently the #AuthorizedFeignClient annotation is only available for microservice applications using UAA as authentication type, but not for gateways and UAA server itself!
I guess you were looking for the annoation in the gateway, or the the UAA server.
Why is this like this? For the gateway it is because the gateway already has a couple of responsibilities, so building composite logic in there is not a good idea.
If you generate a microservice (not gateway, not uaa server), you should have the client package in your Java root with this annoatation, as well as some more configurations (feign client config, load balanced resource details...)
You can copy those to your gateway, to make it working there.
You can copy them to the UAA, too. More on that, this even will work, but with some weird fact...when UAA will ask service "foo" for some data, it will first ask the UAA for a client credentials authentication....like performing a query to itself...while it could just access grant it itself. There is no accurate way to do it, but I didn't want to keep it in this uncool way in JHipster, so the annotation is for microservice only.