I have created a "customer" microservice with an entity
Then I create that same entity in the gateway:
Do you want to generate this entity from an existing microservice? Y
And I create all the html and js. What I see is that the Angular service goes directly to the Microservice.
private resourceUrl = 'customer/api/customer-xxx';
Should not I call my Gateway and turn to the Microservice?
Thank you.
/api/customer-xxx is the API endpoint of your microservice, /customer/api/customer-xxx is the API endpoint exposed by the gateway which uses application name as a prefix and proxifies requests to the microservice endpoint.
Related
I'm trying to build a microservice architecture. I've learned some benefits of API gateway like: load balancing, invoking multiple microservices and aggregating the results, cache management etc. So I decided to include it in my system.
My question is whether I should implement authorization in gateway layer or separately in each microservice endpoints ? For example authenticating user on gateway and passing user claims in decrypted form to be used in authorization logic to each service call ?
It seems like it make sense and saves processing time to authorize some aggregates before even calling each service. However, authorization logic is really a concern of individual service.
What is your advice ?
each microservices endpoint. implementing the authorization in API gateway will make your system rigid. If at any later stage you have to separate logic for authorization (say, internal user, external user, open api). This will be very difficult to incorporate.
Authorization should happen at each API level.
You can use API Gateway Pattern / API Gateway. Then you can also offload the authentication/authorization responsibility of the microservice. It will be easy for user or developer that is calling the services. API GW support External /Internal GW even. It may support Role base permissions. eg: WSO2 APIM.
You will get below advantages when you have API /MS GW:
An API Gateway is the single point of entry for any microservice call.
It can work as a proxy service to route a request to the concerned microservice.
It can aggregate the results to send back to the consumer.
This solution can create a fine-grained API for each specific type of client.
It can also convert the protocol request and respond.
I am not able to find how to implement swagger when we are implementing Microservice using Moleculer framework, as i am using Api-gateway to parse and map the request and send to specific Node or service using NATS transporter.
Check this OpenAPI mixin for API Gateway: https://github.com/icebob/kantab/blob/master/backend/mixins/openapi.mixin.js
I've set up my new gateway and a microservice for testing purpose.
The microservice has a single entity with only one field.
The gateway recognize the microservice in gateway Tab of the administration panel over the web interface, but in the URL i see /services/test/** .
If i try to use the swagger integrated in the interface the request is generated with the same url.
And i'm getting always error 401.
I didn't find something useful in other questions.
I just want to know how to remove that /services in the URL because the test miscroservice is mapped like : localhost:8080/test/api/tests
I'm using jHipster 6.0.1
I'm using JWT Auth
Everything is build with Maven.
I'm reading about of UAA server, and have one doubt...
If i have a project with microservices (MS), with:
UAA server
MS type gateway (using UAA authentication)
MS type application (using UAA authentication)
I understand that the UAA server, creates User entity in your own database (for example db_uaa), but my doubt is born when i think about the MS gateway.
The MS gateway too creates another User entity in your own database (db_gateway) or the MS gateway no creates User entity in your database (db_gateway), because it uses the UAA authentication.
I hope you can help me to clarify this doubt, thanks.
Users are stored on UAA side only.
The Gateway which supports the client side (i.e., authentication and user-management) will access to users through some exposed UAA services.
If you need to access to the user entity from another microservice, look at the #Feign concept.
Hope this helps.
I have successfully set up both jhipster microservice app and gateway app.
Both are successfully talking to each other.
Now I am building a separate app (mobile app - nativescript) , and am trying to make it talk to
How should I go about it? What all things I need to look its configuration ?
Pls suggest
First, your mobile app must register through the gateway /api/register endpoint.
Second, it must retrieve it's token (if you use JWT) through the gateway /api/authenticate endpoint.
Last, it can then consume the microservice /api/* by adding Authorization to the HTTP request header :
Authorization: Bearer tokenRetrieved