I'm creating microservices with spring boot using this tutorial
So I have actually 4 microservices:
- eureka-server
- gateway-service (with @zuulproxy)
- auth-service
- gallery-service
Following the tutorial linked, the scenario is:
I can, with success, register and login user on gateway-service using auth-service routes, obtain a jwt token. This token is used on gateway-service to invoke gallery-service routes.
The problem is that only gateway-service implements spring-security. So gallery-service doesn't use the same securityContext and I can't obtain the information about logged user in a gallery-service's controller.
Is this a valid solution or I have to use spring-security in each microservices? In this case, how use the same jwt given by auth-service, in all microservices?
On top this problem, there is the fusionAuth question. In the auth-service, db is simulated with a list. Instead of list, I have to call fusionAuth login API with username and password and get user's token and roles.
I'm new in spring-security world and in general in developing with microservices. Is all this a valid approach?
My purpose is create a mobile application with thousands of users, so I want to develop an efficient and secure way to login them and add more logic on other microservices based on user's role.
Thanks in advance for helping!