JCH
Java Community | Help. Code. Learn.2mo ago
MPFx1

How to implement jwt authentication in microservices

Hello i have spring mvc microservices applications which has: naming server, api gateway, web service and auth service. Auth service has login for generating tokens and registring users in database and rest api for those operations. In web service I have thymeleaf and mvc controllers which can handle login and register form. However I have no idea how to design app so that api gateway could automaticaly verify those tokens for me as auth logic is in separate service same as mvc forms. Could someone describe to me how to design such app? Here is my rest controller 
@RestController
@AllArgsConstructor
public class AuthController {
    private final AuthenticationService authenticationService;

    @GetMapping("/validate-token")
    public String validateToken(@RequestParam String token) {
        if (authenticationService.validateToken(token))
            return "Token is valid";
        return "Token is not valid!";
    }

    @PostMapping("/generate-token")
    public String generateToken(@RequestBody AuthRequest authRequest) {
        String username = authRequest.getUsername();
        return authenticationService.generateToken(username);
    }

    @PostMapping("/register-user")
    public String registerUser(@RequestBody UserDTO userDTO) {
        User user = new User();
        user.setUsername(userDTO.getUsername());
        user.setEmail(userDTO.getEmail());
        user.setPassword(userDTO.getPassword());
        return authenticationService.saveUser(user);
    }
}
 
@RestController
@AllArgsConstructor
public class AuthController {
    private final AuthenticationService authenticationService;

    @GetMapping("/validate-token")
    public String validateToken(@RequestParam String token) {
        if (authenticationService.validateToken(token))
            return "Token is valid";
        return "Token is not valid!";
    }

    @PostMapping("/generate-token")
    public String generateToken(@RequestBody AuthRequest authRequest) {
        String username = authRequest.getUsername();
        return authenticationService.generateToken(username);
    }

    @PostMapping("/register-user")
    public String registerUser(@RequestBody UserDTO userDTO) {
        User user = new User();
        user.setUsername(userDTO.getUsername());
        user.setEmail(userDTO.getEmail());
        user.setPassword(userDTO.getPassword());
        return authenticationService.saveUser(user);
    }
}
8 Replies
JavaBot
JavaBot2mo ago
This post has been reserved for your question.
Hey @MPFx1! Please use /close or the Close Post button above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.
TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.
dan1st
dan1st2mo ago
Are you talking about making sure that no unauthenticated requests get through the API gateway to your application? Or that the API gateway should make sure that the authentication information is sent to the application?
JavaBot
JavaBot2mo ago
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived. If your question was not answered yet, feel free to re-open this post or create a new one. In case your post is not getting any attention, you can try to use /help ping. Warning: abusing this will result in moderative actions taken against you.
MPFx1
MPFx1OP2mo ago
yeah unauthenticated request should by using maybe some filter allow request to pass if user had been authenticated
dan1st
dan1st2mo ago
well if the auth service uses JWTs, the gateway can verify them
MPFx1
MPFx1OP2mo ago
so something like onceperrequest filter?
dan1st
dan1st2mo ago
whatever works for you in the API gateway
JavaBot
JavaBot2mo ago
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived. If your question was not answered yet, feel free to re-open this post or create a new one. In case your post is not getting any attention, you can try to use /help ping. Warning: abusing this will result in moderative actions taken against you.

Did you find this page helpful?