I feel like your explanations are even better than people who have english as their first language lol. You really do have a gift for this!

I love you. Finally the architecture I'm looking for. A lot of tutorial are covering authentication for only one microservice and you are probably the only one that approaches the problem keeping in mind the whole microservice architecture.

Finally found an understandable tutorial about securing a Spring Cloud Gateway microservices architecture! A thousand times thank you sir!

Great Video sir, completely Awesome...Add the role based security through api gateway.

Wow, thank you so much! You’re literally my savior 🙏 This video was a lifesaver and exactly what I needed. Keep up the amazing work! 🎉👏 It would be awesome if you could make a video on implementing microservices with role-based authorization . That would be so helpful!

THIS IS THE VIDEO I WAS LOOKING FOR, THANKS SO MUCH FROM COLOMBIA

Nobody explains like you do..Thank you very much for the video.

Best course available in youtube. Thankfully it is free. Keep up the good work

You saved my day. God bless you. Thanks so much from Mozambique.

Amazing🤩, really like the way you explain and handle everything in a very simple way. thank you!! it helped me a lot.🙏

This is the best channel about Spring and stuffs of all KZbin. Thank you Java Techie.

Actually without your tutorial I couldn't learn easily new things implementation in spring app... You are Guru. Thanks lot.

This is Gold Boss... Thanks a ton for this video.. I lost most of my interview only because of not answering how to security is implemented in micro services question.... Appreciate your efforts.

We need this kind of videos. It is an end to end tutorial for microservices with security + JWT. Plz make videos on real time deployments with microservice architecture.

Thank you so much for clear explain no one will explain like you.

i love you brother, you are the best teacher for learners in this field.

Hi , Boss, Thanks for the video , i am following you since 2018, your videos help me to get move forward .

Thanks a lot. I am looking for security in Microservices architecture. It is one of the best way, you have explained.

I had been waiting for this topic for long time. Finally wait is over.

Waited last couple of month to get solution which you explain about validate and filter the request form spring cloud getway. ##you make my weekend Basant Sir. Thank you Sir

I've been waiting this long, thanks java techie greetings from peru😎

No words Mind Blowing

1:11:00 The rest call from gateway to auth service is not working. It is throwing an error saying cannot call from java.lang.illegalstateexception: block()/blockfirst()/blocklast() are blocking, which is not supported in thread reactor-http-nio-1. Please let me know if someone can help in this

This video is very useful for me . Thank you for your time and explanation

it's awsome,, I was trying to solve this kind of problem and this tutorial helps me a lot. Thank You so much for the video tutorial.

Nice video we learn couple of thing related to microservices and spring security ❤❤❤

Thanks aTon Sir ❤, No one can match your Explanation level 👍

Its a very best content which i ever seen in across youtube .. thanks basant keep it up..

Best video you can find for JWT auth ❤

Searching every where finally got it thanks sir 😀

Grateful for such a wonderful insight on Microservices security. It will definitely help me to improve skills in my projects. Thankyou so much for the efforts. I'm learning a lot from your channel. Awaiting for more interesting videos.

Excellent Explanation. this is the Video i was looking for. thanks

This is what, I was waiting for ,Very Helpful for me

Awesome video Bhai.. much needed.. thanks a lot for the content shared. 🎉

Hi Basant sir, Jwt in microservices explanation is so good. Thank you so much...

Thanks Sir , Good explanation, your course was clear and understandable.

Thank you so much sir for wonderful explanation ❤

Thank you for such an awesome lecture. We many of us benefit from such work. Continue teaching brother

Awesome explanation !!! Really i feel that you are one of the most amazing solution architect !!!

Bro, thank you!!! God bless you!!!

Hey Basant Anna, this is awesome 👌thanks for such a smooth flow..its really a very complex topic & nightmare for interview candidates.

bro you helped me a lot, thank you very much and greetings from Argentina

Thanks so much Basant. Appreciate your efforts. I am learning lot from your videos. Waiting for more videos.

Wooooow.... i seached a lot for this kind of scenario but i did not find and in so many interviews i faced this question and got stucked. A million thanks basanth.... it helps us a looooot......👏👏👏🤝🤝🤝🙏🙏🙏 Thanks you so much Next Please do videos on TESTING(mockito) microservices end to end and GLOBAL EXCEPTIONAL HANDLING (please think about it)

Good explanation, your course was clear and understandable.

Much waited ❤ Thank you sir for your wonderful teaching and the knowledge your sharing .

thanks for giving us this much excellent content and awesome video

Wonderful. Thank you very much for sharing

Hello sir. there is api still open for each microservice. like calling the order in it's own microservice with port like localhost: 8082 then api is open . if anyone can call that api wihout gateway and security then what is the usage of jwt ???

Thanks!! Helpful for basic understanding.

It is authenticated only when it routes through the gateway. But the end point for the micro services are still open how to secure that?

You have one of the best educational channels out there. I would love to give you a constructive opinion: It would be great if you could change your microphone into something clearer, like what the java brain and Navin have. Trust me, it makes a huge difference.

You are super talented man.clear explanation .Thank you

00:05 Triển khai Bảo mật dựa trên JWT trong microservice bằng Spring Cloud Gateway 07:12 Hai dịch vụ vi mô, Swiggi Service và dịch vụ nhà hàng, đang liên lạc với nhau thông qua API Gateway. 21:19 Cần phải viết một phương pháp để đăng ký người dùng, tạo mã thông báo và xác thực mã thông báo 28:07 Đã triển khai các điểm cuối xác thực và xác thực mã thông báo. 41:40 Xác định Dịch vụ chi tiết người dùng của riêng bạn để xác thực người dùng 48:42 Đã hoàn tất triển khai dịch vụ nhận dạng 1:02:00 Xác thực mã thông báo trong API Gateway 1:09:10 Triển khai logic xác thực mã thông báo JWT trong Cổng 1:22:07 Triển khai bảo mật microservice bằng xác thực JWT Crafted by Merlin AI.

Looks really simple, just as I used to implement the JWT service in a monolithic way, but porting everything to a new independent webservice to validate JWT to access any endpoint without compromising the other webservices.

Thank you for this wonderful video❤️❤️

Awesome videos. Hats off to you in explaining it in a very simple and easy manner. One question. May I know if we have a requirement to secure our swiggy and restaurant service endpoint and grant access based on role, then how we can achieve this requirement .

Thank you for this tutorial... Kudos

Excellent Work....Thank you

Thanks for sharing the knowledge ❤

Wow Very Nicely Explained In Easy To Understand Manner. 1 Request can you please show how to implement role based authentication with Spring API Gateway ?

Fantastic video and an outstanding explanation ❤‍🔥. Thank you so much!!!

Quite informative, thanks!

superb clear video

Loved your explaination ❤❤❤❤

Thank you, Basant Bhai...

instead of completely using spring cloud stack we can make this more OSS (open source stack) like every micro service is containerised (dockerised) then use KONG as API gateway. this way we can make the configuration more simple and reduce tight coupling.

The best explanation

This Video is really helpful, Pls. Can you cover Role base authentication and Authorization on the individual microservices?

finally someone addressed this scenario with proper explanation. Thanks as always. one question that if auth service also has to pass through api gateway and we didn't add filter param in gateways routes for auth service then why we are checking those urls through validators in authentication filter ? because request will never land on filter in case of /register and /token api

In the gateway service when we create authfilter is good to copy default methods and paste them or memorize them bc there is a lot methods? at 59:52 onwards

Hi Basant , Very useful tutorial however I have one doubt, In production when the token is generated by passing a valid username and password it should automatically pass the token to the gateway right but here I saw that you are manually passing the token to the gateway through Postman for accessing microservices, My question is how we can automatically pass the token to the gateway for accessing microservices when the token is generated

Could you explain me : Client -> Security Service (GenerateToken) -> API Gateway -> MicroService1 (validate JWT) this flow is fine . What happen we request come directly to Client-> Microservice1 . How to check JWT for each endpoint.

Just what I needed. 👍

you're really amazing thank you so mutch

Thank you so much great video. Just wanted to mention that oauth 2.1 removed the password grant type so a generated client_credentials would be a better option, and would like to see an updated video on that implementation.

Awesome video.

Wonderful and clearly explained. I want just to know how to access authentication info (principal for example) and how to do authorization if needed in microservices

You're a life saver!

Thank you very much for providing such a detailed explanation. Your video is undoubtedly superior to paid courses that tend to overcomplicate things and stretch on for more than 8 hours. I have a question: If I were to call Swiggy or a restaurant service directly, bypassing the gateway or discovery service, how would I handle authentication?

Great job

well explained concepts, thank you

If I want to add userId to the order table as a primary key then how can I get the current logged-in user so that I can take the user credential then take userId and place it into the order table?

i have a question, what if i have 3 microservices (agency -> service -> activities ) and i want to get all activities from the services that an agency offers, do i need to ask for the token 3 times?

Hi, You've integrated an identity security service with your API Gateway (running on port 8080) and secured it with authentication via tokens. The API Gateway is working perfectly with token-based authentication. However, the issue is where the individual microservices (on ports 8083, 8084, etc.) and even the security service (on port 9898) itself are still accessible directly, without any authentication. What’s the best way to ensure these services are secured, not accessible directly without tokens, and can only be accessed through the API Gateway? I’ve found suggestions like blocking the ports in Kubernetes, but this approach doesn’t seem scalable when auto-scaling is in use. Any insights or recommendations would be greatly appreciated. Thanks!

why did you copy the code of "/validate" to gateway? It's useless now in the identity-service if you run this piece of code from the gateway

Nice detailed video..

may i know why feign cannot use within the custom filter,i had issue that my feign is null

Thank you! how is it going if i have the UserData in an other service, is there any video with this case ?

Thank you! but i have a question! is this enough in term of security in my application and how can i add more security layers

Hi @javatechie I have a question. What is i dont want to validate the token in cloud-gateway. every request which is coming to gateway and cloud-gateway has to call identity-service to validate the token and send back to cloud-gateway and based on the response it will call the endpoint or throw an exception. Is it possible ??

love you bro you are helping so much

is there any way to get the exact exception message in response ? in gateway

keep it up good work.

how spring cloud check that request came from web or mobile app and executes corresponding version of RequestMapping method. can you please clarify my query?

Won't the rest template call to identity service will be blocking and will lead to an issue?

Im using gateway automatic locator. How can i exclude my auth-microservice from filters?

Let me ask you a question. If, for example, I try to access the restaurant service directly (giving the restaurant service port), that is, without going through Gateway, I will skip the validate token part, right? So the restaurant service isn't protected at all, is it?

What if user tries to access the microservices endpoint directly bypassing the api-gateway if endpoint for microservices is exposed to the user in any way. How to secure it.

When i am trying to access through post man with identity service routes via gateway its giving me like "An expected CSRF token cannot be found". I guess my request has not been forwarded from api gateway to auth service. Because its preventing me due to spring security impl in api gateway. When i try to access it from a browser it redirects me to login page. What is the issue ?