Great content. It would be also great to see, how to integrate this authentication with frontend, I mean for example, how to handle loging. And also how to handle "log once".

Thank you so much to add this requested content

I appreciate the content and the architecture. Thank you for the video. For a better scalability, separation of concerns, security enforcement, I thing you can totaly seperate the gateway with the authentication by making the authentication service an independant microservice.

Hi , can you please make a video on how to integrate both Oauth2 and jwt in a single application

Thanks a lot, very informative, however, I was wondering if the restaurant API had been using a role-based control how do you pass the user role such that the endpoint can only honor the request if the user has the right permission

Thanks to you for adding this. How to configure the cors origin configuration in api-gateway and auth microservice?

What is the industry best practices? Details are passed through header or request body?

very good tutorial, but i have a question. The services is secure if we access it from the api gateway, but it have no secure system when we try access it directly from the service (without using api gateway endpoint). My question, is there any ways to make the services only can be access from the api gateway and can't be access from the service directly. Thank you

Hi, which video has API Gateway details ? not sure I understand AbstractGatewayFilterFactory

Hi, I’m curious to know about your mac experience. Is it good for development? Which MacBook you are using, please? Is it worth to buy? Planning to buy but not sure with performance!! Thanks.

Is it considered a bad practice to set Authentication in the SecurityContextHolder in the API gateway to make it accessible from a controller in another service?

We have Zuul proxy and spring boot 2.1.x and implemented resourceserverconfig adapter. Now we have upgarding to spring boot 3.2.0 and cloud gateway. What is the equalent implementation for resourceconfigadaptor

Hi @JavaTechie, Can you please make a video explaining to prevent direct calls to microservices, we should access the microservices only through the api gateway, and role based authorization in continuation of the spring cloud api gateway | JWT Security video

Hi, But still need to product other micro services right, between micro services communication how to secure? Without using api gate still you can access directly other micro service, it should required security right?

Great tutorial! Although, what is the best way for one to secure the microservices as well? Since they only appear secure when accessed through the gateway, but one does not need to be authorised to access the microservices directly

Hi Brother, I guess we need not do that because when the request is forwarded the SecurityContextHolder object already has user details int it.........after learning from your previous video i implemented the same architecture and tried it

Very useful video , Thankyou😊 I have one doubt if I want to pass userid to microservices how to do that ?

This is awesome

i have checked in the gateway it's not possible to use RouteValidator class "/auth/**" it's not working. would u like to findout the solution

Hi Techie, I really love your content, requesting you to make a series on code review. it will be helpful for everyone

How rolebased authorisation happens witn this architecture..please make a video of it. How any rest end point will give access to only admin or role ?

Hi @Java Techie, thank you for sharing such valuable content. I have a question: could you please help me understand the process of implementing method-level role-based authorization in a Swiggy microservice? While I'd prefer not to use Keycloak, I'm interested in any references or guidance you could provide to achieve this. For instance, I'm curious about effectively utilizing the @PreAuthorize annotation in a Swiggy microservice

Hello , my identity-service is not working properly, after running all service 15' it works. Please show me how to configure that, thank you !

You can make a video to decentralize permissions. For example, if the user does not have permission to access service A, it will be denied.

Thank you, do you have any audit implementation?

Hi Bro, Thank you for This content, and it is very much useful for every java developer. And my question is here restaurant service also authorised service if swiggy service want to call restaurant service like using RestTemplate, how we have to pass the token since the request will directly go to gatway. Is it As you explained in above or any other way?

Hi @Java Techie, Thank you for such great content. Sir, how to handle if api gateway go down? In this conditions I need to create cluster for this. Can you create a video to explain if possible? Thanks for support

is this an excellent idea? pour all the security logic into the gateway which is the busiest service for routing the message that can cause potential bottlenecks for the entire service? and make all sub-microservices open up with as naked? the main job of gateway is routing the messages to the proper microservice. you could implement basic token validation here since it will cut down all unnecessary burdens in earliest point but securityfilter in gateway shouldn't be much heavy like this .

8:30 "why this is crying?" 🤣

Sir, can you make a video of role based authentication like user role , admin role etc ? Using JWT

Awsome javatechie can u implement oauth2 in api gateway ?

U can cover roles to access the rest endpoint

I got the problem while I try it using Postman, it's send me a message : An expected CSRF token cannot be found

Thanks for the content ❤ What is the name of the app next to the configuration?

Hi sir, can you please make a video on role based spring boot microservices security

Hi @Java Techie, Thank you for such great content. Sir, I came across a question in an interview and was still unable to find a suitable solution, I will be grateful if you can make a small video on this. I believe this may require generics, recursion or reflection concepts. WAP to compare if two arguments are equal, they can be anything primitive, Array, Map, Collection or custom objects, and the input param type is Object. Ex, isEqual(Object arg1, Object arg2). As per the question, we don't have knowledge of the input provided.

How to exclude some API from applying Jwt in the headers.

Is it possible to pass a user object instead of the username. For example, I might need the email, username, and role of the user. Also how to I restrict API endpoints bu roles and permissions

Hi Java Techie, Can you make a video on logout that makes Jwttoken expired in microservice.

Hi @Java Techie, Thank you for This content, and it is very much useful for me, But How Swagger calls works in this case. Can you pls add that also..

Hi , can you make a video implementation of oauth and sign with different platform like google, Facebook, github .

there is security vulnerability in this way, if client adds the same header in the request then micro services might read the header added by the client and not the gateway so need to block the header coming from the client either at infra level like nginx or cloudfront or need to put check on gateway itself that if client sending any of these headers then forbidden

Hi Java Techie, Thank you for great content.can make spring boot project for deploying azure with jenkins pls

aswome

Sir career related kuch guidance milskti hae?

Hi, Can you please make a video on Oauth2 + webclient+ token uri?

How to deploy in aws this distributed system?

how To disable direct access to microservice & allow only though api gateway?

I am getting a forbidden error after following the above video, Can anyone please tell what can be possible scenarios to look into it?

Hi bro nice can we expect Saga pattern implementation video bro

How to handle Authorization (role based Authorization)?

Do a video for roles from gateway to swiggyservice

Hi sir, can you create a video on how to to password reset using mail api.

Better approach is use two way TLS or A2A cert .

i need support on one of my api to do this

08:31 why's this crying😂

how routing will be done if url of swiggy-service(host1:port1) and restaurant-service(host2:port2) is different