Microservices - Security Architecture

Created2022-09-21|Microservices GovernanceSecurityOauth2

|Word count:163|Reading time:1min

Option 1

Access Token 为透明令牌，API 网关需要去授权服务器集中校验并兑换成 JWT（自校验），然后再传递到后续的微服务
缺点：授权服务器压力比较大

Option 2

全链路无状态，API 网关与授权服务器约定一致的 secret，API 网关可以直接解密 JWT（对称/非对称）
缺点：缺少集中校验 Token 的环节，无法通过授权服务器及时吊销，只能等 Token 自然过期

Option 3

生产环境最为常用：原理与 Option 1 类似，只是增加了 Redis 缓存

Reference

微服务架构实战 160 讲

Author: zhongmingmao

Link: https://blog.zhongmingmao.top/2022/09/21/microservices-governance-security-architecture/

Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

Cloud Native Architecture Microservices Spring Security Microservices Governance Oauth2 Spring Security Spring Security OAuth2

Related Articles

Oauth2 - Github

Oauth2 - Authorization Code Flow

Spring Security OAuth2 - Authorization Server

Oauth2 - Overview

Apollo - HA + Monitoring

Loading the Database