Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kolman-freecss/kf-imapi-auth-gateway
https://github.com/kolman-freecss/kf-imapi-auth-gateway
docker hexagonal-architecture java jwt keycloak microservice oauth2 spring-boot sso
Last synced: 1 day ago
JSON representation
- Host: GitHub
- URL: https://github.com/kolman-freecss/kf-imapi-auth-gateway
- Owner: Kolman-Freecss
- License: other
- Created: 2024-10-26T00:52:07.000Z (2 months ago)
- Default Branch: master
- Last Pushed: 2024-11-05T00:08:23.000Z (about 2 months ago)
- Last Synced: 2024-11-06T12:16:24.133Z (about 2 months ago)
- Topics: docker, hexagonal-architecture, java, jwt, keycloak, microservice, oauth2, spring-boot, sso
- Language: Java
- Homepage:
- Size: 96.7 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE-CC-BY-NC-ND
Awesome Lists containing this project
README
- IMAPI Angular service: https://github.com/Kolman-Freecss/kf-imapi-angular
- IMAPI Incident Service: https://github.com/Kolman-Freecss/kf-imapi-incident-service
- IMAPI Response Team Service: https://github.com/Kolman-Freecss/kf-imapi-response-service
- IMAPI Notification Service: https://github.com/Kolman-Freecss/kf-imapi-notification-service
- IMAPI Authentication Gateway Service: https://github.com/Kolman-Freecss/kf-imapi-auth-gateway
- IMAPI DevOps / Kafka Event Handling: https://github.com/Kolman-Freecss/kf-imapi-devops## Endpoint Utils
- Prometheus: http://localhost:9090
- Grafana: http://localhost:3000
- Zipkin: http://localhost:9411
- Keycloak: http://localhost:8080
- Eureka: http://localhost:8761## Brief Description
Features:
- Implementation of security using Spring Boot 3.3 and Keycloak with JSON Web Tokens (JWT).
- API Gateway for routing requests to the appropriate service.
- Circuit Breaker using Resilience4j.
- Also we hide the internal services from the outside world and KEYCLOAK (everything is behind the gateway).
- SSO (Single Sign-On) using Keycloak.
- Each token is signed by Keycloak and validated by the API Gateway to access to all the services.
- OAuth2 Protocol.
- Internal JWT signing to validate the token in every microservice verifying the authenticity of the API Gateway token. (X-Internal-Auth)
- (Another robust option is to sign every token through TLS, but it is not implemented in this project).
- Redis for caching. As request limiters.
- Load Balancer using Eureka.
- Testing
- Integration tests with Groovy and Spock.
- Performance tests with JMeter.
- Concurrent tests with Virtual Threads (JDK 19).## Getting Started
- Configure Keycloak with the following settings:
- New Realm: `imapi`
- Create a new Client: `imapi-gateway`
- Client ID: `imapi-gateway`
- 2 Roles: `USER` and `ADMIN`
- 2 Users: `user` and `admin`
- Password: `password`
- Map Roles to the users: `USER` and `ADMIN`**Diagram Flow:**
![Diagram Flow](Diagram-Flow.svg)
## Tech stack:
- Spring Boot 3.0
- Keycloak
- JSON Web Tokens (JWT)
- Maven
- Docker
- Spring Cloud Gateway
- Spring Cloud Netflix (Eureka)
- Resilence4j (Circuit Breaker)
- Observability - Micrometer Tracing and Zipkin (Distributed Tracing) (Sleuth is deprecated)
- We use AOP support to decorate the methods with tracing annotations.
- Prometheus and Grafana (Monitoring)
- Redis (Caching rate limiter)
- We can use Redis Insights (Client) to check the cache.## TroubleShooting
- To wire all services through gateway ensure you add correctly the names and no duplicate services are up in same time.
- We need to use a specific filters to modify the immutable request headers because not in every phase of the request lifecycle we can modify the headers.
- Also we need 2 filter, because not all traffic is going through the same spring path
- Implementing the Cache with Redis at the Gateway level to limit the requests to the services.
- For some reason the cache with responses commited and stuff like that is not working properly.---
Shield: [![CC-BY-NC-ND 4.0][CC-BY-NC-ND-shield]][CC-BY-NC-ND]
This work is licensed under a [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.][CC-BY-NC-ND]
[![CC-BY-NC-ND 4.0][CC-BY-NC-ND-image]][CC-BY-NC-ND]
[CC-BY-NC-ND-shield]: https://img.shields.io/badge/License-CC--BY--NC--ND--4.0-lightgrey
[CC-BY-NC-ND]: http://creativecommons.org/licenses/by-nc-nd/4.0/
[CC-BY-NC-ND-image]: https://i.creativecommons.org/l/by-nc-nd/4.0/88x31.png