Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kolman-freecss/kf-imapi-auth-gateway


https://github.com/kolman-freecss/kf-imapi-auth-gateway

docker hexagonal-architecture java jwt keycloak microservice oauth2 spring-boot sso

Last synced: about 18 hours ago
JSON representation

Awesome Lists containing this project

README 

        
- IMAPI Angular service: https://github.com/Kolman-Freecss/kf-imapi-angular

- IMAPI Incident Service: https://github.com/Kolman-Freecss/kf-imapi-incident-service

- IMAPI Response Team Service: https://github.com/Kolman-Freecss/kf-imapi-response-service

- IMAPI Notification Service: https://github.com/Kolman-Freecss/kf-imapi-notification-service

- IMAPI Authentication Gateway Service: https://github.com/Kolman-Freecss/kf-imapi-auth-gateway

- IMAPI DevOps / Kafka Event Handling: https://github.com/Kolman-Freecss/kf-imapi-devops



## Endpoint Utils



- Prometheus: http://localhost:9090

- Grafana: http://localhost:3000

- Zipkin: http://localhost:9411

- Keycloak: http://localhost:8080

- Eureka: http://localhost:8761



## Brief Description



Features: 

- Implementation of security using Spring Boot 3.3 and Keycloak with JSON Web Tokens (JWT).

- API Gateway for routing requests to the appropriate service.

  - Circuit Breaker using Resilience4j.

  - Also we hide the internal services from the outside world and KEYCLOAK (everything is behind the gateway).

- SSO (Single Sign-On) using Keycloak.

  - Each token is signed by Keycloak and validated by the API Gateway to access to all the services.

- OAuth2 Protocol.

- Internal JWT signing to validate the token in every microservice verifying the authenticity of the API Gateway token. (X-Internal-Auth)

  - (Another robust option is to sign every token through TLS, but it is not implemented in this project).

- Redis for caching. As request limiters.

- Load Balancer using Eureka.

- Testing

  - Integration tests with Groovy and Spock. 

  - Performance tests with JMeter.

  - Concurrent tests with Virtual Threads (JDK 19).



## Getting Started



- Configure Keycloak with the following settings:

  - New Realm: `imapi`

  - Create a new Client: `imapi-gateway`

    - Client ID: `imapi-gateway`

  - 2 Roles: `USER` and `ADMIN`

  - 2 Users: `user` and `admin`

    - Password: `password`

    - Map Roles to the users: `USER` and `ADMIN`



**Diagram Flow:**



![Diagram Flow](Diagram-Flow.svg)



## Tech stack:



- Spring Boot 3.0

- Keycloak

- JSON Web Tokens (JWT)

- Maven

- Docker

- Spring Cloud Gateway

- Spring Cloud Netflix (Eureka)

- Resilence4j (Circuit Breaker)

- Observability - Micrometer Tracing and Zipkin (Distributed Tracing) (Sleuth is deprecated)

  - We use AOP support to decorate the methods with tracing annotations.

- Prometheus and Grafana (Monitoring)

- Redis (Caching rate limiter)

  - We can use Redis Insights (Client) to check the cache.



## TroubleShooting



- To wire all services through gateway ensure you add correctly the names and no duplicate services are up in same time.

- We need to use a specific filters to modify the immutable request headers because not in every phase of the request lifecycle we can modify the headers.

  - Also we need 2 filter, because not all traffic is going through the same spring path

- Implementing the Cache with Redis at the Gateway level to limit the requests to the services.

  - For some reason the cache with responses commited and stuff like that is not working properly.



---



Shield: [![CC-BY-NC-ND 4.0][CC-BY-NC-ND-shield]][CC-BY-NC-ND]



This work is licensed under a [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.][CC-BY-NC-ND]



[![CC-BY-NC-ND 4.0][CC-BY-NC-ND-image]][CC-BY-NC-ND]



[CC-BY-NC-ND-shield]: https://img.shields.io/badge/License-CC--BY--NC--ND--4.0-lightgrey

[CC-BY-NC-ND]: http://creativecommons.org/licenses/by-nc-nd/4.0/

[CC-BY-NC-ND-image]: https://i.creativecommons.org/l/by-nc-nd/4.0/88x31.png