Building Microservices with Spring Cloud - Security
The Role of security in microservices
- User Authentication/Authorization
- Single Sign on
- Data Security
- Interoperability
OAuth2.0
- Protocol for conveying authorization
- Provides authorization flow for various clients
- Obtain limited access to user accounts
- Separates idea of user and client
- Access token carries more than identity
- Not an authentication scheme
How Spring Supports OAuth2.0
- Code annotations
- Token storage options
- OAuth2.0endpoints
- Numberous extensibility points
ref :
https://docs.spring.io/spring-security/site/docs/4.2.3.RELEASE/reference/htmlsingle/#jc-method
https://projects.spring.io/spring-security-oauth/docs/oauth2.html
http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html // 阮一峰
http://www.rfcreader.com/#rfc6749
