Securing Services with Spring Cloud Gateway
So far in this series, we've covered Getting Started and Hiding Services with Spring Cloud Gateway. However, when we set about hiding our services, we didn't secure them. In this article, we'll correct this.
To secure our services, we'll use the Token Relay pattern supported by OAuth 2.0 and the Javascript Object Signing & Encryption (JOSE) and JSON Web Tokens standards. This will give our users a means to identify themselves, authorize applications to view their profile and access the secured resources behind the gateway.
All the code for this demo is published online in GitHub in the
…secured-gateway
folder. If you just want to run it without understanding how it was built, skip ahead to the section entitled "Running The Demo".