I use vscode to write java code and find it more convenient than using intellj idea community version but when performing the suggested steps, it is not as complete as intellj idea. Have you ever used vscode to write java code? Is there any way to make the suggestions smarter and more accurate? Extensions that should be installed such as pack java and pack spring boot are already installed
Thank you for the tutorial. Is it safe to say that you only protected the API gateway, while the other services are still exposed? I don't see any security configurations on the other services, and I'm still able to make requests to them without being authenticated.
hi thank you for the tutorials im sucessfully using keycloak on the api gateway yet i still can access the product services using their original port and endpoints without the need of authentication is there any way to force all the microservices to be exclusively accessed only using the api gateway ? Thank you
Hi, good question. Yes, usually when you deploy this in a production grade setup, the microservies are deployed within a corporate firewall, and will have firewall rules to allow access only from certain hosts, in this case this can be API Gateway. Also we can use Mutual TLS to make sure our microservices only respond to trusted clients like API Gateway. Another approach is securing also each and every microservice, in this way the API Gateway will send an access token to access the other services, this is more secure, but there will be additional latency and involves more complexity because each microservice should now verify the access token against the Auth Server.
Hello dear Sai, If we want to install keycloak to custom domain. What can we do? So, what if we want to using live project how can we settle it to public? Could you suggest any documentation? And could we use this for angular requests by some libraries?
there is keycloak-js library which works with all angular, react, vue and many more. you can use that npm library. for custom domain you have to buy your domain and redirect your request to that domain which will be bind to keycloak ip and port.
@@souravsuman1993 Thanks for your response. Just a question I wanna ask, in the video, security settled for client like postman etc. When we want to auth to browser(react etc.) ,which issuer-uri, dependency or client will we use? And is there register method in this keycloak? Thanks for your answer again I am so glad
For Angular, you can use this library github.com/manfredsteyer/angular-oauth2-oidc You can refer to my Keycloak Tutorial, I explained all the use cases in detail in that tutorial and also demonstrated how to integrate Keycloak along with Angular using the above library. If you want to authorize the client through a browser, then you have to use Authorization Code Flow Grant Type instead of Client credentials. Keycloak provides you all the functionality like register, login, 2 Factor Authentication, Single Sign On out of the box with minimal code changes.
Yes, as we are deploying using Kubernetes this feature will be available for us out of the box, no use in creating the discovery server and then removing it.
I will not do it in this series, because this setup is rarely used in the real world. Sure there is the concept of Users, roles, etc. But you don't see companies implementing their Authentication setup because it can be tricky and hard to do it right. That's why Auth Servers like Keycloak, and Okta are famous these days and widely used. But I have plans to create a separate video, where I will explain in detail how to work with Spring Security using JWT.
I know the pain, this is happening because now may be you have multiple IntelliJ IDE instances running the services. I would suggest you to create a Maven Multi Module Project so that you will have all the projects in one maven project and only one IDE instance running all the services, you can see how to do that in this video - th-cam.com/video/lh1oQHXVSc0/w-d-xo.html
@@ProgrammingTechie I tried it. But when I run the application I'm getting SQL State : 42000 Error Code : 1049 Message : Unknown database 'order_service' error. Docker is not picking the init.sql file. docker-compose file: version: '4' services: mysql: image: mysql:8.3.0 container_name: mysql ports: - "3316:3306" environment: MYSQL_ROOT_PASSWORD: mysql volumes: - ./order-service/mysql/data:/var/lib/mysql - ./order-service/docker/mysql/init.sql:/docker-entrypoint-initdb.d/init.sql Path of Init file: D:\IntelliJ_Projects\Spring_Microservices\shopping-microservices\order-service\docker\mysql\init.sql
![[LIVE] : ONE ลุมพินี 89 | คู่เอก "ยอดไอคิว vs คิริลล์"](http://i.ytimg.com/vi/Z3vYkHJ_5Ig/mqdefault.jpg)
![Microservices using SpringBoot 3.0 | Full Example [NEW]](/img/n.gif)
Link to the written tutorial: programmingtechie.com/articles/spring-boot-microservices-tutorial-part-4
You are a brilliant simplifier. Just made me a pro Spring Boot Java developer in two days. Thanks
nice. All six parts integrated and working. thanks
Lot of new learning
Wiremock,RestAssured,Flyway,keyloak.
Thank you a lot! I was waiting for this video for so long
At 16:42 you talk about id_token. But this is not the case for me. Any Idea why id_token not show to me? I see only the access token.
sir i also faced same problem. did you get any solution
I use vscode to write java code and find it more convenient than using intellj idea community version but when performing the suggested steps, it is not as complete as intellj idea. Have you ever used vscode to write java code? Is there any way to make the suggestions smarter and more accurate? Extensions that should be installed such as pack java and pack spring boot are already installed
Hey Sai,can you make some videos on docker and docker compose
Thank you for your work.
How to achieve method-level security?
I don’t think it is possible with this approach
✋Thank you very much brother I found many solutions in ur lecture.
I am desperately waiting for your next tutorial when is it coming up?
Please create a video on distributed transaction in microservice using saga design pattern.
Thank you for the tutorial. Is it safe to say that you only protected the API gateway, while the other services are still exposed? I don't see any security configurations on the other services, and I'm still able to make requests to them without being authenticated.
Yes correct, I did this to simplify the setup a bit, you can improve this by adding security between services and the API Gateway
In next tutorial please tell, how can we avoid auth for certain microservices?
The keycloak server is not connected with mysql and the data is not getting backed up how should I fix it
I am also facing the same issue, I had to create the realm & the client every time I restart the container. Have you a solution for this?
when are upcoming videos going to be uploaded? Am eagerly waiting for it
It's out now
Thank you so much!
hi thank you for the tutorials
im sucessfully using keycloak on the api gateway
yet i still can access the product services using their original port and endpoints without the need of authentication
is there any way to force all the microservices to be exclusively accessed only using the api gateway ?
Thank you
Hi, good question.
Yes, usually when you deploy this in a production grade setup, the microservies are deployed within a corporate firewall, and will have firewall rules to allow access only from certain hosts, in this case this can be API Gateway.
Also we can use Mutual TLS to make sure our microservices only respond to trusted clients like API Gateway.
Another approach is securing also each and every microservice, in this way the API Gateway will send an access token to access the other services, this is more secure, but there will be additional latency and involves more complexity because each microservice should now verify the access token against the Auth Server.
@@ProgrammingTechie thank youuu for the insight 🙏
Hello dear Sai, If we want to install keycloak to custom domain. What can we do? So, what if we want to using live project how can we settle it to public? Could you suggest any documentation? And could we use this for angular requests by some libraries?
there is keycloak-js library which works with all angular, react, vue and many more. you can use that npm library. for custom domain you have to buy your domain and redirect your request to that domain which will be bind to keycloak ip and port.
@@souravsuman1993 Thanks for your response. Just a question I wanna ask, in the video, security settled for client like postman etc. When we want to auth to browser(react etc.) ,which issuer-uri, dependency or client will we use? And is there register method in this keycloak? Thanks for your answer again I am so glad
For Angular, you can use this library github.com/manfredsteyer/angular-oauth2-oidc
You can refer to my Keycloak Tutorial, I explained all the use cases in detail in that tutorial and also demonstrated how to integrate Keycloak along with Angular using the above library.
If you want to authorize the client through a browser, then you have to use Authorization Code Flow Grant Type instead of Client credentials.
Keycloak provides you all the functionality like register, login, 2 Factor Authentication, Single Sign On out of the box with minimal code changes.
And are you not implementing the service discovery?
Yes, as we are deploying using Kubernetes this feature will be available for us out of the box, no use in creating the discovery server and then removing it.
can u please add the github link for the tutorials sir ?
waiting for next video
It's out now
Great thanks
Kindly implement a normal jwt user authentication with users and roles
I will not do it in this series, because this setup is rarely used in the real world. Sure there is the concept of Users, roles, etc. But you don't see companies implementing their Authentication setup because it can be tricky and hard to do it right. That's why Auth Servers like Keycloak, and Okta are famous these days and widely used.
But I have plans to create a separate video, where I will explain in detail how to work with Spring Security using JWT.
@@ProgrammingTechie thanks brother. Surely i will wait for that video!
part 6 - checked
My 16 GB RAM is dead now)))
I know the pain, this is happening because now may be you have multiple IntelliJ IDE instances running the services.
I would suggest you to create a Maven Multi Module Project so that you will have all the projects in one maven project and only one IDE instance running all the services, you can see how to do that in this video - th-cam.com/video/lh1oQHXVSc0/w-d-xo.html
@ProgrammingTechie Thank you for the advice, I will try🙏
@@ProgrammingTechie
I tried it. But when I run the application I'm getting
SQL State : 42000
Error Code : 1049
Message : Unknown database 'order_service' error.
Docker is not picking the init.sql file.
docker-compose file:
version: '4'
services:
mysql:
image: mysql:8.3.0
container_name: mysql
ports:
- "3316:3306"
environment:
MYSQL_ROOT_PASSWORD: mysql
volumes:
- ./order-service/mysql/data:/var/lib/mysql
- ./order-service/docker/mysql/init.sql:/docker-entrypoint-initdb.d/init.sql
Path of Init file: D:\IntelliJ_Projects\Spring_Microservices\shopping-microservices\order-service\docker\mysql\init.sql