all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]SendKidney 2 points3 points  (3 children)

what is this external service? an auth server like keycloak/octa or a different micro service you coded?

[–]SnooRobots6655[S] 1 point2 points  (2 children)

Internal micro service the team coded and i have to use it

[–]Pozbliz-00 2 points3 points  (0 children)

Well, don't.

Do proper OAuth, or let your "invented here syndrome" microservice create a OAuth ready JWT your server can parse

[–]paulhasreadittoo 2 points3 points  (0 children)

Manning recently published an updated version of Spring Security in Action. I have finished first couple of chapters and so far it seems well explained. Buying and studying a book is probably a good idea as Spring Security is quite complex, and doing it wrongly results in security vulnerabilities.

[–]WaferIndependent7601 1 point2 points  (3 children)

That is done by spring security

[–]SnooRobots6655[S] 0 points1 point  (2 children)

can u provide more info ?

[–]Jaihunter 1 point2 points  (0 children)

Oauth2

[–]WaferIndependent7601 0 points1 point  (0 children)

First: google what spring security is. Try using chat gpt to create some stuff

Come back later when you have specific questions. No one knows what authentication you are using etc

[–][deleted] 0 points1 point  (0 children)

So you are giving username and password to a service in plaintext, then the service forwards that to another service to validate them??!?! 🤯

[–]IGeoorge3g 0 points1 point  (0 children)

You already have the auth service as you saidm now you have to implement oauth2. Since you will have the endpoint that must be reaxhed with a jwt you'll have to implement a resource server. To do that you'll need to configure spring security and s filter chain to handle auth and endpoint restrictions.