I've couple of micro services built using Spring Cloud sitting behind Zuul API gateway and I'm using Spring Security Saml 2 to authenticate user against LDAP and once user is authenticated then I generate a JWT token and pass it to client which is being passed in header for API access, the Zuul intercepts incoming call and validates token, this works well, now the piece which is puzzling me is that how do I handle user authorization, and have 2 approaches
One way is to annotate my controllers with spring security annotations and have desired roles configured at resource/controller level but this will lead to deployment of new version of service if there is any changes in resource and role mapping
The other way is to create a service which holds the resource to role (and permissions) mappings in DB/Cache and have Zuul filters query this service and decide whether to allow user to proceed further or not, the benefit is I've more flexibility and any changes to resource and role mapping will not lead to deployment of my services, but in this case I've to code all this and I'm bit short on time
Is there any readymade service which provides #2 out of the box?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
