[WIP] authenticated microservices#1238
Draft
petertrr wants to merge 90 commits into
Draft
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
HttpSecurityChainhave lowest precedence, because it captures all endpoints (/**) and more specific matchers should be able to override it by using higher precedence. MakeConvertingAuthenticationManagerprimary bean to avoid conflict when autowiring by typeServiceAccounttokens (similarly to this authentication mode of Vault)ServiceAccountmicroservice-safor all microservices; mount its token as a projected volumeWebClientCustomizerto add this token as a custom header; token is updated every 5 minutesspring-securitycomponents to authorize request based on the service account token/internalendpoints of backend and for orchestartor and sandboxspring-cloud-kubernetesimplementation fromkubernetes-clienttofabric8-clientin save-backendConfigMaps usingspring-cloud-kubernetesintegration (for some reason resolving${spring.datasource.backend-url}won't work with existing loading of optional properties file)Part of #1049