问题描述
在我们的域中,我们有许多Spring Boot应用程序和一个网关服务(我们正在使用Netflix Zuul).我们的网关服务正在处理我们的身份验证和安全性.我们希望我们所有的消费者都可以通过我们的网关服务进入.
In our domain, we have a number of Spring Boot applications and a Gateway Service (we are using Netflix Zuul). Our Gateway Service is handling our authentication and security. We expect all of our consumers to be coming in through our Gateway Service.
由于安全性是由网关服务处理的,因此我们希望禁用对Spring Boot应用程序的直接访问.并非来自我们的网关服务的任何请求都应被拒绝.
Because the security is being handled by the Gateway Service, we'd like to disable direct access to our Spring Boot applications. Any requests made that didn't originate from our Gateway Service should be rejected.
我们如何在Spring Boot中完成此任务?是否有任何最佳做法?
How can we accomplish this in Spring Boot? Are there any best practices around this?
推荐答案
我希望在网络级别上对此进行限制.将所有内部服务放在专用子网中,该子网仅接受来自网关服务主机的HTTP请求.
I would prefer to restrict this on the network level. Put all internal services on a private subnet which only accepts HTTP requests from the gateway service host(s).
这篇关于Spring Boot-强制所有流量通过网关服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!