O'Reilly logo

Mastering Spring Cloud by Piotr Minkowski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Inter-service authorization

Inter-service communication in our sample is realized using Feign clients. Here's one of the chosen implementations—in this case, from order-service—which calls the endpoint from customer-service:

@FeignClient(name = "customer-service")public interface CustomerClient {    @GetMapping("/withAccounts/{customerId}")    Customer findByIdWithAccounts(@PathVariable("customerId") Long customerId); }

In the same way as with the other services, all the available methods from customer-service are protected by the preauthorization mechanism based on the OAuth token scope. It allows us to annotate every method with @PreAuthorize, defining the required scope:

@PreAuthorize("#oauth2.hasScope('write')")@PutMappingpublic Customer update(@RequestBody ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required