A Microservices Architecture II

This is an example architecture for microservices. It is the second version after starting with http://www.thomas-letsch.de/2016/a-microservice-architecture/.

After reading and evaluating some more examples (really great: Magnus Larsson: Blog Series – Building Microservices) the architecture changed a little bit.

Changes

API Gateway / Edge Server

We use an API Gateway to proxy all our services to the outside. To have a flexible proxy, a custom rule maps all services ending with “-module” to a subpath of /api (e.g. product-module -> /api/product).

A new Microservice will be automatically accessible from the outside through the gateway.

The API Gateway is also responsible for providing SSL to the outside world. The internal microservices don’t talk SSL.

LDAP -> OAuth2

The former implementation used a LDAP server for authentication. It first used only basic authentication of all micro services. For a bigger application OAuth2 is the far better protocol. Still keeping in mind that starting with simple basic auth gives you a faster start. OAuth adds some fair amount of complexity. But most of the authentication services out there just use oauth2 and I think its worth implementing it from the beginning. One thing to keep in mind now is that the oauth service coming with moserp code is not for use in a production environment. There you will probably have a separate (company global?) authentication server running. Or you use one of the big authentication providers out there (Google, Github, Facebook, AWS, Cloud Foundry etc). The authentication-service is only there for local development.

The Authentication Service is responsible for authentication. The API Gateway will only check the existence and validity of a authorization token against the oauth2 service.

All microservices do the same and only check the authorization info (token) against the oauth2 service. This is handled automatically by spring security.

Dependencies

Every Microservice connects to the following infrastructure services (for now, that list will grow):

  • Registry Service (Eureka). Registers itself and looks up other micro services (infrastructure and business apps)
  • Config Service (Spring Cloud Config). Retrieves it configuration from it.
  • Authentication Service (Spring Cloud OAuth2). Authentication and authorization of requests.
  • MongoDB for persistence.

New Structure

architecture with oauth