Microservices and authorisation (not authentication)
posted 1 year ago
There are numerous articles about authentication and microservices using JEE, but I'm looking for some best practices or experiences regarding **authorisation** and microservices.
The general question is should I deploy the authorisation framework with each ms or should I create separate ms that handles every permission check?
In fact such a service would only expose the call to
As there are many more permission checks than e.g. calls to a single business microservice method I fear the performance with all the http roundtrips and de/serialization of json messages probably impacts the performance of the application. But if I deployed the authorisation framework with every microservices this probably breaks the idea ms.