Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Microservices and authorisation (not authentication)

A Bauer
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are numerous articles about authentication and microservices using JEE, but I'm looking for some best practices or experiences regarding **authorisation** and microservices.

The general question is should I deploy the authorisation framework with each ms or should I create separate ms that handles every permission check?

In fact such a service would only expose the call to

PermissionChecker.check(new Permission(""))

As there are many more permission checks than e.g. calls to a single business microservice method I fear the performance with all the http roundtrips and de/serialization of json messages probably impacts the performance of the application. But if I deployed the authorisation framework with every microservices this probably breaks the idea ms.

So what are you experiences?
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic