• Post Reply Bookmark Topic Watch Topic
  • New Topic

Microservices and authorisation (not authentication)  RSS feed

A Bauer
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are numerous articles about authentication and microservices using JEE, but I'm looking for some best practices or experiences regarding **authorisation** and microservices.

The general question is should I deploy the authorisation framework with each ms or should I create separate ms that handles every permission check?

In fact such a service would only expose the call to

PermissionChecker.check(new Permission(""))

As there are many more permission checks than e.g. calls to a single business microservice method I fear the performance with all the http roundtrips and de/serialization of json messages probably impacts the performance of the application. But if I deployed the authorisation framework with every microservices this probably breaks the idea ms.

So what are you experiences?
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!