java - Spring cloud 服务间调用 应该如何鉴权？

Question

spring-cloud 服务间相互调用 需要不需要走zuul 这一层关系呢？？如果不需要
那如何进行权限认证呢 比如A 知道了B 的一个内部API 直接调用它 ，然后 这个API 泄露给未知服务器 ，未知服务器 也调用这个API

Answer 1

I understand that services need to be registered on components discovered by services such as Eureka and Consul. Zuul configures redirection by reading the content of eureka or consul. The advantage of this is that there is no need to know the specific location of the service. Services need to obtain service information through eureka. For authentication, you can use spring security to add tags to set up the protection method and the terminal that provides authentication services.

Answer 2

spring cloud itself does not have any servicesapi调用的吧。
不太清楚你的api是一种什么形式，像rpc/restInterface authentication can be done directly through the interface provider.

Answer 3

Spring Cloud only opens one external system and can be accessed by other LANs. The gateway provides a whitelist, which can be accessed from the outside