JHipster UAA server

JHipster user accounting and authorizing (UAA) server is merely an OAuth2 server that can be used for centralized identity management. In order to access the protected resource and also to avoid unwanted access to the APIs, there has to be an authorization server that authorizes the request and provides access to the resource. 

OAuth2 is an authorization framework that provides access to the request based on tokens. Clients request access to a service; if the user is authorized, the application receives an authorization grant. After receiving the grant, the client requests a token from the authorization server. Once the token is received, the client will then request that the resource server gets the necessary information.

JHipster supports both standard LDAP protocols and is invoked via JSON APIs.

JHipster UAA is a centralized server for user accounting and authorizing service for securing JHipster microservices using the OAuth2 authorization protocol. They also have session-related information and role-based access control with the help of a user and role management that is available inside the system. 

JHipster UAA is a JHipster-generated application consisting of user and role management. It also has a full-fledged OAuth2 authorization server. This is flexible and completely customizable.

Security is essential in a microservices architecture. The following are the basic requirements for securing microservices:

  • They should be authenticated in one place. Users should experience the entire experience as a single unit. Once the end user logs in to the application, they should be able to access whatever they have access to. They should hold session-related information throughout the time they are logged in to the system.
  • The security service should be stateless. Irrespective of the service, the security service should be capable of providing authentication for requests.
  • They also need to have the ability to provide authentication to machines and users. They should be able to distinguish between them and trace them. Their function should be authorizing the incoming request rather than identifying the end user.
  • Since the underlying services are scalable, security services should also have the ability to scale up and down based on requirements.
  • They should, of course, be safe from attacks. Any known vulnerability should be fixed and updated as and when required.

The previous requirements can be met by using the OAuth2 protocol. The OAuth2 protocol, in general, provides the token for authenticating based on the details provided, which makes them stateless and able to authenticate a request from any source.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.105.239