I have Spring boot microservices running behind a Zuul API gateway. And a keycloak server for security. I want to secure(authorize) some of the API endpoints, and a few endpoints will be whitelisted from our microservices. As per my thought process, I will authorize the requests at Zuul Gateway based on the configured roles(defined on the Keycloak server). Below are the queries:
- Is it a correct approach?
- If yes, could you help me here with a sample code example?
- Where should we configure the role-to-accessible endpoint mapping?
- If not, please let me know the correct approach with a sample example.