Micro-Services Architecture

[Brandon Wagner]

I've obviously heard a lot about the Micro-Services Architecture and think it makes a lot of sense (especially with the success stories of Netflix, all hail Netflix). 

I'd like to implement a small Grails application in Micro-Services. My question is about the "Security" or "Users" Micro Service. My initial thought would be to create an application with a REST interface where my other Micro-Services would query the Security Service's REST interface. However, security would be duplicated in every service. This seems like an inevitable problem, but what is the best way to handle this? 

Should I be implementing Spring Security in every service and querying a User Service with simple rights information? 

Or could a central Security Service work in some way?

I'd love to hear comments on other's experiences or thoughts. 

Book or article recommendations would also be helpful (more technically oriented, as I have seen many presentations on high-level descriptions of Micro-Services architectures, but they usually aren't in-depth).

Also, I posted a similar oriented post with no replies about a month ago (more oriented to AWS). Check it out if you are able to comment: https://groups.google.com/forum/#!searchin/grails/AWS/grails/hW1j4eI7H6s/o6se5AqJNs0J

Thanks!

[Owen Rubel]

I'm assuming you are trying to avoid having to create a localized DB for USER/ROLE in every microservice

The answer is to have a separate security server that calls go to in order to issue the token. This allows all applications to have a centralized user management server (see Stormpath - https://stormpath.com/?gclid=Cj0KEQiApqTCBRC-977Hi9Ov8pkBEiQA5B_ipd_mkWp7JE-oAVQHBTBjGmXMNYbkiMFkHbE2rnj6zmsaAnqe8P8HAQ)

Once the token is issued, you use spring-security to check the roles associated with the token.