Spring Boot | Kong | Basic Auth
Using Kong to secure a Simple Spring Boot REST API with Basic Authentication plugin
Configuring the Basic Authentication plugin in Kong to secure a sensitive endpoint in Simple API application
In this article, we will create a Simple Spring Boot REST API called Simple API. The application has just two endpoints: /public and /secured. However, instead of implementing security within the application itself, this time we will utilize Kong.
Introduction
Kong is an open-source API gateway that simplifies API management, provides security, scalability, and analytics for APIs and microservices. It acts as a single entry point for clients to access backend services, offering features like authentication, load balancing, and custom plugins.
Both Kong and Simple API will be executed as Docker containers. However, the Simple API’s 8080 port won’t be exposed to the host machine, meaning users cannot access it directly. To circumvent this, we will use Kong as a gateway. Additionally, we will configure the Kong Basic Authentication plugin to secure the sensitive endpoint of the Simple API, namely /secured.
