How we can I keep Vahana vConnect Service Secure when I want to call it using Java Internally?

I have a vahana service which I am calling from my custom java microservice. But when I am marking its session type as User level session or device level session then it requires encrypted request and with session variables and tokens but Java doesn’t have that information and when I keep my service session type as without session then it is a security breach.

Isn’t there any way using which my security will not compromise and I can use vConnect service in my Java code?

1 Like

As per my opinion Security will not compromised if we are using proper highly secure client secret. vConnect Service is secured with client secret.

Without session does not mean security risk, because its follow key-based-authentication.

If still you think an issue then we call any secure service directly via ESB.

2 Likes

@shivang.garg @naveen.gupta : There are two url exposed by ESB microservice for calling a service, URL 1 is used if a request is coming from public network. URL 2 is used when you are calling a service within Intranet i.e. you are calling service from your Java Code. URL 2 is not accessible from public network.

So if you are calling a service from Java code then you can use URL 2, in that case:

  1. there is no need to do encryption decryption of request
  2. you don’t need to pass any parameter like client secret.
  3. No need to mark that service as Without Session.
  4. Also, your logs will be created properly.

ESB URL2 is created for this purpose only. You can get the exact details of url2 i.e. context path from @Mayank & team.

5 Likes