Spring Security you own this product

basic Java • security basics • Spring Initializr tool • Postman or equivalent • Spring Web REST services implementation • basic Maven or Gradle
skills learned
Spring Security OAuth 2 authentication and role-based authorization
Potito Coluccelli
1 week · 6-8 hours per week · BEGINNER

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!


5, 10 or 20 seats+ for your team - learn more

Look inside

As a backend developer for BestInsurance, your task is to secure its RESTful API using Spring Security. The insurance company is running the API in a server that supports OAuth 2.0 authentication. Using the server’s specs, you’ll reproduce the behavior of the authorization server with Spring Security in order to have a local server that is easily configurable for testing purposes. You’ll implement role-based authorization based on the content of JSON Web Tokens (JWT), from the authorization server point of view. This authorization will impact API security, so you will implement a resource server with Spring Security. You’ll also implement unit testing with Spring Security Test, and configure SwaggerUI to make requests that are authorized according to OAuth 2.0, using SpringDocs. When you’re finished you’ll have highly useful Spring Security skills—and confidence that your API is secure!

This project is designed for learning purposes and is not a complete, production-ready application or solution.

project author

Potito Coluccelli

Potito Coluccelli is a senior software engineer and team leader at Econocom in Italy, where he works on service-oriented architecture design and implementation as well as supporting customers as they transition from monolithic to microservice architectures. Previously he worked as a middleware consultant at Red Hat and supported companies in Italy and the EU with JEE application design, development, maintenance, and testing. With his team, he created a trade surveillance tool for Commodity Markets that’s been adopted by major energy providers in Italy.


This liveProject is for beginner and intermediate Java programmers who want to learn how to secure a RESTful API with Spring Security. To begin these liveProjects you’ll need to be familiar with the following:

  • Basic Java
  • Basic Spring configuration
  • Basic JSON
  • Basic JUnit 5 and SpringTest
  • Basic Docker and Docker Compose configuration
  • Basic Maven and Gradle
  • Spring Boot 3.1.x stable version
  • Your favorite IDE
  • Basic use of the command line (or equivalent best tools for the operating system you’re using)
  • Basic knowledge of the REST paradigm and HTTP
  • Implement Spring Web REST services
  • Implement JUnit test cases with SpringTest and TestContainers
  • Generate a new project using Spring Initializr


You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.

choose your plan


only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • Spring Security project for free