In this liveProject, you’ll learn to use Spring Security and OAuth 2 to build and secure backend microservices architecture. You’ll step into the role of a developer for health startup HealthX and work hands-on to create a system that can protect your users’ privacy, and scale up as your company grows. Each project in this series covers a different aspect of securing a microservices system, so you can pick the task most relevant to your career.
These projects are designed for learning purposes and are not complete, production-ready applications or solutions.
here's what's included
Project 1 Implement an Authorization Server
In this liveProject, you will implement an authorization server to authenticate users and issue JSON Web Tokens signed with a configured key. You'll use a Spring Boot service to take the role of an authorization server in an OAuth 2 system, set up storage for user and client details, and ensure user details persist in a secure way. Finally, you’ll write and conduct integration tests to make sure your system is secure and bug-free.
Project 2 Manage Sensitive Data
In this liveProject, you will secure the backend of an app to protect users’ data, and design the backend as a resource server in an OAuth 2 system. You’ll configure resource server capabilities to apply endpoint and method authorization rules, and use authenticated principal details in the repository.
Project 3 Validate Requests
In this liveProject, you’ll implement a gateway service that validates the access tokens and redirects the valid requests to a service-oriented system. You’ll configure the gateway routes and gateway authorization rules, redirecting the requests to the right business logic implementation.
Project 4 Implement a Client Service
In real-world systems, services act sometimes as clients for other services. In this liveProject, you’ll implement a Spring Boot service that acts as a client for the OAuth 2 system. You’ll set up needed dependencies, register a client at the authorization server, and implement a proxy that uses the client credentials grant type. Finally, you’ll validate that the full setup works correctly and this mock server can accurately send advice to the health system.