In this liveProject, you’ll learn to use Spring Security and OAuth 2 to build and secure backend microservices architecture. You’ll step into the role of a developer for health startup HealthX and work hands-on to create a system that can protect your users’ privacy, and scale up as your company grows. Each project in this series covers a different aspect of securing a microservices system, so you can pick the task most relevant to your career.
These projects are designed for learning purposes and are not complete, production-ready applications or solutions.
here's what's included
Project 1 Implement an Authorization Server
In this liveProject, you will implement an authorization server to authenticate users and issue JSON Web Tokens signed with a configured key. You'll use a Spring Boot service to take the role of an authorization server in an OAuth 2 system, set up storage for user and client details, and ensure user details persist in a secure way. Finally, you’ll write and conduct integration tests to make sure your system is secure and bug-free.
Project 2 Manage Sensitive Data
In this liveProject, you will secure the backend of an app to protect users’ data, and design the backend as a resource server in an OAuth 2 system. You’ll configure resource server capabilities to apply endpoint and method authorization rules, and use authenticated principal details in the repository.
Project 3 Validate Requests
In this liveProject, you’ll implement a gateway service that validates the access tokens and redirects the valid requests to a service-oriented system. You’ll configure the gateway routes and gateway authorization rules, redirecting the requests to the right business logic implementation.
Project 4 Implement a Client Service
In real-world systems, services act sometimes as clients for other services. In this liveProject, you’ll implement a Spring Boot service that acts as a client for the OAuth 2 system. You’ll set up needed dependencies, register a client at the authorization server, and implement a proxy that uses the client credentials grant type. Finally, you’ll validate that the full setup works correctly and this mock server can accurately send advice to the health system.
This liveProject is for intermediate Java developers familiar with Spring and Spring Security. To begin this liveProject you need to be familiar with the following tools, technologies, and techniques.
- OAuth 2 app roles
- Spring Security basic contracts such as UserDetailsService
- PasswordEncoder,and GrantedAuthority
- SQL queries for CRUD operations
- Postman or cURL for endpoint testing
- Authorization code, password, client credentials, and refresh token grant types
- Unit and integration testing
you will learn
In this liveProject, you’ll master essential skills for securing Java-based microservices architectures.
- Implement a Spring Boot service that takes the role of an authorization server in an OAuth 2 system
- Implement the capability of the authorization server that allows it to issue signed JSON Web tokens
- Implement a server’s user management to store the user details in a database
- Implement a server’s client management to store the client details in a database
- Persist users’ passwords and clients’ secrets in a secure way
- Write integration tests for the authorization server implementation