Four-Project Series

Spring Security and OAuth2 for Microservices you own this product

OAuth 2 app roles • basic Spring Security • Grant types
skills learned
implementing an OAuth 2 authorization server • implementing an OAuth 2 resource server • implementing an OAuth 2 client • using a gateway service in an OAuth 2 system • setting up a full OAuth 2 microservices system
Laurenţiu Spilcă
4 weeks · 6-8 hours per week average · INTERMEDIATE
get all Manning content with a subscription
includes 4 liveProjects
liveProject $41.99 $59.99 self-paced learning

In this liveProject, you’ll learn to use Spring Security and OAuth 2 to build and secure backend microservices architecture. You’ll step into the role of a developer for health startup HealthX and work hands-on to create a system that can protect your users’ privacy, and scale up as your company grows. Each project in this series covers a different aspect of securing a microservices system, so you can pick the task most relevant to your career.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

Manning author Laurenţiu Spilcă shares what he likes about the Manning liveProject platform.

here's what's included

Project 1 Implement an Authorization Server
In this liveProject, you will implement an authorization server to authenticate users and issue JSON Web Tokens signed with a configured key. You'll use a Spring Boot service to take the role of an authorization server in an OAuth 2 system, set up storage for user and client details, and ensure user details persist in a secure way. Finally, you’ll write and conduct integration tests to make sure your system is secure and bug-free.
Project 2 Manage Sensitive Data
In this liveProject, you will secure the backend of an app to protect users’ data, and design the backend as a resource server in an OAuth 2 system. You’ll configure resource server capabilities to apply endpoint and method authorization rules, and use authenticated principal details in the repository.
Project 3 Validate Requests
In this liveProject, you’ll implement a gateway service that validates the access tokens and redirects the valid requests to a service-oriented system. You’ll configure the gateway routes and gateway authorization rules, redirecting the requests to the right business logic implementation.
Project 4 Implement a Client Service
In real-world systems, services act sometimes as clients for other services. In this liveProject, you’ll implement a Spring Boot service that acts as a client for the OAuth 2 system. You’ll set up needed dependencies, register a client at the authorization server, and implement a proxy that uses the client credentials grant type. Finally, you’ll validate that the full setup works correctly and this mock server can accurately send advice to the health system.

book resources

When you start each of the projects in this series, you'll get full access to the following book for 90 days.

The free project does not include full access to this Manning book. Purchase the full series to unlock this access in the free project, too!

choose your plan


only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free eBook every time you renew
  • choose twelve free eBooks per year
  • exclusive 50% discount on all purchases
  • Spring Security and OAuth2 for Microservices eBook for free

project author

Laurentiu Spilca
Laurentiu Spilca is a dedicated development lead and trainer at Endava, where he leads and consults on multiple projects from various locations in Europe, Asia, and the U.S. Laurentiu believes it's essential to not only deliver high-quality software but to also share knowledge and help others to up-skill, which has driven him to design and teach courses related to Java technologies and deliver presentations and workshops. He is the author of Spring Security in Action and Spring Quickly.


This liveProject is for intermediate Java developers familiar with Spring and Spring Security. To begin this liveProject you need to be familiar with the following tools, technologies, and techniques.

  • OAuth 2 app roles
  • Spring Security basic contracts such as UserDetailsService
  • PasswordEncoder,and GrantedAuthority
  • SQL queries for CRUD operations
  • Postman or cURL for endpoint testing
  • Authorization code, password, client credentials, and refresh token grant types
  • Unit and integration testing

you will learn

In this liveProject, you’ll master essential skills for securing Java-based microservices architectures.

  • Implement a Spring Boot service that takes the role of an authorization server in an OAuth 2 system
  • Implement the capability of the authorization server that allows it to issue signed JSON Web tokens
  • Implement a server’s user management to store the user details in a database
  • Implement a server’s client management to store the client details in a database
  • Persist users’ passwords and clients’ secrets in a secure way
  • Write integration tests for the authorization server implementation


You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.