update on 2016-10-19: more on JWT, fixed typos, clarified some aspects
From Zero to OAuth2 in Spring cloud
Today I am presenting hours of research about a (apparently) simple question: “How can I maintain security in my microservices architecture?”. The task is to enable a simple but mighty possibility to secure spring cloud services down to method invocation level, having a central point of where users and authorities can be assigned.
To achieve this as efficient as possible, OAuth2 is the solution.
In this article we are going to implement an authorization server, holding user authorities and client information, and a resource service with protected resources, using Spring OAuth2 and JSON Web Tokens (JWT). I will demonstrate, how the resource server can host a RESTful resource, having different security levels, which is defined in example authorities “FOO_READ” and “FOO_WRITE”.
The implementation can be downloaded and tested on my GitHub Repository.