September 2019
Intermediate to advanced
668 pages
15h 59m
English
Content preview from Hands-On Microservices with Spring Boot and Spring Cloud
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Adding an authorization server to our system landscape
To be able to run tests locally and fully automated with APIs that are secured using OAuth 2.0 and OpenID Connect, we will add an OAuth 2.0-based authorization server to our system landscape. Spring Security 5.1 does not, unfortunately, provide an authorization server out of the box. But there is a legacy project (currently in maintenance mode), Spring Security OAuth, that provides an authorization server that we can use.
In fact, in the samples provided by Spring Security 5.1, a project using the authorization server from Spring Security OAuth is available. It is configured to use JWT-encoded access tokens, and it also exposes an endpoint for a JSON Web Key Set (JWKS) (part of the OpenID ...