How to protect your Spring Boot microservice with OAuth2?

Protecting your microservice developed in Spring Boot is quite forward.

Spring does all the major work for you.

Here are the steps to follow:

STEP 1: Add spring boot starter oauth2 resource server dependency

STEP 2: Configure Authorization Server

STEP 3: Test

STEP 1: Add spring boot starter oauth2 resource server dependency

Add the below dependency in your project:

	<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
		</dependency>

STEP 2: Configure Authorization Server

Add Authorization Server in application.yml file.

This is the “issuer” url you get while configuring your authorization server.

To know how to set up authorization server check here

Here is the entry I added while testing:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: http://localhost:8080/realms/myrealm

That’s it!

Quite straightforward and easy.

Now let’s test it.

STEP 3: Test

To test, let’s first create a Rest Controller:

package app.example;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {

	
	@GetMapping("/test")
	public String test() {
		
		return "success";
	}
}

Just a simple REST API which returns a string.

This will be automatically protected by Spring behind the screens!

Just adding the configuration and the resource server dependency will do the magic for you.

Let’s test it through postman.

You need to generate an access token by passing the client credentials you set up in authorization server ,before hitting the test API.

You can refer step 5 in this post to know how to set up a client in authorization server. Get the client credentials of the client thus created.

You can get the credentials from “Credentials” tab in KeyCloak: