- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Building Secure Microservices: OAuth2 + JWT Role-Based Access Control in Action
Learn how to implement OAuth2 authentication with role-based access control across microservices. In this demo, I walk through generating JWT tokens using Postman and show how protected endpoints enforce authorization based on user roles (ADMIN, SELLER, USER).
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
WHAT YOU'LL LEARN
- How to configure OAuth2 Authorization Code flow in Postman
- Understanding JWT structure and role claims
- Implementing @PreAuthorize for endpoint security
- How Resource Servers validate tokens via JWKS
- Handling 401 Unauthorized and 403 Forbidden responses
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ARCHITECTURE
User Service (Authorization Server)
- Issues JWT tokens with embedded role claims
- Exposes JWKS endpoint for public key distribution
- Handles OAuth2 flows: Authorization Code, Client Credentials, Refresh Token
Product Service (Resource Server)
- Validates JWTs using public keys from JWKS
- Enforces RBAC with Spring Security @PreAuthorize
- Protected endpoints for product and category management
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
TECH STACK
- Java 21
- Spring Boot 4.x
- Spring Authorization Server
- Spring Security (OAuth2 Resource Server)
- MySQL + Flyway Migrations
- RSA 2048-bit Token Signing
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
KNOWN LIMITATIONS & EDGE CASES
- RSA keys regenerate on application restart (invalidates existing tokens)
- No rate limiting on authentication endpoints
- Refresh token rotation not implemented
- PKCE not enabled for public clients
- Security headers (HSTS, CSP) not configured
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SOURCE CODE
User Service (Auth Server): https://github.com/spa-raj/userservice
Product Service (Resource Server): https://github.com/spa-raj/productservice
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
RELATED TOPICS
OAuth 2.0, OpenID Connect, JWT, JSON Web Tokens, Spring Security, Microservices Authentication, Role-Based Access Control, RBAC, Authorization Server, Resource Server, API Security, Postman OAuth2
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
#OAuth2.0 #SpringBoot #JWT #Microservices #Java #SpringSecurity #APIAuthentication #RBAC
Видео Building Secure Microservices: OAuth2 + JWT Role-Based Access Control in Action канала Sparsh Raj
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
WHAT YOU'LL LEARN
- How to configure OAuth2 Authorization Code flow in Postman
- Understanding JWT structure and role claims
- Implementing @PreAuthorize for endpoint security
- How Resource Servers validate tokens via JWKS
- Handling 401 Unauthorized and 403 Forbidden responses
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ARCHITECTURE
User Service (Authorization Server)
- Issues JWT tokens with embedded role claims
- Exposes JWKS endpoint for public key distribution
- Handles OAuth2 flows: Authorization Code, Client Credentials, Refresh Token
Product Service (Resource Server)
- Validates JWTs using public keys from JWKS
- Enforces RBAC with Spring Security @PreAuthorize
- Protected endpoints for product and category management
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
TECH STACK
- Java 21
- Spring Boot 4.x
- Spring Authorization Server
- Spring Security (OAuth2 Resource Server)
- MySQL + Flyway Migrations
- RSA 2048-bit Token Signing
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
KNOWN LIMITATIONS & EDGE CASES
- RSA keys regenerate on application restart (invalidates existing tokens)
- No rate limiting on authentication endpoints
- Refresh token rotation not implemented
- PKCE not enabled for public clients
- Security headers (HSTS, CSP) not configured
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SOURCE CODE
User Service (Auth Server): https://github.com/spa-raj/userservice
Product Service (Resource Server): https://github.com/spa-raj/productservice
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
RELATED TOPICS
OAuth 2.0, OpenID Connect, JWT, JSON Web Tokens, Spring Security, Microservices Authentication, Role-Based Access Control, RBAC, Authorization Server, Resource Server, API Security, Postman OAuth2
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
#OAuth2.0 #SpringBoot #JWT #Microservices #Java #SpringSecurity #APIAuthentication #RBAC
Видео Building Secure Microservices: OAuth2 + JWT Role-Based Access Control in Action канала Sparsh Raj
Комментарии отсутствуют
Информация о видео
11 января 2026 г. 10:05:24
00:08:00
Другие видео канала
Key learnings from RAG to Agents and MCP workshop by @DataTalksClub for LLMZoomcamp
Study With Me | Lofi + Pomodoro | 12 Hour Stream
CartIQ: Real-Time AI E-Commerce Personalization | Confluent + Google Cloud
Study With Me | Lofi + Pomodoro | 2 Hour Stream | 10 min break | Trial
Study With Me | Lofi + Pomodoro | 10 Hour Stream | 60 min session | 10 min break
Study With Me | Lofi + Pomodoro | 11 Hour Stream | 60 mins focus | 10 mins break | 35 mins lunch
