Spring Security comes in handy by providing a powerful, secure and customizable authentication and authorization framework for Spring Boot microservices. Spring Security implements a Role Based Access Control (RBAC) model that can help mitigate some inherent Authentication and Authorization security challenges such as violation of the least privilege principle, insecure direct object references and unauthorized privilege escalation.
This repository contains source code for a simple implementation of Spring Security framework in Spring Boot. This can be deployed locally or accessed through the Heroku link https://springauthservice.herokuapp.com making use of the accompanied postman collection.
The application flow is as illustrated below for authentication, authorization and generation of refresh token.
- Clone the repository
- Open in the folder your IDE
- Edit the
src/main/resources/application.propertiesfile with you DB configuration- Run the application
- Test the API endpoints using the downloaded postman collection