In order to learn how to build the token-based security (authentication and authorization) in the application, I followed this tutorial to make some experiment.
The quick lab is using the dependency spring-cloud-starter-oauth2. Since it’s the all-in-one library including both authorization server and resource server, it keep the testing short and easy.
As the alternative, we can choose the Spring Security for RS and other open sourced authorization provider, e.g. Keycloak.
Next experiment will be how to add the billing or statistics features on the security system.
Tutorial About Spring Security + Keycloak
Tutorial About Spring Cloud Security