This repository accompanies the blog post Securing a Spring Boot REST API with OAuth 2.0 Bearer Tokens. It demonstrates how to configure a Spring Boot application as an OAuth2 Resource Server, validating Bearer tokens issued by an external Authorization Server.
Before you begin, ensure you have the following:
- OAuth 2.0 Authorization Server (e.g. Keycloak) running and able to issue access tokens.
You have to adjust your application properties to point to your Authorization Server. In src/main/resources/application.yml replace https://... and TestLocoVote with your actual endpoint and realm.
If necessary, also adjust the jwk-set-uri.
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ${ISSUER_URI:https://.../realms/TestLocoVote}
jwk-set-uri: ${SET_URI:http://.../realms/TestLocoVote/protocol/openid-connect/certs}
Depending on your authorization server setup, you may also need to configure the resource-id used in your KeycloakAuthoritiesConverter:
spring:
jwt:
auth:
converter:
resource-id: loco-vote-test
./mvnw spring-boot:run
The application will start on http://localhost:8080 by default.
All endpoints are protected and require a valid Bearer token. Example request:
curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://localhost:8080/api/hello
Read the full walkthrough on my blog: Read the full walkthrough on my Securing a Spring Boot REST API with OAuth 2.0 Bearer Tokens.