Is this microservice architecture possible with Spring Framework?

Question

I am using Spring Boot and want to architecture my multiple applications to use only one microservice that will be used for security purposes only.

Is this way of doing things possible? And if yes, does spring security has any settings to use third-party spring-security services?

I have:

• 1 backend that talks with the other backends and can use the security microservice

  • can use security microservice features (such as verify/create tokens)

  • can ask for the list of users using the backend2 service

• 1 backend that talks with the other backedns and can use the security microservice and the database

  • can use security microservice features (such as verify/create tokens)

  • can query database

• 1 security microservice that talks to whoever calls him and has a valid token

  • will authenticate tokens of whoever is calling the service before doing any work

  • can verify/create/invalidate tokens in demand

• 1 database

  • is a database

see below diagram for explained workflow and what I want to accomplish

numbers are order of calls

left is authenticated workflow, right is not authenticated

Answer 1

Yes, it is possible in Spring Security. You can create a microservice as an authorization server and other services as resource servers. To create resource servers this will be helpful. For the Authorization server, you can configure spring service as an authorization server or you can also use third-party SSO like Keycloak or Okta. To configure the spring service as an authorization server you can leverage the spring-boot-starter-oauth2-authorization-server library. This Getting Started guide will be helpful for configuring it.