END-TO-END SECURITY MODELING IN MICROSERVICES ARCHITECTURES USING OAUTH2 AND JWT IN A SPRING BOOT ECOSYSTEM

Pokorny Lagger Bognar

END-TO-END SECURITY MODELING IN MICROSERVICES ARCHITECTURES USING OAUTH2 AND JWT IN A SPRING BOOT ECOSYSTEM

Authors

Pokorny Lagger Bognar

Backend Security Engineer, China.

Keywords:

Microservices Security, OAuth2, JWT, Spring Boot, API Gateway, Token Validation

Synopsis

Modern microservices architectures require robust security mechanisms that can scale seamlessly across services. This paper explores a comprehensive end-to-end security model using OAuth2 and JWT (JSON Web Tokens) within a Spring Boot ecosystem. We propose a layered model that supports fine-grained access control, token validation, and secure communication between distributed services. Integration with Spring Security simplifies enforcement, while OAuth2 provides industry-standard authorization flows.

References

[1] Siriwardena, P. (2019). Advanced API Security: OAuth 2.0 and Beyond. Apress.

[2] Dias, W., & Siriwardena, P. (2020). Microservices Security in Action. Manning Publications.

[3] Sasidharan, D. (2020). Full Stack Development with JHipster: Build Full Stack Applications Using Spring Boot and React. Packt Publishing.

[4] Kumar, T. V. (2016). Architectural Patterns for Security in Java Web Applications. Journal of Software Engineering and Applications, 9(11), 505–519.

[5] Preuveneers, D., & Joosen, W. (2019). Policy-driven secure service orchestration in multi-cloud environments. IEEE European Symposium on Security and Privacy Workshops, 301–310. https://doi.org/10.1109/EuroSPW.2019.00041

[6] Gummadi, V. P. K. (2020). API design and implementation: RAML and OpenAPI specification. Journal of Electrical Systems, 16(4). https://doi.org/10.52783/jes.9329

[7] Mousaid, H. (2020). Consent-aware OAuth2 model for healthcare microservices. International Journal of E-Health and Medical Communications, 11(4), 32–47.

[8] Santos, P. A. S. M. (2020). Secure Monitoring Framework for Microservices-Based Event-Driven Architectures. Master's Thesis, Polytechnic Institute of Porto.

[9] Chatterjee, A., & Prinz, A. (2020). Securing HL7 FHIR APIs Using JWT-Based Access Control. International Journal of Advanced Computer Science and Applications, 11(5), 88–94.

[10] Baladari, V. (2019). OAuth 2.0 and HTTPS: A Practical Security Framework for REST APIs. International Journal of Computer Applications, 177(29), 20–24.

[11] Gunasinghe, W. (2018). Secure Token Storage in Android HCE Applications Using Trusted Execution Environments. University of Colombo School of Computing (UCSC) Technical Report.