Below are some Spring annotations used in securing a microservice architecture with OAuth2. Such architecture would likely have:
- a Gateway (for example Zuul serving as a single point of entry and proxy to the disparate microservices)
- an Auth Server (using Spring Security OAuth)
- a collection of Microservices (OAuth resources)
- @EnableAuthorizationServer - enables app to act as an Auth server in the OAuth flow (auth-server)
- @EnableOAuth2Sso - redirects to user to Auth server for login (gateway)
- @EnableZuulProxy - passes OAuth2 token to downstream services behind a Zuul proxy (gateway)
- @EnableResourceServer - expects an auth token to be provided in request (microservices)