You're reading from Spring Boot 3.0 Cookbook Proven recipes for building modern and robust Java web applications with Spring Boot

Product type Paperback

Published in Jul 2024

Publisher Packt

ISBN-13 9781835089491

Length 426 pages

Edition 1st Edition

Languages

Java

Tools

Spring

Concepts

Application Development

Author (1):

Mr. Felip Miguel Puig

View More author details

Table of Contents (16) Chapters

Preface

1. Part 1:Web Applications and Microservices FREE CHAPTER

2. Chapter 1: Building RESTful APIs

3. Chapter 2: Securing Spring Boot Applications with OAuth2

4. Chapter 3: Observability, Monitoring, and Application Management

5. Chapter 4: Spring Cloud

6. Part 2: Database Technologies

7. Chapter 5: Data Persistence and Relational Database Integration with Spring Data

8. Chapter 6: Data Persistence and NoSQL Database Integration with Spring Data

9. Part 3: Application Optimization

10. Chapter 7: Finding Bottlenecks and Optimizing Your Application

11. Chapter 8: Spring Reactive and Spring Cloud Stream

12. Part 4: Upgrading to Spring Boot 3 from Previous Versions

13. Chapter 9: Upgrading from Spring Boot 2.x to Spring Boot 3.0

14. Index

Why subscribe?

15. Other Books You May Enjoy

Protecting a RESTful API using OAuth2 with different scopes

In the previous recipe, we learned how to protect our application. In this recipe, we’ll learn how to apply more fine-grained security. We need to apply different levels of access to the application: one general form of read access for the consumers of our RESTful API and administrative access so that we can make changes to the data.

To apply different levels of access to the API, we’ll use the standard OAuth2 concept of scopes. In OAuth 2.0, scope is a parameter that’s used to specify the level of access and permissions that a client application is requesting from the user and the authorization server. It defines what actions or resources the client application is allowed to perform on behalf of the user. Scopes help ensure that users have control over which parts of their data and resources they grant access to, and they allow for fine-grained access control. In applications with user interaction...