In one of my previous posts, I described the basic sample illustrating microservices security with Spring Security and OAuth2. You could read there how to create and use authorization and resource server, basic authentication, and bearer token with Spring Boot. Now, I would like to introduce a more advanced sample with SSO OAuth2 behind Zuul gateway. The architecture of the latest sample is rather similar to the previous sample like you can see in the picture below. The difference is in implementation details.

Requests to the microservices and an authorization server are proxied by the gateway. The first request is redirected to the login page. We need to authenticate. User authentication data is stored in the MySQL database. After login, there is also stored user HTTP session data using the Spring Session library. Then you should perform the next steps to obtain the OAuth2 authorization token by calling authorization server endpoints via a gateway. Finally, you can call a concrete microservice providing OAuth2 token as a bearer in the Authorization HTTP request header.

If you are interested in technical details of the presented solution you can read my article on DZone. There is also available sample application source code on GitHub.