Role Based Access Control (RBAC) with Spring Boot and JWT

Using Spring Security’s inbuilt OAuth2 Resource Server, granted authorities and method security for role based access control

Image by Gerd Altmann from Pixabay

Overview

Around a year ago, I wrote about how to use Spring Boot’s inbuilt OAuth2 Resource Server to protect your SPA (single page app) backend REST APIs with JWT authentication. The proposed approach was stateless, scalable and extendable. In this article, we are going to extend it to introduce RBAC (Role Based Access Control). Before continuing this, you should read on how we introduced JWT authentication:

JWT Authentication With Spring Boot’s Inbuilt OAuth2 Resource Server

We will be reusing the same example code as the above article and do some modifications to introduce RBAC. The proposed approach reuses Spring Boot’s inbuilt OAuth2 Resource Server and introduces no custom code or filters.

This article uses the inbuilt features and best practices of Spring Boot and Spring Security in contrast to…