We developed a state of the art authorization server on top of Spring Security + Spring JWT + Spring oAuth 2.0. The server issues JWT tokens based on password grant_type which conforms to industry standards.
The JWT token contains claims as well as other application specific fields. The JSON containing the access token also contains the refresh token in order to keep the user signed-in to the system. The token is signed and securely decrypted by resource APIs. As of now there are multiple applications that use this authorization server in the ecosystem.
We provisioned ELK stack with FileBeat to aggregate the logs into ELK. Sophisticated GROK was created in order to capture the events of our choice. The customer now gets timely alerts in case of any critical error in the system
The system also provides useful insights into the user behavior and other critical analytics
- PAUL ANTHONY, Sales President - CIGNEX DATAMATICS