Spring Boot Web Server and Android App Security

Question

I am new to security and for the last few weeks I tried to learn as much as possible on my own.

For my experiment I have built a Spring Boot Server on localhost and connected it to an Android App, with the use of Retrofit.

I tried to learn how to get security for my server application and Android Client App. I found some usefull sources on Spring Boot OAuth2 with webjars and social login with Firebase Authentication.

But what I truly want is Multi-factor authentication and a secure connection between my Spring Boot Server App and Android App and Automatically log-out users after a few hours. I'm looking for a solution where all these things are implemented.

I really wanted Spring Boot to solve my problem, but I can't find anything useful for Spring Boot Authentication and an Android Client App.

Maybe I'm already on the right path, but my sources are running out. If somebody knows a good source, like a blog or book, or point me in the right direction on how to deal with security, it will be appreciated.

Answer 1

What you need is a complete authentication and authorization server. Spring provides you with set of tools to implement your server but it cannot automatically solve your problem.

You have two options:

1. Develop authentication and authorization server yourself using Spring or any other frameworks. You can also use out of the box solutions like Keycloak but you still need to write some code.

2. Use services like Firebase Authentication, which needs some development on mobile platform but you won't write any back-end code.