concept Business Logic Server in category spring
appears as: Business Logic Server, The Business Logic Server

This is an excerpt from Manning's book Spring Security in Action MEAP V07.
Figure 11.1 The client calls the endpoints exposed by the Business Logic Server. To authenticate the user, the Business Logic Server uses the responsibility implemented by the Authentication Server. The Authentication Server keeps the users’ credentials in its database.
![]()
To call any endpoint on the Business Logic Server, the client has to follow three steps:
Authenticate with the username and the password by calling the /login endpoint on the Business Logic Server. The Business Logic Server sends a request for an OTP to the Authentication Server. After successful authentication, the authentication server sends a randomly generated OTP to the client via SMS (figure 11.2). This way of identifying the user is called multi-factor authentication (MFA), and it’s pretty common nowadays. We generally need the users to prove who they are both by using their credentials and other means, like the fact that they own a specific mobile device. Figure 11.2 The first authentication step consists of identifying the user using their username and password. The user sends their credentials, and the Authentication Server sends them back an OTP they can use for the second authentication step.
![]()
Once they have the code from the received SMS, the users can call the /login endpoint again with the username and the code. The Business Logic Server validates the code with the Authentication Server. If the code is valid, the client receives back a token that they can use to call any endpoint on the Business Logic Server (figure 11.3). In section 11.2, we talk in detail about what this token is, how we implement it, and why we use it. 11.3 In the second authentication step, the client has to send the code they’ve received through SMS message together with their username. The Business Logic Server calls the Authentication Server to validate the OTP. If the OTP is valid, the Business Logic Server issues a token back to the client. The client will use this token to call any other endpoint on the Business Logic Server.
![]()
Listing 11.12 The dependencies needed for the Business Logic Server
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> #A <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-api</artifactId> <version>0.11.1</version> </dependency> <dependency> #A <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-impl</artifactId> <version>0.11.1</version> <scope>runtime</scope> </dependency> <dependency> #A <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-jackson</artifactId> <version>0.11.1</version> <scope>runtime</scope> </dependency> <dependency> #B <groupId>jakarta.xml.bind</groupId> <artifactId>jakarta.xml.bind-api</artifactId> <version>2.3.2</version> </dependency> <dependency> #B <groupId>org.glassfish.jaxb</groupId> <artifactId>jaxb-runtime</artifactId> <version>2.3.2</version> </dependency>