Implementing Microservices Security Patterns & Protocols with Spring Security
Joe Grandja at Spring I/O 2019
Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This talk provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring Security. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, TLS can be combined to make writing secure microservices easy.
A high-level explanation of the security standards and protocols will be provided along with demo/code walkthroughs showing how to apply the patterns and standards using Spring Security 5. The following patterns and their implementations will be demonstrated.
- Web SSO Login
- Implementing OAuth2 resource servers
- Implementing edge service gateways
- Token Exchange in a microservice call chain
- Token Relay in a microservice call chain
- Integration with OpenID Connect / OAuth2 servers
A high-level explanation of the security standards and protocols will be provided along with demo/code walkthroughs showing how to apply the patterns and standards using Spring Security 5. The following patterns and their implementations will be demonstrated.
- Web SSO Login
- Implementing OAuth2 resource servers
- Implementing edge service gateways
- Token Exchange in a microservice call chain
- Token Relay in a microservice call chain
- Integration with OpenID Connect / OAuth2 servers