Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This session provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring Security. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, and TLS can be combined to make writing secure microservices easy.
The session will focus on walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. The following patterns and their implementations will be demonstrated:
Web SSO Login
implementing OAuth2 resource servers
implementing edge service gateways
Token Exchange in a microservice call chain
Token Relay in a microservice call chain
integration with OpenID Connect/OAuth2 Servers
features of Spring Security 5.1 that make it easier to secure microservices
Speakers: Joe Grandja, Spring Security Senior Engineer, Pivotal and Stephen Doxsee, Software Engineer, Simple Step Solutions
Filmed at SpringOne Platform 2019
Slides: https://www.slideshare.net/SpringCentral/implementing-microservices-security-patterns-protocols-with-spring-security