A video of my talk Implementing Microservices Security Patterns & Protocols with my friend Joe Grandja on Nov 13 2018 at Devoxx Belgium.

Abstract:

Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This deep dive provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, TLS can be combined to make writing secure microservices easy.

The deep dive will alternate between slides that explain the security standards and protocols and code walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. We will demonstrate the following patterns and their implementations.

• Web SSO Login
• Implementing OAuth2 resource servers
• Implementing edge service gateways
• Token Exchange in a microservice call chain
• Token Relay in a microservice call chain
• Integration with OpenID Connect / OAuth2 Servers
• Features of Spring Security 5.1 that make it easier to secure microservices

We assume no prior experience with security standards or Spring Security. However, we assume that you are comfortable reading Java code and web development.