Implementing Microservices Security Patterns and Protocols with Spring Security

Показать описание

Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This session provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring Security. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, and TLS can be combined to make writing secure microservices easy.

The session will focus on walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. The following patterns and their implementations will be demonstrated:

Web SSO Login
implementing OAuth2 resource servers
implementing edge service gateways
Token Exchange in a microservice call chain
Token Relay in a microservice call chain
integration with OpenID Connect/OAuth2 Servers
features of Spring Security 5.1 that make it easier to secure microservices

Speakers: Joe Grandja, Spring Security Senior Engineer, Pivotal and Stephen Doxsee, Software Engineer, Simple Step Solutions
Filmed at SpringOne Platform 2019

Рекомендации по теме

Комментарии

thank you JOE
you make spring security easy for me, before i was heat it . but now, i see the full picture
thank you again .
go ahead

alishreef

43:00 Why is there no audience passed in the authorization request (and thus an empty aud claim inside the JWT)? Should that not be the respective resource server/microservice? That would be especially interesting to see since there are multiple microservices being called.

mathiasconradt

Hi @Springdeveloper, do you have complete course by this instructor? pls share if you have.

santhosh

Is the project in any way still reachable? The slides linked in the video description are down too.

stefa

Hello, I want to know if Is posible combine Spring Security with Azure Function, What I Want is secure my function using spring cloud and azure function and spring security. It could be posible ? Thanks you

joseantoniodavilaperez

I have a requirement to authenticate my rest endpoint using both okta and azure issuer url. Can anyone suggest how to implement this feature in spring security

BharathKumar-qqgc

where I can download the demo project? thank you

Brian_Long_Love_Guitar

Can the same resource be accessed with two different tenants? Can someone pls provide code for that . I am trying to access rest api using jwt generated
By okta and azure ad b2c

BharathKumar-qqgc

I'm looking for a way to perform service to service authorization between a client app and a secured (with Keycloak) Spring Cloud Config Server. However, the config server contains properties that my client needs at startup. I know I can use a spring.factories file and define a custom configuration at bootstrap. Can I use that custom configuration to get my client authorized so it can request config properties?

davidfay

Could you please share the Github code URL

ChinmayaDas

Somehow I'm missing something here. All the amount of configuration just to get a couple of micro services secured is daunting. What will I have to do when adding a new micro service? It almost looks like I will have to do a new set of configuration here. So with say 500 micro services this is going to be a config nightmare. Surely this is not the way production security will have to be configured? If so, then Spring is loosing the plot

kappaj

Implementing Microservices Security Patterns and Protocols with Spring Security

Implementing Microservices Security Patterns and Protocols with Spring Security

Implementing Microservices Security Patterns & Protocols by Joe Grandja, Adib Saikali

Implementing Microservices Security Patterns & Protocols with Spring Security by Joe Grandja

Implementing Microservices Security Patterns & Protocols with Spring Security 5

Microservices Security Patterns & Best Practices || Microservices Architecture

Microservices Security Architecture (+ Cybersecurity basics)

Microservices Security | Best Practices To Secure Microservices | Edureka

Microservices Authentication/Authorization architectural pattern

Microservices Security Patterns & Protocols with Spring & PCF

Authentication & Authorisation in Microservices Short

What Are Microservices Really All About? (And When Not To Use It)

Microservices Explained in 5 Minutes

Microservices Security Using JWT | Spring Cloud Gateway | JavaTechie

Microservices March Lab 3: Microservices Security Pattern

Securing #microservices using #apigateway | #authentication & #authorisation in #microservices

Microservices in 1 Minute

Microservices Security Pattern in Kubernetes (East-West Traffic)

Microservices Security with Spring

Microservices Skills: Microservices Security Fundamentals Course Preview

Implementing Security in Microservices Architecture on AWS - Course Overview

Patterns and techniques for securing Microservices

Spring Cloud API Gateway | JWT Security | Pass UserDetails to Microservices | JavaTechie

AWS Microservices Architecture Best Practices | Microservices Design Patterns

Security And Microservices - Sam Newman