Implementing Microservices Security Patterns & Protocols by Joe Grandja, Adib Saikali

Subscribe to Devoxx on YouTube @ https://bit.ly/devoxx-youtube Like Devoxx on Facebook @ https://www.facebook.com/devoxxcom Follow Devoxx on Twitter @ https://twitter.com/devoxx Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This deep dive provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, TLS can be combined to make writing secure microservices easy. The deep dive will alternate between slides that explain the security standards and protocols and code walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. We will demonstrate the following patterns and their implementations. Web SSO Login Implementing OAuth2 resource servers Implementing edge service gateways Token Exchange in a microservice call chain Token Relay in a microservice call chain Integration with OpenID Connect / OAuth2 Servers Features of Spring Security 5.1 that make it easier to secure microservices We assume no prior experience with security standards or Spring Security. However, we assume that you are comfortable reading Java code and web development. Joe Grandja From Pivotal Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth 2.0, OpenID Connect 1.0, and JOSE framework support in Spring Security 5. Joe has over 20 years of industry experience in the role of Solution Architect, System Architect, Software Engineer and Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada area. He has successfully designed, built and delivered enterprise grade banking applications/platforms in the Personal/Commercial and Brokerage/Investing divisions. He has worked closely with the InfoSec teams within the banks to ensure security and regulatory compliance. Adib Saikali From Pivotal Adib Saikali is passionate about technology and entrepreneurship from assembly to JavaScript from cold calling to pitching venture capitalists. He’s been responsible for architecting and implementing security in a variety of applications. Adib is an Advisory Platform Architect at Pivotal helping customers build cloud native applications using Spring Cloud, Cloud Foundry, and Kubernetes. Adib is a co-organizer of the Toronto Java User Group and Toronto Cloud Foundry Meetup.