Explore a comprehensive conference talk on implementing microservices security patterns and protocols using industry-standard technologies and Spring Security 5.1. Delve into essential concepts such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, and TLS, learning how to combine these standards for robust microservices security. Gain practical insights through alternating explanations and code walkthroughs, covering topics like Web SSO Login, OAuth2 resource servers, edge service gateways, token exchange and relay in microservice call chains, and integration with OpenID Connect/OAuth2 servers. Suitable for developers comfortable with Java and web development, this talk provides a holistic view of securing microservices, even without prior security experience.
Implementing Microservices Security Patterns & Protocols
Overview
Syllabus
Introduction
Audience Survey
OpenID Connect Server
Configuring the Client
Configuring the Application
Demo
Hands Up
Go Under the Hood
JSON What Algorithm
IANA Registry
Why use IANA Registry
JSON Web Key
JSON Web Signature
Verifying JSON Web Signature
Web Encryption
JSON Web Token
OAuth
OAuth Concepts
Client Credentials
Implicit Grant
Authorization Code Grant
Access Token
Open ID Connect
Taught by
Devoxx
Related Courses
-
Implementing Microservices Security Patterns & Protocols with Spring Security
-
Don't Lose Sleep, Secure Your REST
-
One Does Not Simply Log In - SSO for Web APIs
-
Common Mistakes and Misconceptions in Web App Security Using OAuth 2.0 and OpenID Connect
-
Three Profiles of OAuth2 for Identity and Access Management - 2016
-
OpenId Connect and JSON Web Token Security in Quarkus
