Implementing Microservices Security Patterns and Protocols with Spring Security

Sdílet
Vložit
  • čas přidán 15. 10. 2019
  • Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This session provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring Security. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, and TLS can be combined to make writing secure microservices easy.
    The session will focus on walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. The following patterns and their implementations will be demonstrated:
    Web SSO Login
    implementing OAuth2 resource servers
    implementing edge service gateways
    Token Exchange in a microservice call chain
    Token Relay in a microservice call chain
    integration with OpenID Connect/OAuth2 Servers
    features of Spring Security 5.1 that make it easier to secure microservices
    Speakers: Joe Grandja, Spring Security Senior Engineer, Pivotal and Stephen Doxsee, Software Engineer, Simple Step Solutions
    Filmed at SpringOne Platform 2019
    Slides: www.slideshare.net/SpringCent...
  • Věda a technologie

Komentáře • 18

  • @alishreef6249
    @alishreef6249 Před 4 lety +8

    thank you JOE
    you make spring security easy for me , before i was heat it . but now , i see the full picture
    thank you again .
    go ahead

    • @sdoxsee
      @sdoxsee Před 4 lety +4

      Glad you found the talk helpful, Ali!

  • @mathiasconradt
    @mathiasconradt Před 3 lety +3

    43:00 Why is there no audience passed in the authorization request (and thus an empty aud claim inside the JWT)? Should that not be the respective resource server/microservice? That would be especially interesting to see since there are multiple microservices being called.

  • @davidfay843
    @davidfay843 Před 4 lety

    I'm looking for a way to perform service to service authorization between a client app and a secured (with Keycloak) Spring Cloud Config Server. However, the config server contains properties that my client needs at startup. I know I can use a spring.factories file and define a custom configuration at bootstrap. Can I use that custom configuration to get my client authorized so it can request config properties?

  • @BharathKumar-qq7gc
    @BharathKumar-qq7gc Před 3 lety

    I have a requirement to authenticate my rest endpoint using both okta and azure issuer url. Can anyone suggest how to implement this feature in spring security

  • @BharathKumar-qq7gc
    @BharathKumar-qq7gc Před 3 lety

    Can the same resource be accessed with two different tenants? Can someone pls provide code for that . I am trying to access rest api using jwt generated
    By okta and azure ad b2c

  • @Brian_Long_Love_Guitar
    @Brian_Long_Love_Guitar Před 3 lety

    where I can download the demo project? thank you

  • @santhosh285
    @santhosh285 Před rokem

    Hi @Springdeveloper, do you have complete course by this instructor? pls share if you have.

  • @joseantoniodavilaperez4954
    @joseantoniodavilaperez4954 Před 2 lety

    Hello, I want to know if Is posible combine Spring Security with Azure Function, What I Want is secure my function using spring cloud and azure function and spring security. It could be posible ? Thanks you

  • @stefa168
    @stefa168 Před 2 lety

    Is the project in any way still reachable? The slides linked in the video description are down too.

  • @hoangtuan4592
    @hoangtuan4592 Před 2 lety

    Could you share your repository?

  • @abrahamstalin
    @abrahamstalin Před 4 lety +2

    github project?

  • @ChinmayaDas
    @ChinmayaDas Před 4 lety +1

    Could you please share the Github code URL

    • @sdoxsee
      @sdoxsee Před 4 lety +11

      Hey Chinmaya, the code can be found here: github.com/jgrandja/oauth2-protocol-patterns We were using the "s1p-2019" branch but the documentation is better on the "master" branch using UAA instead of keycloak.

  • @kappaj01
    @kappaj01 Před 4 lety

    Somehow I'm missing something here. All the amount of configuration just to get a couple of micro services secured is daunting. What will I have to do when adding a new micro service? It almost looks like I will have to do a new set of configuration here. So with say 500 micro services this is going to be a config nightmare. Surely this is not the way production security will have to be configured? If so, then Spring is loosing the plot bigtime.....

    • @sdoxsee
      @sdoxsee Před 4 lety +1

      Hi Andre. Thanks for your comments and questions. I share your desire for a GREAT developer experience. As a user of spring security/boot, I've found the configuration to be quite minimal (e.g. vanilla resource server = dependency + jwk-set-uri property). The demo was intentionally more complex to help people with scenarios that go beyond "hello world". If there's a particular configuration that you find excessive, please share your suggestions by creating an issue on spring-security's github repo. Also, give me a shout and I'd be happy to discuss your situation! simplestep.ca/contact or twitter.com/doxsees. Cheers!

    • @kappaj01
      @kappaj01 Před 4 lety +2

      Thank you Stephen - still busy working through the video to try and get a proper understanding. Appreciate the feedback.
      I always try my best to get the full env running without going to github so that I understand what is being said.

  • @RamKumar-rg3gr
    @RamKumar-rg3gr Před 3 lety +1

    may be corona

Další v pořadí
Automatické přehrávání
Spring Cloud Gateway for Stateless Microservice Authorization36:32Spring Cloud Gateway for Stateless Microservice Authorization
Spring Cloud Gateway for Stateless Microservice AuthorizationSpringDeveloper
zhlédnutí 42K
Best Practices to Spring to Kubernetes Easier and Faster1:07:42Best Practices to Spring to Kubernetes Easier and Faster
Best Practices to Spring to Kubernetes Easier and FasterSpringDeveloper
zhlédnutí 23K
Event Driven with Spring1:07:17Event Driven with Spring
Event Driven with SpringSpringDeveloper
zhlédnutí 59K
Looks realistic #tiktok00:22Looks realistic #tiktok
Looks realistic #tiktokАнастасия Тарасова
zhlédnutí 81M
JAKOU PRÁCI DĚLÁ IKON A SÉGRA ?! 😂 #shorts00:23JAKOU PRÁCI DĚLÁ IKON A SÉGRA ?! 😂 #shorts
JAKOU PRÁCI DĚLÁ IKON A SÉGRA ?! 😂 #shortsIkonova Videa
zhlédnutí 390K
KLASICKEJ RELOAD MÓD...😂00:12KLASICKEJ RELOAD MÓD...😂
KLASICKEJ RELOAD MÓD...😂AlkanShorts
zhlédnutí 39K
IKON A SÉGRA HODNOTÍ SVŮJ ROK ?! 😲 #shorts00:30IKON A SÉGRA HODNOTÍ SVŮJ ROK ?! 😲 #shorts
IKON A SÉGRA HODNOTÍ SVŮJ ROK ?! 😲 #shortsIkonova Videa
zhlédnutí 226K
Explain it to Me Like I’m 5: Oauth2 and OpenID47:50Explain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenIDSpringDeveloper
zhlédnutí 69K
Security Patterns for Microservice Architectures40:30Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSpringDeveloper
zhlédnutí 24K
How to Get Productive with Spring Boot1:03:56How to Get Productive with Spring Boot
How to Get Productive with Spring BootSpringDeveloper
zhlédnutí 18K
Spring Security Patterns54:26Spring Security Patterns
Spring Security PatternsSpringDeveloper
zhlédnutí 28K
Event-Driven Architectures for Spring Developers1:09:45Event-Driven Architectures for Spring Developers
Event-Driven Architectures for Spring DevelopersSpringDeveloper
zhlédnutí 38K
Reactive Spring Security 5.1 by Example1:08:47Reactive Spring Security 5.1 by Example
Reactive Spring Security 5.1 by ExampleSpringDeveloper
zhlédnutí 27K
Multi-tenancy OAuth with Spring Security 5.21:11:23Multi-tenancy OAuth with Spring Security 5.2
Multi-tenancy OAuth with Spring Security 5.2SpringDeveloper
zhlédnutí 30K
Securing OAuth 2.0 Resources in Spring Security 5.01:11:14Securing OAuth 2.0 Resources in Spring Security 5.0
Securing OAuth 2.0 Resources in Spring Security 5.0SpringDeveloper
zhlédnutí 50K
Getting Started with Spring Authorization Server54:21Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerSpringDeveloper
zhlédnutí 40K
#phonescreenprotector #tempered #smartphone #temperedglass #cellphone #goodthing #mobilephone #tech01:00#phonescreenprotector #tempered #smartphone #temperedglass #cellphone #goodthing #mobilephone #tech
#phonescreenprotector #tempered #smartphone #temperedglass #cellphone #goodthing #mobilephone #techMagicJohn
zhlédnutí 15M
WATERPROOF RATED IP-69🌧️#oppo #oppof27pro#oppoindia00:10WATERPROOF RATED IP-69🌧️#oppo #oppof27pro#oppoindia
WATERPROOF RATED IP-69🌧️#oppo #oppof27pro#oppoindiaFivestar Mobile
zhlédnutí 17M
$1 vs $100,000 Slow Motion Camera!00:44$1 vs $100,000 Slow Motion Camera!
$1 vs $100,000 Slow Motion Camera!Hafu Go
zhlédnutí 2M
Why 3D Printing Struggles with Curved Surfaces #3dprinting01:00Why 3D Printing Struggles with Curved Surfaces #3dprinting
Why 3D Printing Struggles with Curved Surfaces #3dprintingSlant 3D
zhlédnutí 2M
Урна с айфонами!00:30Урна с айфонами!
Урна с айфонами!По ту сторону Гугла
zhlédnutí 8M
Lenovo Legion Gaming #PC won't stop beeping! (RAM fix and dust cleaning) #tech #technology #shorts01:00Lenovo Legion Gaming #PC won't stop beeping! (RAM fix and dust cleaning) #tech #technology #shorts
Lenovo Legion Gaming #PC won't stop beeping! (RAM fix and dust cleaning) #tech #technology #shortsSalem Techsperts
zhlédnutí 6M
Deep Cleaning and Fixing The DIRTIEST IPad 🤢🤮 #shorts #apple #ipad01:01Deep Cleaning and Fixing The DIRTIEST IPad 🤢🤮 #shorts #apple #ipad
Deep Cleaning and Fixing The DIRTIEST IPad 🤢🤮 #shorts #apple #ipadMONEY TALKS WIRELESS
zhlédnutí 5M
Hisense Official Flagship Store Hisense is the champion What is going on?00:11Hisense Official Flagship Store Hisense is the champion What is going on?
Hisense Official Flagship Store Hisense is the champion What is going on?Special Effects Funny 44
zhlédnutí 2,9M