Devoxx Belgium 2018
from Monday 12 November to Friday 16 November 2018.
Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth 2.0, OpenID Connect 1.0, and JOSE framework support in Spring Security 5.
Joe has over 20 years of industry experience in the role of Solution Architect, System Architect, Software Engineer and Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada area. He has successfully designed, built and delivered enterprise grade banking applications/platforms in the Personal/Commercial and Brokerage/Investing divisions. He has worked closely with the InfoSec teams within the banks to ensure security and regulatory compliance.
See also https://spring.io/team
Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This deep dive provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, TLS can be combined to make writing secure microservices easy.
The deep dive will alternate between slides that explain the security standards and protocols and code walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. We will demonstrate the following patterns and their implementations.
- Web SSO Login
- Implementing OAuth2 resource servers
- Implementing edge service gateways
- Token Exchange in a microservice call chain
- Token Relay in a microservice call chain
- Integration with OpenID Connect / OAuth2 Servers
- Features of Spring Security 5.1 that make it easier to secure microservices
We assume no prior experience with security standards or Spring Security. However, we assume that you are comfortable reading Java code and web development.