Look who's talking!

Andreas Falk

Microservices Authentication & Authorization with Spring Security [Workshop]

Andreas Falk - Novatec Consulting

Prerequisites: JDK 8 or higher, Java IDE, GIT, client tool to call a REST API (Curl, Postman, …)

A Microservice cloud architecture brings many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in a Microservices architecture.

The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).

In this workshop, we will use Spring Security to secure a Spring Boot Microservice using OAuth 2.0 and OIDC (basically what’s called a resource server). As part of this, we will also use new features of the latest version of Spring Security.

Attendees of this workshop can expect to learn about:

- The basics of OAuth 2.0 and OpenID Connect
- Authenticating a Microservice using JWT bearer tokens
- Authenticating a Microservice using Opaque bearer tokens with token introspection
- Authorization (for JWT and Opaque tokens)
- Bearer Token Propagation between Microservices
- Automated testing of Microservices authentication/authorization (JWT and Opaque tokens)

View all Sessions