Sessions
Look who's talking!
Microservices Authentication & Authorization with Spring Security [Workshop]
Andreas Falk - Novatec Consulting
Prerequisites: JDK 11 or higher, Java IDE, GIT, client tool to call a REST API (Curl, Postman, …)
A Microservice cloud architecture brings many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure, and efficient authentication and authorization scheme in a Microservices architecture.
The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).
In this workshop, we will use Spring Security to secure a Spring Boot Microservice using OAuth 2.0/2.1 and OIDC (basically what’s called a resource server). As part of this, we will also use new features of the latest version of Spring Security and the new Spring Authorization Server.
Attendees of this workshop can expect to learn about:
- The basics of OAuth 2.0, changes in upcoming OAuth 2.1 version, and OpenID Connect
- Authenticating a Microservice using JWT bearer tokens
- Authenticating a Microservice using Opaque bearer tokens with token introspection
- Authorization (for JWT and Opaque tokens)
- Bearer Token Propagation between Microservices
- Automated testing of Microservices authentication/authorization (JWT and Opaque tokens)
- Configuring and using the new Spring Authorization Server