Implementing Microservices Security Patterns and Protocols with Spring Security

The code can be found here: We were using the "s1p-2019" branch but the documentation is better on the "master" branch using UAA instead of keycloak. Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This session provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring Security. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, and TLS can be combined to make writing secure microservices easy. The session will focus on walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. The following patterns and their implementations will be demonstrated: Web SSO Login implementing OAuth2 resource servers implementing edge service gateways Token Exchange in a microservice call chain Token Relay in a microservice call chain