Prairie.Code() Sessions tagged microservices

Securing Java Microservices with Java JWT

Abstract

Micah will take you on a token based journey. The talk covers what tokens are, looking at cryptographically signed tokens, using the JJWT library to create JWTs, mitigating CSRF attacks using JWTs and establishing trust between microservices using JWTs. Some slides and lots of code.

Description

"Microservices are awesome, but they're not free" - Les Hazlewood, CTO Stormpath

This is a popular talk that I gave during my motorcycle road trip up and down the east coast. While I work for Stormpath, there are no Stormpath dependencies in the code. It's an example that uses Spring Boot with Spring Security and the open-source JJWT.

In the first part of the talk, I introduce JWTs and their utility by replacing the default CSRF functionality in Spring Security with a custom one that uses JWT. It demonstrates how, in addition to doing a "dumb" equals match for the submitted token and the one on record, a JWT can be inspected for expiration. This makes it so that you can have a form, protected by CSRF, that must be submitted within a certain period of time.

In the second part of the talk, I have a Spring Boot microservices example. I run two instances of the example and demonstrate how they initially do not trust signed JWT messages between each other. I then discuss how to establish trust between these microservices (by registering the public keys of each with each other) and then show how they now will trust messages. Finally, I talk about and demonstrate a more modern approach to microservices using Kafka messaging as the backbone rather than HTTP.

Here's a blog post I wrote on the subject as well.

Speaker

Micah Silverman

Micah Silverman

Senior Developer Advocate, Okta

Micronaut For Simplifying Microservices On GCP

Google Cloud provides a powerful and highly scalable platform for delivering microservices and serverless applications, with a variety of tools to help developers make the most of the opportunities it offers. A new tool, the Micronaut framework, was designed from the ground up to simplify the architectural development and deployment of microservices, and it comes with built-in support for GCP services and hosting. In this session, we demonstrate in real time how to build a suite of lightweight microservices, wire them together in support of the intended architecture, and deploy the solution to GCP with minimal complexity and effort. Demonstrations will include deploying to Google App Engine Flex as well as the recently announced Google Cloud Run serverless environment.

Speaker

Jeff Scott Brown

Jeff Scott Brown

Partner, Grails and Micronaut Practice Lead , Object Computing, Inc.