Please join us for a day of in-depth talk on how to secure, test, and deploy microservices. The talks will be delivered by lead developers from the Spring Security, Spring Cloud and Platform Architecture teams. The schedule for the day is below.
Tuesday May 1 2018
09:30 AM Registration Opens10:00 AM Microservice Security Patterns & Protocols 11:15 AM Break11:30 AM Next Generation OAuth Support with Spring Security 5.0 12:30 PM Lunch01:15 PM Spring Cloud Contract / Why Contract Tests Matter? 02:15 PM Break02:30 PM Spring Cloud Pipelines / Continuous Deployment of Your Application03:30 PM Wrap Up
Our speakers include Joe Grandja spring security core committer and Marcin Grzejszczak lead of Spring Cloud Contract, Spring Cloud Pipelines, and Spring Cloud Sleuth projects. Below are the detailed talk abstracts.
Microservices Security Patterns & ProtocolsBy Adib Saikali
This introductory talk introduces the patterns and protocols used to secure microservice based architectures. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenId Connect, and others can be combined to make writing secure microservices easy. Live demos will show these protocols and patterns in action.
Next Generation OAuth Support with Spring Security 5.0 by Joe Grandja spring security core comitter
Spring Security 5.0 introduced new support for the OAuth 2.0 Authorization Framework and OpenID Connect 1.0.
This talk will provide a detailed overview and demonstration of the new OAuth 2.0 Login feature, which provides an application with the capability to have users log in to the application by using their existing account at an OAuth 2.0 Provider (e.g. GitHub) or OpenID Connect 1.0 Provider (e.g. Google). This feature essentially realizes the use case “Login with Google” or “Login with Facebook” and is implemented by leveraging the Authorization Code Grant flow.
The main goal of this talk is to demonstrate the steps required to setup OAuth 2.0 Login for a Spring Boot 2.0 sample application. Additionally, the demo will also show you how to configure and map custom user authorities after each successful login, in order to enable fine-grained authorization rules in the security configuration.
Spring Cloud Contract / Why Contract Tests Matter?By Marcin Grzejszczak lead of Spring Cloud Contract, Spring Cloud Pipelines , and Spring Cloud Sleuth
You are writing integration tests, aren’t you? Have you ever needed to stub the HTTP or a messaging call? Have your tests passed? That’s awesome, but it doesn’t mean that your application is working fine or that your system will not break on end to end tests.
In this presentation you’ll see a system composing of two apps written from scratch. We’ll present the most frequent mistakes that take place during writing integration tests and we’ll show how you can use contract testing to fix those problems.
Spring Cloud Pipelines / Continuous Deployment of Your ApplicationBy Marcin Grzejszczak lead of Spring Cloud Contract, Spring Cloud Pipelines , and Spring Cloud Sleuth
“I have stopped counting how many times I’ve done this from scratch” - was one of the responses to the tweet about starting the project called Spring Cloud Pipelines. Every company sets up a pipeline to take code from your source control, through unit testing and integration testing, to production from scratch. Every company creates some sort of automation to deploy its applications to servers. Enough is enough - time to automate that and focus on delivering business value.
In this presentation we’ll go through the contents of the Spring Cloud Pipelines project. We’ll start a new project for which we’ll have a deployment pipeline set up in no time. We’ll deploy to Cloud Foundry (but we also could do it with Kubernetes) and check if our application is backwards compatible so that we can roll it back on production.
Marcin Grzejszczak is an open source contributor. Author of Mockito books and Applied Continuous Delivery course @ Safari. Lead of Spring Cloud Contract / Sleuth / Pipelines projects.
Joe Grandja has been building software for over 20 years in the role of Solution Architect, System Architect, Software Engineer and Consultant. His experience has been mainly focused in the Financial Services sector in the Toronto, Canada area.
Joe has successfully designed, built and delivered enterprise grade banking applications/platforms in the Personal/Commercial and Brokerage/Investing divisions. He has worked closely with the InfoSec teams within the banks to ensure security and regulatory compliance. In his current role, Joe is a core committer to the Spring Security framework. His main focus is in further developing support within the framework for OAuth 2.0, OpenID Connect 1.0, and the JOSE framework.