Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Prospecting the Security Landscape with Spring ...

Matt Raible
PRO
March 01, 2017
Technology
1
460

Prospecting the Security Landscape with Spring Boot, Zuul, and Stormpath - KCSUG 2017

Video: https://youtu.be/acnbD_zf7fo

Spring Boot has greatly simplified how to develop applications with Spring. Its auto-configuration and many starters has fostered a Spring renaissance that makes developing Spring apps fun again!

Stormpath's Spring Boot starter is one of the most sophisticated in the land! It works with and without Spring Security, providing standard authentication flows as well as sophisticated standards compliant authorization flows (e.g. OAuth2 and OpenID Connect). Stormpath also supports adding to a Zuul gateway to secure your microservices infrastructure. Stormpath has also recently released Juiser, which allows you to auto-create an authenticated user object from an X-Forwarded-User header.

Stormpath Evangelists, Micah Silverman and Matt Raible, demonstrate the wonders of Spring Boot and Stormpath's unique starter that provides an incredible amount of functionality.

Matt Raible
PRO

March 01, 2017
Tweet

More Decks by Matt Raible

See All by Matt Raible
Micro Frontends for Java Microservices - AgileLnL 2024
mraible
PRO
0
110
Micro Frontends for Java Microservices - dev2next 2024
mraible
PRO
0
260
Micro Frontends for Java Microservices - KCDC 2024
mraible
PRO
1
410
Reactive Java REST APIs, FTW? Virtual JUG 2024
mraible
PRO
0
940
Micro Frontends for Java Microservices - Utah JUG 2024
mraible
PRO
1
1.1k
Micro Frontends for Java Microservices - Devnexus 2024
mraible
PRO
0
1.2k
Comparing Native Java REST API Frameworks - jChampions Conference 2024
mraible
PRO
0
900
Comparing Native Java REST API Frameworks - Atlanta JUG 2024
mraible
PRO
1
350
Micro Frontends for Java Microservices - SF JUG 2023
mraible
PRO
1
410

Other Decks in Technology

See All in Technology
Continuous Integration! Raising the Bar
tdpauw
1
120
Microsoft 365と開発者ツールの 素敵な関係
kkamegawa
0
220
クラウドインフラ構築における.NETとその他IaCの比較
ymd65536
1
130
KotlinユーザのためのJSpecify入門 / JSpecify 101 for Kotlin Devs
eller86
0
120
次のコンテナセキュリティの時代 - User Namespace With a Pod / CloudNative Days Winter 2024
pfn
PRO
4
290
マルチプロダクトSaaSにおけるフェーズの違いや個人の強みを活かした組織づくり
plaidtech
PRO
0
100
『Firebase Dynamic Links終了に備える』 FlutterアプリでのAdjust導入とDeeplink最適化
techiro
1
300
RAMP2024
takeyukitamura
3
200
モバイルアプリ開発未経験者が プロダクト開発に携わるまでに取り組んだこと/nikkei-tech-talk-27-3
nikkei_engineer_recruiting
0
110
Will multimodal language processing change the world?
keio_smilab
PRO
0
120
プラットフォームエンジニアリングアーキテクチャ道場 on AWS & EKS Kubernetes / Platform Engineering Architecture Dojo
riita10069
6
8.7k
Next.jsとNuxtが混在? iframeでなんとかする!
ypresto
2
2.2k

Featured

See All Featured
Build your cross-platform service in a week with App Engine
jlugia
229
18k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
How to Ace a Technical Interview
jacobian
276
23k
The Invisible Side of Design
smashingmag
298
50k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Documentation Writing (for coders)
carmenintech
65
4.4k
Navigating Team Friction
lara
183
14k
Building Adaptive Systems
keathley
38
2.3k
Faster Mobile Websites
deanohume
305
30k
Designing for Performance
lara
604
68k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
140
Six Lessons from altMBA
skipperchong
27
3.5k

Transcript

  1. PROSPECTING THE SECURITY LANDSCAPE WITH SPRING BOOT, ZUUL, AND STORMPATH

    MICAH SILVERMAN / @AFITNERD MATT RAIBLE / @MRAIBLE
  2. None

  3. Stormpath User Management

  4. About You Have you implemented your own authentication? How long

    have you been using Spring? Have you heard of Stormpath? Have you heard of or tried Stormpath?

  5. Spring Boot Automatically configures Spring whenever possible Provides production-ready features

    such as metrics, health checks and externalized configuration Absolutely no code generation and no requirement for XML configuration Embeds Tomcat, Jetty or Undertow directly

  6. Spring Boot 1.5 Apache Kafka Support Cloud Foundry actuator extensions

    Spring Data Ingalls LDAP support Loggers endpoint Spring Security 4.2 Support

  7. SPRING INITIALIZR @ start.spring.io

  8. None

  9. Stormpath’s REST API

  10. Stormpath’s Java SDK

  11. API vs Implementation

  12. Stormpath Java SDK Stack

  13. Learn More

  14. Authentication Mechanisms Supported Username and Password Basic Authentication OAuth 2.0

    Client API Open ID Connect (Q2 2017) Multi-Factor Authentication
  15. None

  16. Signature Computation Pseudo-code encodeSecret = "4pE8z3PBoHjnV1AhvGk+e8h2p+ShZpOnpr8cwHmMh1w=" computeHMACSHA256( header + "."

    + payload, base64DecodeToByteArray(encodedSecret) )

  17. JWT Secret Anti-Patterns

  18. Short but not Sweet .signWith( SignatureAlgorithm.HS256, "secret".getBytes("UTF-8") )

  19. You’re Doing it Wrong String b64EncodedSecret = "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E="; .signWith( SignatureAlgorithm.HS256,

    b64EncodedSecret.getBytes("UTF-8") )

  20. Supersize that Secret! String b64EncodedSecret = "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E="; .signWith( SignatureAlgorithm.HS512, TextCodec.BASE64.decode(b64EncodedSecret)

    )

  21. Thanks! Micah Silverman & Matt Raible
 @afitnerd @mraible Stormpath Java

    SDK · Java JWT · Juiser Stormpath + Spring + Zuul + Juiser Example Spring Boot MFA Example Stormpath Microservices Screencast JWT Inspector