Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GR8EU 2019 - Micronaut Security

Sergio del Amo
May 28, 2019
Programming
0
380

GR8EU 2019 - Micronaut Security

Presentation at GR8Conf EU 2019 about the security options offered by Micronaut.

Sergio del Amo

May 28, 2019
Tweet

More Decks by Sergio del Amo

See All by Sergio del Amo
Getting Started with the Micronaut Framework
sdelamo
0
60
Getting Started with the Micronaut Framework Brighton Kotlin user group
sdelamo
0
140
Micronaut Turbo - Return of the Monolith
sdelamo
0
480
ApacheCon 2020 Micronaut + Groovy
sdelamo
0
360
Taming your browser with Geb
sdelamo
0
76
What's new in Grails 4
sdelamo
0
1.9k
What’s new with Grails 4
sdelamo
2
330
Test de aceptación con Geb - Commit Conf 2018
sdelamo
0
140
Mapping a Tree with GORM and Grails
sdelamo
0
1.5k

Other Decks in Programming

See All in Programming
LLM生成文章の精度評価自動化とプロンプトチューニングの効率化について
layerx
PRO
2
190
【Kaigi on Rails 2024】YOUTRUST スポンサーLT
krpk1900
1
330
GitHub Actionsのキャッシュと手を挙げることの大切さとそれに必要なこと
satoshi256kbyte
5
430
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
110
CSC509 Lecture 12
javiergs
PRO
0
160
Remix on Hono on Cloudflare Workers
yusukebe
1
280
よくできたテンプレート言語として TypeScript + JSX を利用する試み / Using TypeScript + JSX outside of Web Frontend #TSKaigiKansai
izumin5210
6
1.7k
Contemporary Test Cases
maaretp
0
130
リアーキテクチャxDDD 1年間の取り組みと進化
hsawaji
1
220
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130
ヤプリ新卒SREの オンボーディング
masaki12
0
130
Outline View in SwiftUI
1024jp
1
320

Featured

See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
740
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Designing for humans not robots
tammielis
250
25k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Testing 201, or: Great Expectations
jmmastey
38
7.1k
BBQ
matthewcrist
85
9.3k
Faster Mobile Websites
deanohume
305
30k
Unsuck your backbone
ammeep
668
57k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410

Transcript

  1. objectcomputing.com © 2018, Object Computing, Inc. (OCI). All rights reserved.

    No part of these notes may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior, written permission of Object Computing, Inc. (OCI) MICRONAUT SECURITY SERGIO DEL AMO

  2. © 2018, Object Computing, Inc. (OCI). All rights reserved. ©

    2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 2 • MICRONAUT / GRAILS OCI TEAM • GUADALAJARA, SPAIN • CURATOR OF GROOVYCALAMARI.COM • PODCAST HOST OF PODCAST.GROOVYCALAMARI.COM • GREACH Conference organizer • @SDELAMO • HTTP://SERGIODELAMO.ES SERGIO DEL AMO

  3. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    3 CONTROLLER EXAMPLE @Controller(“/books") public class BookController { @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  4. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    4 INSTALLATION

  5. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    5 SECURITY INSTALLATION dependencies { ... .. . annotationProcessor "io.micronaut:micronaut-security" compile "io.micronaut:micronaut-security" } build.gradle src/main/resources/application.yml micronaut: security: enabled: true

  6. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 6 SECURED BY

    DEFAULT

  7. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    7 Security Filter

  8. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    8 ANONYMOUS ACCESS

  9. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    9 @Secured IS_ANONYMOUS import io.micronaut.security.annotation.Secured; @Controller(“/books") public class BookController { @Secured(SecurityRule.IS_ANONYMOUS) @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  10. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    10 @Secured IS_ANONYMOUS import io.micronaut.security.annotation.Secured; @Secured(SecurityRule.IS_ANONYMOUS) @Controller(“/books") public class BookController { @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  11. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    11 JSR_250 annotations import javax.annotation.security.PermitAll; @Controller(“/books") public class BookController { @PermitAll @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  12. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    12 INTERCEPT URL MAP src/main/java/example/micronaut/BookController.java @Controller(“/books") public class BookController { @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } } src/main/resources/application.yml micronaut: security: enabled: true intercept-url-map: - pattern: "/books" http-method: GET access: - isAnonymous()

  13. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    13 INTERCEPT URL MAP for STATIC RESOURCES src/main/resources/application.yml micronaut: router: static-resources: default: enabled: true mapping: /static/** paths: - classpath: public security: enabled: true intercept-url-map: - pattern: "/static/logo.png" http-method: GET access: - isAnonymous()

  14. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    14 BASIC AUTH

  15. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 15 BASIC AUTH

  16. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    16 Basic Auth

  17. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    17 Basic Auth

  18. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    18 BASIC AUTH import javax.inject.Singleton @Singleton public class ExampleAuthenticationProvider implements AuthenticationProvider { @Override public Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) { if (authenticationRequest.getIdentity().equals("user") && authenticationRequest.getSecret().equals("password"))) { UserDetails u = new UserDetails(authenticationRequest.getIdentity(), Arrays.asList("ROLE_USER")); return Flowable.just(u); } return Flowable.just(new AuthenticationFailed()); } } $ curl - u name:password http://micronaut.example/books curl with basic auth

  19. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    19 DELEGATING AUTHENTICATION PROVIDER

  20. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 20 DELEGATION AUTHENTICATION

    PROVIDER

  21. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    21 DELEGATING AUTHENTICATION PROVIDER import javax.inject.Singleton @CompileStatic @Singleton class UserFetcherService implements UserFetcher { protected final UserGormService userGormService UserFetcherService(UserGormService userGormService) { this.userGormService = userGormService } @Override Publisher<UserState> findByUsername(String username) { UserState user = userGormService.findByUsername(username) as UserState (user ? Flowable.just(user) : Flowable.empty()) as Publisher<UserState> } } implementation of UserFetcher

  22. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    22 DELEGATING AUTHENTICATION PROVIDER package example.micronaut.services import io.micronaut.security.authentication.providers.AuthoritiesFetcher import io.reactivex.Flowable import org.reactivestreams.Publisher import javax.inject.Singleton @Singleton class AuthoritiesFetcherService implements AuthoritiesFetcher { protected final UserRoleGormService userRoleGormService AuthoritiesFetcherService(UserRoleGormService userRoleGormService) { this.userRoleGormService = userRoleGormService } @Override Publisher<List<String>> findAuthoritiesByUsername(String username) { Flowable.just(userRoleGormService.findAllAuthoritiesByUsername(username)) } } implementation of AuthoritiesFetcher

  23. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    23 DELEGATING AUTHENTICATION PROVIDER import io.micronaut.security.authentication.providers.PasswordEncoder import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder import javax.inject.Singleton @Singleton class BCryptPasswordEncoderService implements PasswordEncoder { org.springframework.security.crypto.password.PasswordEncoder delegate = new BCryptPasswordEncoder() String encode(String rawPassword) { return delegate.encode(rawPassword) } @Override boolean matches(String rawPassword, String encodedPassword) { return delegate.matches(rawPassword, encodedPassword) } } implementation of PasswordEncoder dependencies { ... compile “org.springframework.security:spring-security-crypto:5.2.5.RELEASE” } build.gradle

  24. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    24 SESSION BASED AUTHENTICATION

  25. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 25 Session Auth

  26. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    26 SESSION AUTH dependencies { ... .. . annotationProcessor "io.micronaut:micronaut-security" compile "io.micronaut:micronaut-security-session" } build.gradle src/main/resources/application.yml micronaut: security: enabled: true session: enabled: true

  27. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    27 SECURITY SESSION CLI INSTALLATION $ mn create-app my-app --features security-session MICRONAUT SECURITY SESSION

  28. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    28 ENDPOINTS

  29. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    29 LOGIN CONTROLLER src/main/resources/application.yml micronaut: security: enabled: true endpoints: login: enabled: true

  30. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    30 LOGOUT CONTROLLER src/main/resources/application.yml micronaut: security: enabled: true endpoints: logout: enabled: true

  31. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    31 AUTHENTICATION

  32. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    32 @Secured IS_AUTHENTICATED import io.micronaut.security.annotation.Secured; @Controller(“/books") public class BookController { @Secured(SecurityRule.IS_AUTHENTICATED) @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  33. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    33 @Secured IS_AUTHENTICATED import io.micronaut.security.annotation.Secured; @Secured(SecurityRule.IS_AUTHENTICATED) @Controller(“/books") public class BookController { @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  34. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    34 AUTHORIZATION

  35. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    35 AUTHORIZATION import io.micronaut.security.annotation.Secured; @Controller("/books") public class BookController { @Secured({"ROLE_ADMIN","ROLE_USER"}) @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  36. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    36 JSR_250 annotations import javax.annotation.security.RolesAllowed; @Controller("/books") public class BookController { @RolesAllowed({"ROLE_ADMIN","ROLE_USER"}) @Get public List<Book> index() { return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  37. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    37 RETRIEVE CURRENT USER

  38. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    38 Retrieve the Authenticated User import io.micronaut.security.annotation.Secured; import java.security.Principal; import javax.annotation.Nullable; @Controller(“/books") public class BookController { @Secured(SecurityRule.IS_ANONYMOUS) @Get public List<Book> index(@Nullable Principal principal) { if (principal != null && principal.getName().equals("Harry Potter”)) { return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”)); } return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  39. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    39 Retrieve the Authenticated User import io.micronaut.security.annotation.Secured; import java.security.Principal; @Controller(“/books") public class BookController { @Secured(SecurityRule.IS_AUTHENTICATED) @Get public List<Book> index(Principal principal) { if (principal.getName().equals("Harry Potter”)) { return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”)); } return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  40. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    40 Retrieve the Authenticated User import io.micronaut.security.annotation.Secured; import io.micronaut.security.authentication.Authentication; @Controller(“/books") public class BookController { @Secured(SecurityRule.IS_AUTHENTICATED) @Get public List<Book> index(Authentication authentication) { if (authentication.getName().equals("Harry Potter”)) { return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”)); } return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  41. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    41 Retrieve the Authenticated User import io.micronaut.security.annotation.Secured; import io.micronaut.security.authentication.Authentication; @Controller("/books") public class BookController { private final SecurityService securityService; public BookController(SecurityService securityService) { this.securityService = securityService; } @Secured(SecurityRule.IS_AUTHENTICATED) @Get public List<Book> index() { if (securityService.getAuthentication().getName().equals(“Harry Potter”)) { return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”)); } return Arrays.asList(new Book("1491950358", "Building Microservices"), new Book("1680502395", "Release It!"), new Book("0321601912", "Continuous Delivery")); } }

  42. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    42 LDAP

  43. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    43 LDAP src/main/resources/application.yml micronaut: .. . security: ... .. ldap: default: enabled: true context: server: 'ldap://ldap.forumsys.com:389' managerDn: 'cn=read-only-admin,dc=example,dc=com' managerPassword: 'password' search: base: "dc=example,dc=com" groups: enabled: true base: "dc=example,dc=com" build.gradle dependencies { ... .. . annotationProcessor "io.micronaut:micronaut-security" compile "io.micronaut:micronaut-security" compile "io.micronaut.configuration:micronaut-security-ldap" } LDAP authentication in Micronaut supports configuration of one or more LDAP servers to autehtnicate with. Each server has it’s own settings and can be enabled or disabled

  44. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    44 JWT

  45. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    45 SECURITY JWT INSTALLATION dependencies { ... .. . annotationProcessor "io.micronaut:micronaut-security" compile "io.micronaut:micronaut-security-jwt" } build.gradle src/main/resources/application.yml micronaut: security: enabled: true token: jwt: enabled: true

  46. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    46 SECURITY JWT CLI INSTALLATION $ mn create-app my-app --features security-jwt MICRONAUT SECURITY JWT

  47. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 47 Bearer Token

  48. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    48 Security Filter

  49. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    49 LOGIN CONTROLLER JWT Bearer authentication

  50. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 50 COOKIE JWT

  51. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    51 Security Filter

  52. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    52 LOGIN CONTROLLER JWT Bearer authentication

  53. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    53 JWT Signature Generation and Validation To enable a JWT signature in token generation, you need to have in your app a bean of type RSASignatureGeneratorConfiguration, ECSignatureGeneratorConfiguration, SecretSignatureConfiguration qualified with name generator. To verify signed JWT tokens, you need to have in your app a bean of type RSASignatureConfiguration, RSASignatureGeneratorConfiguration, ECSignatureGeneratorConfiguration, ECSignatureConfiguration, or SecretSignatureConfiguration.

  54. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    54 JWT Configuration src/main/resources/application.yml micronaut: security: enabled: true token: jwt: enabled: true signatures: secret: generator: secret: pleaseChangeThisSecretForANewOne jws-algorithm: HS256

  55. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    55 Claims Validation Bean Description ExpirationJwtClaimsValidator Validate JWT is not expired. SubjectNotNullJwtClaimsValidator Validate JWT subject claim is not null. io.micronaut.security.token.jwt.validator.GenericJwtClaimsValidator Provide your own!

  56. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    56 RFRESH CONTROLLER src/main/resources/application.yml micronaut: security: enabled: true endpoints: oauth: enabled: true

  57. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    57 JSON Web Key JWK A JSON Object that represents a cryptographic key. The members of the object represent properties of the key, including its value. { "kty":"EC", "crv":"P-256", "kid":"test-personal-node", "x":"kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo", "y":"PV7FUShMZ8Jg_kc2vjxgfwswEy26w_vWvVCHAGQ9tEQ" }

  58. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    58 JWK Set A JSON object that represents a set of JWKs. The JSON object MUST have a "keys" member, which is an array of JWKs. { "keys": [ { "kty":"EC", "crv":"P-256", "kid":"123", "x":"kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo", "y":"PV7FUShMZ8Jg_kc2vjxgfwswEy26w_vWvVCHAGQ9tEQ" } ] }

  59. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    src/main/resources/application.yml micronaut: security: enabled: true endpoints: keys: enabled: true import com.nimbusds.jose.jwk.JWK; import io.micronaut.security.token.jwt.endpoints.JwkProvider; import javax.inject.Singleton; import java.text.ParseException; @Singleton class ExampleJwkProvider implements JwkProvider { @Override List<JWK> retrieveJsonWebKeys() { try { return [JWK.parse(''' { "kty":"EC", "crv":"P-256", "kid":"123", “x": "kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo", "y":"PV7FUShMZ8Jg_kc2vjxgfwswEy26w_vWvVCHAGQ9tEQ" }''')] } catch (ParseException e) { return [] as List<JWK> } } } 59 KEYS CONTROLLER - Expose a JWK Set

  60. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    60 KEYS CONTROLLER $ curl localhost:8080/keys {"keys":[{"kty":"EC","crv":"P-256","kid":"test-personal- node","x":"kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo","y":"PV7FUShMZ8Jg_kc2vjx gfwswEy26w_vWvVCHAGQ9tEQ"}]}

  61. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    61 REMOTE JWKS VALIDATION src/main/resources/application.yml micronaut: security: enabled: true token: jwt: enabled: true signatures: jwks: securityservice: url: "http://localhost:8081/keys"

  62. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    62 SECURITY EVENTS

  63. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    63 Security Events Event Name Description LoginFailedEvent Trigger when an unsuccessful login takes place. LoginSuccessfulEvent Trigger when a successful login takes place. LogoutEvent Triggered when the user logs out. TokenValidatedEvent Trigger when a token is validated. AccessTokenGeneratedEvent Trigger when a JWT access token is generated. RefreshTokenGeneratedEvent Trigger when a JWT refresh token is generated. @Singleton class LogoutFailedEventListener implements ApplicationEventListener<LogoutEvent> { @Override void onApplicationEvent(LogoutEvent event) { println "received logout event" } }

  64. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    64 TOKEN PROPAGATION

  65. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    src/main/resources/application.yml micronaut: security: enabled: true token: jwt: enabled: true writer: header: enabled: true propagation: enabled: true service-id-regex: "recommendations|catalogue|inventory" 65 Token Propagation

  66. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    66 MICRONAUT OAUTH 2 https://micronaut-projects.github.io/micronaut-security/ snapshot/guide/#oauth

  67. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    67 OAUTH 2 build.gradle dependencies { ... .. . annotationProcessor "io.micronaut:micronaut-security" compile "io.micronaut:micronaut-security" compile “io.micronaut.configuration:micronaut-oauth2:1.0.0.BUILD-SNAPSHOT" }

  68. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    68 authorization code flow - OpenID Connect

  69. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End- User based on the authentication performed by an Authorization Server , as well as to obtain basic profile information about the End-User in a interoperable and REST-like manner. 69

  70. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    70

  71. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    71 OAUTH 2

  72. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    72 Open ID Connect Configuration src/main/resources/application.yml micronaut: security: enabled: true oauth2: enabled: true clients: cognito: client-secret: '${OAUTH_CLIENT_SECRET}' client-id: '${OAUTH_CLIENT_ID}' openid: issuer: 'https://cognito-idp.${AWS_REGION}.amazonaws.com/${COGNITO_POOL_ID}'

  73. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    73 authorization code flow - Oauth 2.0

  74. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    74

  75. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    75 Oauth Configuration src/main/resources/application.yml micronaut: security: enabled: true oauth2: enabled: true clients: github: client-id: <<my client id>> client-secret: <<my client secret>> scopes: - user:email - read:user authorization: url: https://github.com/login/oauth/authorize token: url: https://github.com/login/oauth/access_token auth-method: client-secret-post

  76. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    76 Grant type password

  77. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    77

  78. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    78

  79. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    79 Oauth Configuration src/main/resources/application.yml micronaut: security: … oauth2: … clients: github: grant-type: password

  80. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    80 Logout

  81. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    81

  82. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    82 Oauth Configuration src/main/resources/application.yml micronaut: security: … endpoints: logout: enabled: true get-allowed: true

  83. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    83 SAMPLES

  84. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    84 Micronaut Guides Guides Micronaut Basic Auth Session based Authentication Micronaut JWT Authentication Micronaut JWT Authentication with Cookies LDAP and Database authentication Providers Micronaut Token Propagation Secure a Micronaut app with Okta https://guides.micronaut.io/tags/security.html

  85. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com

    85 Questions?

  86. CONNECT WITH US 1+ (314) 579-0066 @objectcomputing objectcomputing.com © 2018,

    Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 86