Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GR8EU 2019 - Micronaut Security

GR8EU 2019 - Micronaut Security

Presentation at GR8Conf EU 2019 about the security options offered by Micronaut.

Sergio del Amo

May 28, 2019
Tweet

More Decks by Sergio del Amo

Other Decks in Programming

Transcript

  1. objectcomputing.com
    © 2018, Object Computing, Inc. (OCI). All rights reserved. No part of these notes may be reproduced, stored in a retrieval system, or
    transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior, written
    permission of Object Computing, Inc. (OCI)
    MICRONAUT SECURITY
    SERGIO DEL AMO

    View full-size slide

  2. © 2018, Object Computing, Inc. (OCI). All rights reserved.
    © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 2
    • MICRONAUT / GRAILS OCI TEAM
    • GUADALAJARA, SPAIN
    • CURATOR OF GROOVYCALAMARI.COM
    • PODCAST HOST OF PODCAST.GROOVYCALAMARI.COM
    • GREACH Conference organizer
    • @SDELAMO
    • HTTP://SERGIODELAMO.ES
    SERGIO DEL AMO

    View full-size slide

  3. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 3
    CONTROLLER EXAMPLE
    @Controller(“/books")
    public class BookController {
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  4. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 4
    INSTALLATION

    View full-size slide

  5. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 5
    SECURITY INSTALLATION
    dependencies {
    ...
    ..
    .
    annotationProcessor "io.micronaut:micronaut-security"
    compile "io.micronaut:micronaut-security"
    }
    build.gradle
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true

    View full-size slide

  6. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 6
    SECURED BY DEFAULT

    View full-size slide

  7. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 7
    Security Filter

    View full-size slide

  8. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 8
    ANONYMOUS ACCESS

    View full-size slide

  9. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 9
    @Secured IS_ANONYMOUS
    import io.micronaut.security.annotation.Secured;
    @Controller(“/books")
    public class BookController {
    @Secured(SecurityRule.IS_ANONYMOUS)
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  10. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 10
    @Secured IS_ANONYMOUS
    import io.micronaut.security.annotation.Secured;
    @Secured(SecurityRule.IS_ANONYMOUS)
    @Controller(“/books")
    public class BookController {
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  11. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 11
    JSR_250 annotations
    import javax.annotation.security.PermitAll;
    @Controller(“/books")
    public class BookController {
    @PermitAll
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  12. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 12
    INTERCEPT URL MAP
    src/main/java/example/micronaut/BookController.java
    @Controller(“/books")
    public class BookController {
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    intercept-url-map:
    -
    pattern: "/books"
    http-method: GET
    access:
    - isAnonymous()

    View full-size slide

  13. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 13
    INTERCEPT URL MAP for STATIC RESOURCES
    src/main/resources/application.yml
    micronaut:
    router:
    static-resources:
    default:
    enabled: true
    mapping: /static/**
    paths:
    - classpath: public
    security:
    enabled: true
    intercept-url-map:
    -
    pattern: "/static/logo.png"
    http-method: GET
    access:
    - isAnonymous()

    View full-size slide

  14. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 14
    BASIC AUTH

    View full-size slide

  15. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 15
    BASIC AUTH

    View full-size slide

  16. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 16
    Basic Auth

    View full-size slide

  17. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 17
    Basic Auth

    View full-size slide

  18. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 18
    BASIC AUTH
    import javax.inject.Singleton
    @Singleton
    public class ExampleAuthenticationProvider implements AuthenticationProvider {
    @Override
    public Publisher authenticate(AuthenticationRequest authenticationRequest) {
    if (authenticationRequest.getIdentity().equals("user") &&
    authenticationRequest.getSecret().equals("password"))) {
    UserDetails u = new UserDetails(authenticationRequest.getIdentity(),
    Arrays.asList("ROLE_USER"));
    return Flowable.just(u);
    }
    return Flowable.just(new AuthenticationFailed());
    }
    }
    $ curl - u name:password http://micronaut.example/books
    curl with basic auth

    View full-size slide

  19. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 19
    DELEGATING AUTHENTICATION PROVIDER

    View full-size slide

  20. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 20
    DELEGATION AUTHENTICATION PROVIDER

    View full-size slide

  21. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 21
    DELEGATING AUTHENTICATION PROVIDER
    import javax.inject.Singleton
    @CompileStatic
    @Singleton
    class UserFetcherService implements UserFetcher {
    protected final UserGormService userGormService
    UserFetcherService(UserGormService userGormService) {
    this.userGormService = userGormService
    }
    @Override
    Publisher findByUsername(String username) {
    UserState user = userGormService.findByUsername(username) as UserState
    (user ? Flowable.just(user) : Flowable.empty()) as Publisher
    }
    }
    implementation of UserFetcher

    View full-size slide

  22. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 22
    DELEGATING AUTHENTICATION PROVIDER
    package example.micronaut.services
    import io.micronaut.security.authentication.providers.AuthoritiesFetcher
    import io.reactivex.Flowable
    import org.reactivestreams.Publisher
    import javax.inject.Singleton
    @Singleton
    class AuthoritiesFetcherService implements AuthoritiesFetcher {
    protected final UserRoleGormService userRoleGormService
    AuthoritiesFetcherService(UserRoleGormService userRoleGormService) {
    this.userRoleGormService = userRoleGormService
    }
    @Override
    Publisher> findAuthoritiesByUsername(String username) {
    Flowable.just(userRoleGormService.findAllAuthoritiesByUsername(username))
    }
    }
    implementation of AuthoritiesFetcher

    View full-size slide

  23. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 23
    DELEGATING AUTHENTICATION PROVIDER
    import io.micronaut.security.authentication.providers.PasswordEncoder
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
    import javax.inject.Singleton
    @Singleton
    class BCryptPasswordEncoderService implements PasswordEncoder {
    org.springframework.security.crypto.password.PasswordEncoder delegate = new BCryptPasswordEncoder()
    String encode(String rawPassword) {
    return delegate.encode(rawPassword)
    }
    @Override
    boolean matches(String rawPassword, String encodedPassword) {
    return delegate.matches(rawPassword, encodedPassword)
    }
    }
    implementation of PasswordEncoder
    dependencies {
    ...
    compile “org.springframework.security:spring-security-crypto:5.2.5.RELEASE”
    }
    build.gradle

    View full-size slide

  24. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 24
    SESSION BASED AUTHENTICATION

    View full-size slide

  25. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 25
    Session Auth

    View full-size slide

  26. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 26
    SESSION AUTH
    dependencies {
    ...
    ..
    .
    annotationProcessor "io.micronaut:micronaut-security"
    compile "io.micronaut:micronaut-security-session"
    }
    build.gradle
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    session:
    enabled: true

    View full-size slide

  27. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 27
    SECURITY SESSION CLI INSTALLATION
    $ mn create-app my-app --features security-session
    MICRONAUT SECURITY SESSION

    View full-size slide

  28. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 28
    ENDPOINTS

    View full-size slide

  29. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 29
    LOGIN CONTROLLER
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    endpoints:
    login:
    enabled: true

    View full-size slide

  30. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 30
    LOGOUT CONTROLLER
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    endpoints:
    logout:
    enabled: true

    View full-size slide

  31. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 31
    AUTHENTICATION

    View full-size slide

  32. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 32
    @Secured IS_AUTHENTICATED
    import io.micronaut.security.annotation.Secured;
    @Controller(“/books")
    public class BookController {
    @Secured(SecurityRule.IS_AUTHENTICATED)
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  33. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 33
    @Secured IS_AUTHENTICATED
    import io.micronaut.security.annotation.Secured;
    @Secured(SecurityRule.IS_AUTHENTICATED)
    @Controller(“/books")
    public class BookController {
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  34. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 34
    AUTHORIZATION

    View full-size slide

  35. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 35
    AUTHORIZATION
    import io.micronaut.security.annotation.Secured;
    @Controller("/books")
    public class BookController {
    @Secured({"ROLE_ADMIN","ROLE_USER"})
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  36. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 36
    JSR_250 annotations
    import javax.annotation.security.RolesAllowed;
    @Controller("/books")
    public class BookController {
    @RolesAllowed({"ROLE_ADMIN","ROLE_USER"})
    @Get
    public List index() {
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  37. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 37
    RETRIEVE CURRENT USER

    View full-size slide

  38. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 38
    Retrieve the Authenticated User
    import io.micronaut.security.annotation.Secured;
    import java.security.Principal;
    import javax.annotation.Nullable;
    @Controller(“/books")
    public class BookController {
    @Secured(SecurityRule.IS_ANONYMOUS)
    @Get
    public List index(@Nullable Principal principal) {
    if (principal != null && principal.getName().equals("Harry Potter”)) {
    return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”));
    }
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  39. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 39
    Retrieve the Authenticated User
    import io.micronaut.security.annotation.Secured;
    import java.security.Principal;
    @Controller(“/books")
    public class BookController {
    @Secured(SecurityRule.IS_AUTHENTICATED)
    @Get
    public List index(Principal principal) {
    if (principal.getName().equals("Harry Potter”)) {
    return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”));
    }
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  40. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 40
    Retrieve the Authenticated User
    import io.micronaut.security.annotation.Secured;
    import io.micronaut.security.authentication.Authentication;
    @Controller(“/books")
    public class BookController {
    @Secured(SecurityRule.IS_AUTHENTICATED)
    @Get
    public List index(Authentication authentication) {
    if (authentication.getName().equals("Harry Potter”)) {
    return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”));
    }
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  41. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 41
    Retrieve the Authenticated User
    import io.micronaut.security.annotation.Secured;
    import io.micronaut.security.authentication.Authentication;
    @Controller("/books")
    public class BookController {
    private final SecurityService securityService;
    public BookController(SecurityService securityService) {
    this.securityService = securityService;
    }
    @Secured(SecurityRule.IS_AUTHENTICATED)
    @Get
    public List index() {
    if (securityService.getAuthentication().getName().equals(“Harry Potter”)) {
    return Arrays.asList(new Book("9781781102459", "Philosopher's Stone”));
    }
    return Arrays.asList(new Book("1491950358", "Building Microservices"),
    new Book("1680502395", "Release It!"),
    new Book("0321601912", "Continuous Delivery"));
    }
    }

    View full-size slide

  42. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 42
    LDAP

    View full-size slide

  43. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 43
    LDAP
    src/main/resources/application.yml
    micronaut:
    ..
    .
    security:
    ...
    ..
    ldap:
    default:
    enabled: true
    context:
    server: 'ldap://ldap.forumsys.com:389'
    managerDn: 'cn=read-only-admin,dc=example,dc=com'
    managerPassword: 'password'
    search:
    base: "dc=example,dc=com"
    groups:
    enabled: true
    base: "dc=example,dc=com"
    build.gradle
    dependencies {
    ...
    ..
    .
    annotationProcessor "io.micronaut:micronaut-security"
    compile "io.micronaut:micronaut-security"
    compile "io.micronaut.configuration:micronaut-security-ldap"
    }
    LDAP authentication in Micronaut supports
    configuration of one or more LDAP servers to
    autehtnicate with.
    Each server has it’s own settings and can be
    enabled or disabled

    View full-size slide

  44. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 44
    JWT

    View full-size slide

  45. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 45
    SECURITY JWT INSTALLATION
    dependencies {
    ...
    ..
    .
    annotationProcessor "io.micronaut:micronaut-security"
    compile "io.micronaut:micronaut-security-jwt"
    }
    build.gradle
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    token:
    jwt:
    enabled: true

    View full-size slide

  46. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 46
    SECURITY JWT CLI INSTALLATION
    $ mn create-app my-app --features security-jwt
    MICRONAUT SECURITY JWT

    View full-size slide

  47. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 47
    Bearer Token

    View full-size slide

  48. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 48
    Security Filter

    View full-size slide

  49. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 49
    LOGIN CONTROLLER JWT Bearer authentication

    View full-size slide

  50. © 2018, Object Computing, Inc. (OCI). objectcomputing.com 50
    COOKIE JWT

    View full-size slide

  51. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 51
    Security Filter

    View full-size slide

  52. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 52
    LOGIN CONTROLLER JWT Bearer authentication

    View full-size slide

  53. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 53
    JWT Signature Generation and Validation
    To enable a JWT signature in token generation, you need to have in your app a bean of type
    RSASignatureGeneratorConfiguration, ECSignatureGeneratorConfiguration, SecretSignatureConfiguration qualified
    with name generator.
    To verify signed JWT tokens, you need to have in your app a bean of type RSASignatureConfiguration,
    RSASignatureGeneratorConfiguration, ECSignatureGeneratorConfiguration, ECSignatureConfiguration, or
    SecretSignatureConfiguration.

    View full-size slide

  54. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 54
    JWT Configuration
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    token:
    jwt:
    enabled: true
    signatures:
    secret:
    generator:
    secret: pleaseChangeThisSecretForANewOne
    jws-algorithm: HS256

    View full-size slide

  55. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 55
    Claims Validation
    Bean Description
    ExpirationJwtClaimsValidator Validate JWT is not expired.
    SubjectNotNullJwtClaimsValidator Validate JWT subject claim is not null.
    io.micronaut.security.token.jwt.validator.GenericJwtClaimsValidator
    Provide your own!

    View full-size slide

  56. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 56
    RFRESH CONTROLLER
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    endpoints:
    oauth:
    enabled: true

    View full-size slide

  57. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 57
    JSON Web Key JWK
    A JSON Object that represents a cryptographic key. The members of the object represent properties of the key,
    including its value.
    {
    "kty":"EC",
    "crv":"P-256",
    "kid":"test-personal-node",
    "x":"kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo",
    "y":"PV7FUShMZ8Jg_kc2vjxgfwswEy26w_vWvVCHAGQ9tEQ"
    }

    View full-size slide

  58. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 58
    JWK Set
    A JSON object that represents a set of JWKs. The JSON object MUST
    have a "keys" member, which is an array of JWKs.
    {
    "keys": [
    {
    "kty":"EC",
    "crv":"P-256",
    "kid":"123",
    "x":"kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo",
    "y":"PV7FUShMZ8Jg_kc2vjxgfwswEy26w_vWvVCHAGQ9tEQ"
    }
    ]
    }

    View full-size slide

  59. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    endpoints:
    keys:
    enabled: true
    import com.nimbusds.jose.jwk.JWK;
    import io.micronaut.security.token.jwt.endpoints.JwkProvider;
    import javax.inject.Singleton;
    import java.text.ParseException;
    @Singleton
    class ExampleJwkProvider implements JwkProvider {
    @Override
    List retrieveJsonWebKeys() {
    try {
    return [JWK.parse('''
    {
    "kty":"EC",
    "crv":"P-256",
    "kid":"123",
    “x": "kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo",
    "y":"PV7FUShMZ8Jg_kc2vjxgfwswEy26w_vWvVCHAGQ9tEQ"
    }''')]
    } catch (ParseException e) {
    return [] as List
    }
    }
    }
    59
    KEYS CONTROLLER - Expose a JWK Set

    View full-size slide

  60. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 60
    KEYS CONTROLLER
    $ curl localhost:8080/keys
    {"keys":[{"kty":"EC","crv":"P-256","kid":"test-personal-
    node","x":"kdoE0JmUQra00UWJXHBwVvQetJ_L7vXt8nuXkaftKjo","y":"PV7FUShMZ8Jg_kc2vjx
    gfwswEy26w_vWvVCHAGQ9tEQ"}]}

    View full-size slide

  61. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 61
    REMOTE JWKS VALIDATION
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    token:
    jwt:
    enabled: true
    signatures:
    jwks:
    securityservice:
    url: "http://localhost:8081/keys"

    View full-size slide

  62. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 62
    SECURITY EVENTS

    View full-size slide

  63. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 63
    Security Events
    Event Name Description
    LoginFailedEvent Trigger when an unsuccessful login takes place.
    LoginSuccessfulEvent Trigger when a successful login takes place.
    LogoutEvent Triggered when the user logs out.
    TokenValidatedEvent Trigger when a token is validated.
    AccessTokenGeneratedEvent Trigger when a JWT access token is generated.
    RefreshTokenGeneratedEvent Trigger when a JWT refresh token is generated.
    @Singleton
    class LogoutFailedEventListener implements ApplicationEventListener {
    @Override
    void onApplicationEvent(LogoutEvent event) {
    println "received logout event"
    }
    }

    View full-size slide

  64. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 64
    TOKEN PROPAGATION

    View full-size slide

  65. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    token:
    jwt:
    enabled: true
    writer:
    header:
    enabled: true
    propagation:
    enabled: true
    service-id-regex: "recommendations|catalogue|inventory"
    65
    Token Propagation

    View full-size slide

  66. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 66
    MICRONAUT OAUTH 2
    https://micronaut-projects.github.io/micronaut-security/
    snapshot/guide/#oauth

    View full-size slide

  67. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 67
    OAUTH 2
    build.gradle
    dependencies {
    ...
    ..
    .
    annotationProcessor "io.micronaut:micronaut-security"
    compile "io.micronaut:micronaut-security"
    compile “io.micronaut.configuration:micronaut-oauth2:1.0.0.BUILD-SNAPSHOT"
    }

    View full-size slide

  68. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 68
    authorization code flow - OpenID Connect

    View full-size slide

  69. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com
    OpenID Connect 1.0 is a simple identity layer on top of the OAuth
    2.0 protocol. It allows Clients to verify the identity of the End-
    User based on the authentication performed by an Authorization
    Server , as well as to obtain basic profile information about the
    End-User in a interoperable and REST-like manner.
    69

    View full-size slide

  70. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 70

    View full-size slide

  71. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 71
    OAUTH 2

    View full-size slide

  72. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 72
    Open ID Connect Configuration
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    oauth2:
    enabled: true
    clients:
    cognito:
    client-secret: '${OAUTH_CLIENT_SECRET}'
    client-id: '${OAUTH_CLIENT_ID}'
    openid:
    issuer: 'https://cognito-idp.${AWS_REGION}.amazonaws.com/${COGNITO_POOL_ID}'

    View full-size slide

  73. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 73
    authorization code flow - Oauth 2.0

    View full-size slide

  74. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 74

    View full-size slide

  75. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 75
    Oauth Configuration
    src/main/resources/application.yml
    micronaut:
    security:
    enabled: true
    oauth2:
    enabled: true
    clients:
    github:
    client-id: <>
    client-secret: <>
    scopes:
    - user:email
    - read:user
    authorization:
    url: https://github.com/login/oauth/authorize
    token:
    url: https://github.com/login/oauth/access_token
    auth-method: client-secret-post

    View full-size slide

  76. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 76
    Grant type password

    View full-size slide

  77. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 77

    View full-size slide

  78. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 78

    View full-size slide

  79. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 79
    Oauth Configuration
    src/main/resources/application.yml
    micronaut:
    security:

    oauth2:

    clients:
    github:
    grant-type: password

    View full-size slide

  80. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 80
    Logout

    View full-size slide

  81. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 81

    View full-size slide

  82. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 82
    Oauth Configuration
    src/main/resources/application.yml
    micronaut:
    security:

    endpoints:
    logout:
    enabled: true
    get-allowed: true

    View full-size slide

  83. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 83
    SAMPLES

    View full-size slide

  84. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 84
    Micronaut Guides
    Guides
    Micronaut Basic Auth
    Session based Authentication
    Micronaut JWT Authentication
    Micronaut JWT Authentication with Cookies
    LDAP and Database authentication Providers
    Micronaut Token Propagation
    Secure a Micronaut app with Okta
    https://guides.micronaut.io/tags/security.html

    View full-size slide

  85. © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 85
    Questions?

    View full-size slide

  86. CONNECT WITH US
    1+ (314) 579-0066
    @objectcomputing
    objectcomputing.com
    © 2018, Object Computing, Inc. (OCI). All rights reserved. objectcomputing.com 86

    View full-size slide