Microservices have become the hottest topic in software architecture over the past year, and much can be said about their benefits. But there are many challenges related to their security implementation and security context propagation over their components. This session addresses how to perform authentication and authorization inside a microservices architecture, covering technologies such as OAuth2, OpenID Connect, and JSON Web Token and use of Spring Cloud Security to integrate with a Spring and/or Java EE–based application platform.
5. REST APIs are vulnerable
● RESTful architecture doesn't define security procedures
● They are equally vulnerable as standard web apps
● There are many security vulnerabilities
○ Injection attacks
○ Replay attacks
○ Cross-site scripting
○ Denial of Service (DoS)
○ Man-in-the-middle
7. OAuth2
● Open standard protocol specification
● Enables applications to access each other’s data
without sharing credentials
● Avoid password issues
● Required for delegating access
○ Third party applications
○ For specified resource and limited time
○ Can be selectively be revoked