SlideShare a Scribd company logo

Stateless Microservice Security via JWT and MicroProfile - Mexico

Otávio Santana, profile picture
Otávio Santana

The document discusses security options for stateless microservices, focusing on JWT and OAuth 2.0 as alternatives to basic authentication. It highlights the challenges of basic auth and introduces the structure and functionality of OAuth 2.0, including password grants and token management. Additionally, it explains how JSON Web Tokens (JWT) improve security through encoding and signing mechanisms.

Technology
1 of 80
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
ODCTour18LAD #RESTSecurity @otaviojava @tomitribe Stateless Microservice Security via JWT and MicroProfile ∙ Otávio Santana @otaviojava ∙ Tomitribe
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Otávio Santana ∙Senior Software Engineer at Tomitribe ∙Java Champion & Developer Champion ∙Duke’s Choice Award 2016 y 2017 ∙Apache and Eclipse Commiter
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD “Lo mejor de los standares es que terminas teniendo muchas opciones por escoger.” - Andrew S. Tanenbaum
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD “Lo mejor de los standares es que terminas teniendo muchas opciones por escogerThe nice thing about standards is you have so many to choose from.” - Andrew S. Tanenbaum
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Opciones de seguridad para Microservicios ● Más allá de Basic Auth ● Teoría de OAuth 2.0 ● Introducción a JWT ● Eclipse Microprofile ● Demo
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Línea Base 1000 usuarios x 3 TPS 4 saltos 3000 TPS frontend 12000 TPS backend
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Basic Auth (y sus problemas)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje en Basic Auth POST /painter/color/object HTTP/1.1 Host: localhost:8443 Authorization: Basic c25vb3B5OnBhc3M= User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 45 {"color":{"b":255,"g":0,"name":"blue","r":0}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Basic Auth Password Sent 3000 TPS (HTTP+SSL) username+password Base64 (no auth) (LDAP) 12000 TPS (HTTP) 3000 TPS
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Basic Auth Password Sent 3000 TPS (HTTP+SSL) username+password Base64 username+password Base64 15000 TPS (LDAP) Password Sent 12000 TPS (HTTP)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Basic Auth Password Sent 3000 TPS (HTTP+SSL) username+password Base64 Lista Blanca de IP 3000 TPS (LDAP) 12000 TPS (HTTP)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD “Dame toda la información del salario de José.” “No se quien eres, … pero por supuesto!”
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Ataque de fuerza bruta: Basic Auth Password válidos 3000 TPS (HTTP+SSL) Lista Blanca IP 9000 TPS (LDAP) 12000 TPS (HTTP) Passwords inválidos 6000 TPS (HTTP+SSL)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2.0 (y sus problemas)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 - Password Grant (LDAP) (Repositorio de Token) Verificación de Password Generación de Token Post /oauth2/token Host: api.superbliz.io User-Agent: curl/7.43.0 Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grand_type=password&username=snoopy&password=woodstock
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 - Password Grant (LDAP) Verificación de Password Generación de Token (Repositorio de Token) Post /oauth2/token Host: api.superbliz.io User-Agent: curl/7.43.0 Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grand_type=password&username=snoopy&password=woodstock
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/object HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 45 {"color":{"r":0,"g":0,"b":255,"name":"blue"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/palette HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 45 {"color":{"r":0,"g":255,"b":0,"name":"green"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/select HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 44 {"color":{"r":255,"g":0,"b":0,"name":"red"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/fill HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 49 {"color":{"r":0,"g":255,"b":255,"name":"yellow"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/stroke HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 49 {"color":{"r":255,"g":200,"b":255,"name":"orange"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 - Refresh Grant (LDAP) Verificación Password Generación Token (Repositorio de Token) Post /oauth2/token Host: api.superbliz.io User-Agent: curl/7.43.0 Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grand_type=password&username=snoopy&password=woodstock
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 - Refresh Grant (LDAP) Verificación Password Generación Token (Repositorio de Token) Post /oauth2/token Host: api.superbliz.io User-Agent: curl/7.43.0 Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grand_type=password&username=snoopy&password=woodstock
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Par anterior ∙ Access Token 2YotnFZFEjr1zCsicMWpAA ∙ Refresh Token tGzv3JOkF0XG5Qx2TlKWIA Nuevo Par ∙ Access Token 6Fe4jd7TmdE5yW2q0y6W2w ∙ Refresh Token hyT5rw1QNh5Ttg2hdtR54e
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/palette HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 6Fe4jd7TmdE5yW2q0y6W2w User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 46 {"color":{"r":0,"g":255,"b":0,"name":"green"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/select HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 6Fe4jd7TmdE5yW2q0y6W2w User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 44 {"color":{"r":255,"g":0,"b":0,"name":"red"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 POST /painter/color/fill HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 6Fe4jd7TmdE5yW2q0y6W2w User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 49 {"color":{"r":0,"g":255,"b":255,"name":"yellow"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD ¿Qué hemos logrado?
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Ahora tenemos más passwords (al menos tus dispositivos los tienen)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Terminología de nuevo… ∙ Password Grant??? ∙ Logging in ∙ Token? ∙ Un password ligeramente ofuscado ∙ Equivalente a un HTTP session ID mejorado levemente
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 Request enviados (Authorization: Bearer …) 3000 TPS (HTTP+SSL) 3000 TPS (Verificacione s de tokens) Password enviados (post oauth2/token …) 1000/daily (HTTP+SSL) OAuth 2 (LDAP) 4 saldos 12000 TPS backend
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD “Quién es 6Fe4jd7TmdE5y W2q0y6W2w ???????” “No tengo idea. Pregúntale al servidor de tokens.”
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 Tokens enviados 3000 TPS (HTTP+SSL) 3000 TPS (verificación token) Password Envidados 1000/daily (HTTP+SSL) OAuth 2 (LDAP) 12000 TPS (Verificación token) 8 Saldos 24000 TPS backend
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 3000 TPS (Verificación token) (LDAP) 12000 TPS (Verificación token) 55% del tráfico total Tokens enviados 3000 TPS (HTTP+SSL) Password Envidados 1000/daily (HTTP+SSL) OAuth 2 8 Saldos 24000 TPS backend
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 Puntero Puntero Estado
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Access Token Puntero de Acceso? Llave primaria de Acceso?
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2.0 Algoritmo de intercambio de passwords de alta frecuencia?
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2.0 + JSon Web Tokens (JWT)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD JSon Web Token ∙ Pronunciado “YOT” ∙ JSON map con data de usuario ∙ Códificado Base64 ∙ Firmado digitalmente (RSA-SHA256, HMAC-SHA512, etc) ∙ Mecanismo de expiración
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Previamente un Access Token ∙ 6Fe4jd7TmdE5yW2q0y6W2w
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Access Token ahora (JWT) ∙ eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbi10eXBlIjoi YWNjZXNzLXRva2VuIiwidXNlcm5hbWUiOiJzbm9vcHkiLCJhb mltYWwiOiJiZWFnbGUiLCJpc3MiOiJodHRwczovL2RlbW8uc3V wZXJiaXouY29tL29hdXRoMi90b2tlbiIsInNjb3BlcyI6WyJ0d2l0d GVyIiwibWFucy1iZXN0LWZyaWVuZCJdLCJleHAiOjE0NzQyO DA5NjMsImlhdCI6MTQ3NDI3OTE2MywianRpIjoiNjY4ODFiMD Y4YjI0OWFkOSJ9.DTfSdMzIIsC0j8z3icRdYO1GaMGl6j1I_2DB jiiHW9vmDz8OAw8Jh8DpO32fv0vICc0hb4F0QCD3KQnv8GV M73kSYaOEUwlW0k1TaElxc43_Ocxm1F5IUNZvzlLJ_ksFXGD L_cuadhVDaiqmhct098ocefuv08TdzRxqYoEqYNo
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Nuevo Access Token ∙ header (JSON > Base64 URL Encoded) ∙ Describe como la firma (signature) del token puede ser verificada ∙ payload (JSON > Base64 URL Encoded) ∙ Json map de información que desees incluir ∙ Campo estándar como el de Expiración ∙ signature (Binary > Base64 URL Encoded) ∙ La firma digital ∙ Hecha exclusivamente por el endpoint: /oauth2/token ∙ Si es RSA puede ser verificado por cualquier persona
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD ∙ { "alg": “RS256", "typ": “JWT" } ∙ { "token-type": "access-token", "username": "snoopy", "animal": "beagle", "iss": "https://demo.superbiz.com/oauth2/token", "scopes": [ “twitter”, "mans-best-friend" ], "exp": 1474280963, "iat": 1474279163, "jti": "66881b068b249ad9" } ∙ DTfSdMzIIsC0j8z3icRdYO1GaMGl6j1I_2DBjiiHW9vmDz8OAw8Jh8DpO32fv0vI Cc0hb4F0QCD3KQnv8GVM73kSYaOEUwlW0k1TaElxc43_Ocxm1F5IUNZvzlLJ _ksFXGDL_cuadhVDaiqmhct098ocefuv08TdzRxqYoEqYNo
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Ligero pero con alto impacto en la arquitectura
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD ¿Qué tenemos hasta el momento? (repaso)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) Data completa del usuario desde ldap
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) Generación de Access Token (pointer)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) Ambos se insertan en BD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) Envío del Access Token (pointer) hacia el cliente
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Resultado final cliente permanece con el Pointer Server almacena State
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD ¿Qué podemos hacer ahora? (hola JWT!)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) Data completa del usuario desde ldap
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) La data se representa en JSON
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) JSON es firmado RSA-SHA 256
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) Se inserta solamente el pointer en DB (para revocaciones)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD (LDAP) Envío del Access Token (estado) hacia el cliente
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Servidor almacena el Puntero Cliente permanece con el Estado Resultado obtenido
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 - Password Grant (LDAP) (Repositorio Token ID) Verifica Password Genera Token Firmado (Signed) Post /oauth2/token Host: api.superbliz.io User-Agent: curl/7.43.0 Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grand_type=password&username=snoopy&password=woodstock
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 - Password Grant (LDAP) Verifica Password (Repositorio Token ID) Genera Token Firmado (Signed)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Mensaje OAuth 2.0 con JWT POST /painter/color/palette HTTP/1.1 Host: api.superbiz.io Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbi10eXBlIjoiYWNjZXNzLXR va2VuIiwidXNlcm5hbWUiOiJzbm9vcHkiLCJhbmltYWwiOiJiZWFnbGUiLCJpc3MiOiJodHRwczovL2RlbW8uc3VwZXJ iaXouY29tL29hdXRoMi90b2tlbiIsInNjb3BlcyI6WyJ0d2l0dGVyIiwibWFucy1iZXN0LWZyaWVuZCJdLCJleHAiOjE0NzQ y ODA5NjMsImlhdCI6MTQ3NDI3OTE2MywianRpIjoiNjY4ODFiMDY4YjI0OWFkOSJ9.DTfSdMzIIsC0j8z3icRdYO1GaMGl 6j1I_2DBjiiHW9vmDz8OAw8Jh8DpO32fv0vICc0hb4F0QCD3KQnv8GVM73kSYaOEUwlW0k1TaElxc43_Ocxm1F5IUNZ vzlLJ_ksFXGDL_cuadhVDaiqmhct098ocefuv08TdzRxqYoEqYNo User-Agent: curl/7.43.0 Accept: */* Content-Type: application/json Content-Length: 46 {"color":{"b":0,"g":255,"r":0,"name":"green"}}
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 + JWT Tokens enviados 3000 TPS (HTTP+SSL) 0.55 TPS (Verificaciones refresh token) OAuth 2 (LDAP) 4 saltos 12000 TPS backend 3000 TPS (verifica firma) 12000 TPS (verifica firma) Password enviados (post oauth2/token …) 1000/daily (HTTP+SSL)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD “No!” “Dame toda la información del salario de José.”
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD “Claro!” “Dame toda la información del salario de José.”
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD OAuth 2 + JWT Envío de Tokens válidos 3000 TPS (HTTP+SSL) IP whitelisting 0.55 TPS (verifica refresh token) Password enviados 1000/daily (HTTP+SSL) (LDAP) 4 saltos 12000 TPS backend 9000 TPS (verifica firma) 12000 TPS (verifica firma) Token inválidos 6000 TPS (HTTP+SSL)
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD https://connect2id.com/products/nimbus-jose-jwt Librería JWT https://github.com/jwtk/jjwt https://github.com/auth0/java-jwt
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Eclipse MicroProfile
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD MicroProfile ∙ Comunidad Open-Source de la fundación Eclipse ∙ Enfocada en Microservicios bajo JavaEE ∙ Generadora de: Specificaciones, API y TCK. ∙ Implementado por diferentes entidades http://microprofile.io/
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD MicroProfile JWT MicroProfile 2.0 JAX-RS 2.1JSON-P 1.1CDI 2.0 Config 1.3 Fault Tolerance 1.1 JWT RBAC 1.1 Health Check 1.0 Metrics 1.1 Open Tracing 1.1 Open API 1.0 Rest Client 1.1 JSON-B 1.0 JWT RBAC 1.1 https://microprofile.io/project/eclipse/microprofile-jwt-auth/ Standares de Seguridad ● OAuth 2.0 ● OpenID Connect ● JSON Web Tokens (JWT) Tecnologías Java ● JAX-RS ● CDI ● JSON-P.
Demo #RESTSecurity @otaviojava @tomitribe ODCTour18LAD
#RESTSecurity @otaviojava @tomitribe ODCTour18LAD Moviefun Diagrama de Despliegue Gateway
Gracias

More Related Content

PPTX
Cryptography 101 for Java developers
Michel Schudel
 
PDF
Seguridad en microservicios via micro profile jwt
César Hernández
 
PDF
2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest
César Hernández
 
PDF
2018 colombia deconstruyendo y evolucionando la seguridad en servicios rest
César Hernández
 
PDF
Dodging WebCrypto API Landmines
Ernie Turner
 
PDF
2018 SDJUG Deconstructing and Evolving REST Security
David Blevins
 
PDF
Python Cryptography & Security
Jose Manuel Ortega Candel
 
PDF
2019 JJUG CCC Stateless Microservice Security with MicroProfile JWT
David Blevins
 
Cryptography 101 for Java developers
Michel Schudel
 
Seguridad en microservicios via micro profile jwt
César Hernández
 
2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest
César Hernández
 
2018 colombia deconstruyendo y evolucionando la seguridad en servicios rest
César Hernández
 
Dodging WebCrypto API Landmines
Ernie Turner
 
2018 SDJUG Deconstructing and Evolving REST Security
David Blevins
 
Python Cryptography & Security
Jose Manuel Ortega Candel
 
2019 JJUG CCC Stateless Microservice Security with MicroProfile JWT
David Blevins
 

What's hot (19)

PDF
Deconstructing and Evolving REST security
Jonathan Gallimore
 
PDF
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
PDF
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
Hackito Ergo Sum
 
PDF
Advanced Encryption on the JVM v0.2.8
Matthew McCullough
 
PDF
Dublin JUG Stateless Microservice Security via JWT, TomEE and MicroProfile
Jean-Louis MONTEIRO
 
PDF
Basics of GnuPG (gpg) command in linux
Sanjeev Kumar Jaiswal
 
PDF
Deconstructing and Evolving REST Security
Roberto Cortez
 
PPTX
JWTs and JOSE in a flash
Evan J Johnson (Not a CISSP)
 
PDF
2018 Madrid JUG Deconstructing REST Security
Bruno Baptista
 
PPTX
Using Cryptography Properly in Applications
Great Wide Open
 
PDF
Side-Channels on the Web: Attacks and Defenses
Tom Van Goethem
 
PDF
2017 Devoxx MA Deconstructing and Evolving REST Security
David Blevins
 
PPTX
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
PDF
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
PDF
introduction to jsrsasign
Kenji Urushima
 
PDF
Da APK al Golden Ticket
Giuseppe Trotta
 
PDF
Password Storage and Attacking in PHP
Anthony Ferrara
 
PPTX
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Svetlin Nakov
 
PDF
2016 JavaOne Deconstructing REST Security
David Blevins
 
Deconstructing and Evolving REST security
Jonathan Gallimore
 
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
Hackito Ergo Sum
 
Advanced Encryption on the JVM v0.2.8
Matthew McCullough
 
Dublin JUG Stateless Microservice Security via JWT, TomEE and MicroProfile
Jean-Louis MONTEIRO
 
Basics of GnuPG (gpg) command in linux
Sanjeev Kumar Jaiswal
 
Deconstructing and Evolving REST Security
Roberto Cortez
 
JWTs and JOSE in a flash
Evan J Johnson (Not a CISSP)
 
2018 Madrid JUG Deconstructing REST Security
Bruno Baptista
 
Using Cryptography Properly in Applications
Great Wide Open
 
Side-Channels on the Web: Attacks and Defenses
Tom Van Goethem
 
2017 Devoxx MA Deconstructing and Evolving REST Security
David Blevins
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
introduction to jsrsasign
Kenji Urushima
 
Da APK al Golden Ticket
Giuseppe Trotta
 
Password Storage and Attacking in PHP
Anthony Ferrara
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Svetlin Nakov
 
2016 JavaOne Deconstructing REST Security
David Blevins
 
Ad

Similar to Stateless Microservice Security via JWT and MicroProfile - Mexico (20)

PDF
2019 ITkonekt Stateless REST Security with MicroProfile JWT
Jean-Louis MONTEIRO
 
PDF
2017 JavaOne Deconstructing and Evolving REST Security
David Blevins
 
PDF
2018 IterateConf Deconstructing and Evolving REST Security
David Blevins
 
PDF
2017 dev nexus_deconstructing_rest_security
David Blevins
 
PDF
2018 JavaLand Deconstructing and Evolving REST Security
David Blevins
 
PDF
2018 jPrime Deconstructing and Evolving REST Security
David Blevins
 
PPTX
OAuth2 and OpenID with Spring Boot
Geert Pante
 
PDF
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk
 
PDF
2018 Denver JUG Deconstructing and Evolving REST Security
David Blevins
 
PDF
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
PDF
Distributed Identities with OpenID
Bastian Hofmann
 
PDF
Distributed Identities with OpenID
Bastian Hofmann
 
PDF
[OSSParis 2015] The OpenID Connect Protocol
Clément OUDOT
 
PDF
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
PDF
What the Heck is OAuth and Open ID Connect? - UberConf 2017
Matt Raible
 
PDF
What the Heck is OAuth and OpenID Connect - DOSUG 2018
Matt Raible
 
PDF
APIdays Paris 2019 - Workshop: OAuth by Example by Andy March, Okta
apidays
 
PPTX
OAuth2 para desarrolladores
Luis Ruiz Pavón
 
PPTX
Token based-oauth2
andreyradzkov
 
PDF
2018 Boulder JUG Deconstructing and Evolving REST Security
David Blevins
 
2019 ITkonekt Stateless REST Security with MicroProfile JWT
Jean-Louis MONTEIRO
 
2017 JavaOne Deconstructing and Evolving REST Security
David Blevins
 
2018 IterateConf Deconstructing and Evolving REST Security
David Blevins
 
2017 dev nexus_deconstructing_rest_security
David Blevins
 
2018 JavaLand Deconstructing and Evolving REST Security
David Blevins
 
2018 jPrime Deconstructing and Evolving REST Security
David Blevins
 
OAuth2 and OpenID with Spring Boot
Geert Pante
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk
 
2018 Denver JUG Deconstructing and Evolving REST Security
David Blevins
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
Distributed Identities with OpenID
Bastian Hofmann
 
Distributed Identities with OpenID
Bastian Hofmann
 
[OSSParis 2015] The OpenID Connect Protocol
Clément OUDOT
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
What the Heck is OAuth and Open ID Connect? - UberConf 2017
Matt Raible
 
What the Heck is OAuth and OpenID Connect - DOSUG 2018
Matt Raible
 
APIdays Paris 2019 - Workshop: OAuth by Example by Andy March, Okta
apidays
 
OAuth2 para desarrolladores
Luis Ruiz Pavón
 
Token based-oauth2
andreyradzkov
 
2018 Boulder JUG Deconstructing and Evolving REST Security
David Blevins
 
Ad

More from Otávio Santana (20)

PDF
NoSQL design pitfalls with Java
Otávio Santana
 
PDF
Modern Cloud-Native Jakarta EE Frameworks: tips, challenges, and trends.
Otávio Santana
 
PDF
Architecting Cloud Computing Solutions with Java [1.1]
Otávio Santana
 
PDF
Arquitetando soluções de computação em nuvem com Java
Otávio Santana
 
PDF
Build, run, and scale your Java applications end to end
Otávio Santana
 
PDF
Jakarta NoSQL: Meet the first Jakarta EE specification in the Cloud
Otávio Santana
 
PDF
ORMs: Heroes or Villains Inside the Architecture?
Otávio Santana
 
PDF
Jakarta EE Meets NoSQL at the Cloud Age
Otávio Santana
 
PDF
Boost your APIs with GraphQL 1.0
Otávio Santana
 
PDF
Jakarta EE Meets NoSQL in the Cloud Age [DEV6109]
Otávio Santana
 
PDF
Let’s Make Graph Databases Fun Again with Java [DEV6043]
Otávio Santana
 
PDF
Eclipse JNoSQL: One API to Many NoSQL Databases - BYOL [HOL5998]
Otávio Santana
 
PDF
The new generation of data persistence with graph
Otávio Santana
 
PDF
Eclipse JNoSQL updates from JCP September 11
Otávio Santana
 
PDF
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Otávio Santana
 
PDF
Eclipse JNoSQL: The Definitive Solution for Java and NoSQL Database
Otávio Santana
 
PDF
Polyglot persistence
Otávio Santana
 
PDF
Management 3.0 and open source
Otávio Santana
 
PDF
Building a Recommendation Engine with Java EE
Otávio Santana
 
PDF
Cassandra NoSQL, NoLimits!
Otávio Santana
 
NoSQL design pitfalls with Java
Otávio Santana
 
Modern Cloud-Native Jakarta EE Frameworks: tips, challenges, and trends.
Otávio Santana
 
Architecting Cloud Computing Solutions with Java [1.1]
Otávio Santana
 
Arquitetando soluções de computação em nuvem com Java
Otávio Santana
 
Build, run, and scale your Java applications end to end
Otávio Santana
 
Jakarta NoSQL: Meet the first Jakarta EE specification in the Cloud
Otávio Santana
 
ORMs: Heroes or Villains Inside the Architecture?
Otávio Santana
 
Jakarta EE Meets NoSQL at the Cloud Age
Otávio Santana
 
Boost your APIs with GraphQL 1.0
Otávio Santana
 
Jakarta EE Meets NoSQL in the Cloud Age [DEV6109]
Otávio Santana
 
Let’s Make Graph Databases Fun Again with Java [DEV6043]
Otávio Santana
 
Eclipse JNoSQL: One API to Many NoSQL Databases - BYOL [HOL5998]
Otávio Santana
 
The new generation of data persistence with graph
Otávio Santana
 
Eclipse JNoSQL updates from JCP September 11
Otávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Otávio Santana
 
Eclipse JNoSQL: The Definitive Solution for Java and NoSQL Database
Otávio Santana
 
Polyglot persistence
Otávio Santana
 
Management 3.0 and open source
Otávio Santana
 
Building a Recommendation Engine with Java EE
Otávio Santana
 
Cassandra NoSQL, NoLimits!
Otávio Santana
 

Recently uploaded (20)

PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Cloud computing and distributed systems.
kkkkkhan
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 

Stateless Microservice Security via JWT and MicroProfile - Mexico