VMware Tanzu, profile picture
Uploaded byVMware Tanzu
PDF, PPTX3,053 views

Getting Started with Spring Authorization Server

This document outlines the essentials of getting started with the Spring Authorization Server, detailing various security standards like OAuth 2.1 and OpenID Connect. It describes core components, default configurations, and methods for customizing both authorization and client authentication. Additionally, it includes links to sample branches and a roadmap for future developments.

Embed presentation

Download as PDF, PPTX
Getting Started with Spring Authorization Server Joe Grandja @joe_grandja Steve Riesenberg @sjohnr
Security Standards ● OAuth 2.1 Authorization Framework ● OAuth 2.0 Token Revocation ● OAuth 2.0 Token Introspection ● JSON Web Token (JWT) ● JSON Web Key (JWK) ● JSON Web Signature (JWS) ● OpenID Connect Core 1.0 ● OpenID Connect Discovery 1.0 ● OpenID Connect Dynamic Client Registration 1.0
Core Components / Default Configuration ● RegisteredClientRepository / RegisteredClient ● OAuth2AuthorizationService / OAuth2Authorization ● OAuth2AuthorizationConsentService / OAuth2AuthorizationConsent ● JWKSource<SecurityContext> (Nimbus API) ● ProviderSettings ● OAuth2AuthorizationServerConfiguration / OAuth2AuthorizationServerConfigurer
Customizing Authorization ● Authorization Endpoint ● Insufficient Redirect URI Validation ● Mix-Up ● Authorization Code Injection
Customizing Client Authentication ● Mutual-TLS Client Authentication ● Client Certificate-Bound Access Tokens ● Token Replay Prevention
PKI Hierarchy CN=spring-root-ca CN=spring-client CN=spring-authorization-server CN=spring-resource-server
Roadmap ● OpenID Connect Core 1.0 ● JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication ● OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens ● Resource Indicators for OAuth 2.0
Thank you! ● Spring Authorization Server ○ https://github.com/spring-projects/spring-authorization-server ● Sample branches ○ https://github.com/jgrandja/spring-authorization-server/tree/springone-2021 ○ https://github.com/sjohnr/spring-authorization-server/tree/springone-2021 Joe Grandja @joe_grandja Steve Riesenberg @sjohnr

More Related Content

PPTX
Json Web Token - JWT
byPrashant Walke
 
PDF
How to Avoid Common Mistakes When Using Reactor Netty
byVMware Tanzu
 
PDF
Windows Registered I/O (RIO) vs IOCP
bySeungmo Koo
 
PDF
오딘: 발할라 라이징 MMORPG의 성능 최적화 사례 공유 [카카오게임즈 - 레벨 300] - 발표자: 김문권, 팀장, 라이온하트 스튜디오...
byAmazon Web Services Korea
 
PDF
[232] 성능어디까지쥐어짜봤니 송태웅
byNAVER D2
 
PPTX
Centralized Logging System Using ELK Stack
byRohit Sharma
 
PDF
실시간 게임 서버 최적화 전략
byYEONG-CHEON YOU
 
PDF
Hyperledger Fabric practice (v2.0)
bywonyong hwang
 
Json Web Token - JWT
byPrashant Walke
 
How to Avoid Common Mistakes When Using Reactor Netty
byVMware Tanzu
 
Windows Registered I/O (RIO) vs IOCP
bySeungmo Koo
 
오딘: 발할라 라이징 MMORPG의 성능 최적화 사례 공유 [카카오게임즈 - 레벨 300] - 발표자: 김문권, 팀장, 라이온하트 스튜디오...
byAmazon Web Services Korea
 
[232] 성능어디까지쥐어짜봤니 송태웅
byNAVER D2
 
Centralized Logging System Using ELK Stack
byRohit Sharma
 
실시간 게임 서버 최적화 전략
byYEONG-CHEON YOU
 
Hyperledger Fabric practice (v2.0)
bywonyong hwang
 

What's hot

PDF
테라로 살펴본 MMORPG의 논타겟팅 시스템
byQooJuice
 
PDF
[야생의 땅: 듀랑고] 서버 아키텍처 Vol. 2 (자막)
byHeungsub Lee
 
PDF
Producer Performance Tuning for Apache Kafka
byJiangjie Qin
 
PDF
Node ppt
byTamil Selvan R S
 
PPTX
KGC 2014: 분산 게임 서버 구조론
byHyunjik Bae
 
PPTX
NGINX: Basics & Best Practices - EMEA Broadcast
byNGINX, Inc.
 
PDF
Distributed tracing using open tracing &amp; jaeger 2
byChandresh Pancholi
 
PDF
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
byAltinity Ltd
 
PDF
[NDC17] Unreal.js - 자바스크립트로 쉽고 빠른 UE4 개발하기
by현철 조
 
PDF
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
byInfluxData
 
PDF
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
byHeungsub Lee
 
PPTX
NGINX: Basics and Best Practices
byNGINX, Inc.
 
PDF
Android IPC Mechanism
byNational Cheng Kung University
 
PDF
게임의 성공을 위한 Scalable 한 데이터 플랫폼 사례 공유 - 오승용, 데이터 플랫폼 리더, 데브시스터즈 ::: Games on AW...
byAmazon Web Services Korea
 
PDF
Gaming on AWS - 1. AWS로 글로벌 게임 런칭하기 - 장르별 아키텍처 중심
byAmazon Web Services Korea
 
PDF
MMOG Server-Side 충돌 및 이동처리 설계와 구현
byYEONG-CHEON YOU
 
PDF
Json web token
byMayank Patel
 
PDF
Introduction to Chainer 11 may,2018
byPreferred Networks
 
PDF
AWS for Games - 게임만을 위한 AWS 서비스 길라잡이 (레벨 200) - 진교선, 솔루션즈 아키텍트, AWS ::: Game...
byAmazon Web Services Korea
 
PPTX
Building secure applications with keycloak
byAbhishek Koserwal
 
테라로 살펴본 MMORPG의 논타겟팅 시스템
byQooJuice
 
[야생의 땅: 듀랑고] 서버 아키텍처 Vol. 2 (자막)
byHeungsub Lee
 
Producer Performance Tuning for Apache Kafka
byJiangjie Qin
 
Node ppt
byTamil Selvan R S
 
KGC 2014: 분산 게임 서버 구조론
byHyunjik Bae
 
NGINX: Basics & Best Practices - EMEA Broadcast
byNGINX, Inc.
 
Distributed tracing using open tracing &amp; jaeger 2
byChandresh Pancholi
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
byAltinity Ltd
 
[NDC17] Unreal.js - 자바스크립트로 쉽고 빠른 UE4 개발하기
by현철 조
 
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
byInfluxData
 
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
byHeungsub Lee
 
NGINX: Basics and Best Practices
byNGINX, Inc.
 
Android IPC Mechanism
byNational Cheng Kung University
 
게임의 성공을 위한 Scalable 한 데이터 플랫폼 사례 공유 - 오승용, 데이터 플랫폼 리더, 데브시스터즈 ::: Games on AW...
byAmazon Web Services Korea
 
Gaming on AWS - 1. AWS로 글로벌 게임 런칭하기 - 장르별 아키텍처 중심
byAmazon Web Services Korea
 
MMOG Server-Side 충돌 및 이동처리 설계와 구현
byYEONG-CHEON YOU
 
Json web token
byMayank Patel
 
Introduction to Chainer 11 may,2018
byPreferred Networks
 
AWS for Games - 게임만을 위한 AWS 서비스 길라잡이 (레벨 200) - 진교선, 솔루션즈 아키텍트, AWS ::: Game...
byAmazon Web Services Korea
 
Building secure applications with keycloak
byAbhishek Koserwal
 

Similar to Getting Started with Spring Authorization Server

PPTX
OAuth 2.0 at the Globiots
byTran Thanh Thi
 
PDF
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
PDF
JavaOne 2014 - Securing RESTful Resources with OAuth2
byRodrigo Cândido da Silva
 
PDF
ConFoo 2015 - Securing RESTful resources with OAuth2
byRodrigo Cândido da Silva
 
PDF
CIS14: Working with OAuth and OpenID Connect
byCloudIDSummit
 
PDF
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
byCodemotion
 
PDF
OAuth 2.0
byUwe Friedrichsen
 
PDF
Implementing Microservices Security Patterns & Protocols with Spring
byVMware Tanzu
 
PPTX
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
byNilanjan Roy
 
PDF
What the Heck is OAuth and Open ID Connect? - UberConf 2017
byMatt Raible
 
PDF
What the Heck is OAuth and OpenID Connect - DOSUG 2018
byMatt Raible
 
PDF
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
byAndreas Falk
 
PDF
OAuth2 & OpenID Connect with Spring Security
byShuto Uwai
 
PPTX
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game - ...
byNordic APIs
 
PDF
JHipster and Okta - JHipster Virtual Meetup December 2020
byMatt Raible
 
PDF
Plan B: Service to Service Authentication with OAuth
byHenning Jacobs
 
PPTX
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
byIhor Polataiko
 
PDF
What the Heck is OAuth and OpenID Connect - RWX 2017
byMatt Raible
 
PDF
APIdays Paris 2019 - Workshop: OAuth by Example by Andy March, Okta
byapidays
 
PDF
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
byMatt Raible
 
OAuth 2.0 at the Globiots
byTran Thanh Thi
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
byRodrigo Cândido da Silva
 
ConFoo 2015 - Securing RESTful resources with OAuth2
byRodrigo Cândido da Silva
 
CIS14: Working with OAuth and OpenID Connect
byCloudIDSummit
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
byCodemotion
 
OAuth 2.0
byUwe Friedrichsen
 
Implementing Microservices Security Patterns & Protocols with Spring
byVMware Tanzu
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
byNilanjan Roy
 
What the Heck is OAuth and Open ID Connect? - UberConf 2017
byMatt Raible
 
What the Heck is OAuth and OpenID Connect - DOSUG 2018
byMatt Raible
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
byAndreas Falk
 
OAuth2 & OpenID Connect with Spring Security
byShuto Uwai
 
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game - ...
byNordic APIs
 
JHipster and Okta - JHipster Virtual Meetup December 2020
byMatt Raible
 
Plan B: Service to Service Authentication with OAuth
byHenning Jacobs
 
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
byIhor Polataiko
 
What the Heck is OAuth and OpenID Connect - RWX 2017
byMatt Raible
 
APIdays Paris 2019 - Workshop: OAuth by Example by Andy March, Okta
byapidays
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
byMatt Raible
 

More from VMware Tanzu

PDF
Spring into AI presented by Dan Vega 5/14
byVMware Tanzu
 
PDF
What AI Means For Your Product Strategy And What To Do About It
byVMware Tanzu
 
PDF
Make the Right Thing the Obvious Thing at Cardinal Health 2023
byVMware Tanzu
 
PPTX
Enhancing DevEx and Simplifying Operations at Scale
byVMware Tanzu
 
PDF
Spring Update | July 2023
byVMware Tanzu
 
PPTX
Platforms, Platform Engineering, & Platform as a Product
byVMware Tanzu
 
PPTX
Building Cloud Ready Apps
byVMware Tanzu
 
PDF
Spring Boot 3 And Beyond
byVMware Tanzu
 
PDF
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
byVMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
byVMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
byVMware Tanzu
 
PPTX
tanzu_developer_connect.pptx
byVMware Tanzu
 
PDF
Tanzu Virtual Developer Connect Workshop - French
byVMware Tanzu
 
PDF
Tanzu Developer Connect Workshop - English
byVMware Tanzu
 
PDF
Virtual Developer Connect Workshop - English
byVMware Tanzu
 
PDF
Tanzu Developer Connect - French
byVMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
byVMware Tanzu
 
PDF
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
byVMware Tanzu
 
PDF
SpringOne Tour: The Influential Software Engineer
byVMware Tanzu
 
PDF
SpringOne Tour: Domain-Driven Design: Theory vs Practice
byVMware Tanzu
 
Spring into AI presented by Dan Vega 5/14
byVMware Tanzu
 
What AI Means For Your Product Strategy And What To Do About It
byVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
byVMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
byVMware Tanzu
 
Spring Update | July 2023
byVMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
byVMware Tanzu
 
Building Cloud Ready Apps
byVMware Tanzu
 
Spring Boot 3 And Beyond
byVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
byVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
byVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
byVMware Tanzu
 
tanzu_developer_connect.pptx
byVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
byVMware Tanzu
 
Tanzu Developer Connect Workshop - English
byVMware Tanzu
 
Virtual Developer Connect Workshop - English
byVMware Tanzu
 
Tanzu Developer Connect - French
byVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
byVMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
byVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
byVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
byVMware Tanzu
 

Recently uploaded

PDF
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
PDF
Prompt Engineering vs Content Engineering vs RAG.pdf
byVineet Sharma
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PDF
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
PDF
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
The Modern Architect's Codex: Design Patterns in .NET 9
byVineet Sharma
 
PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PDF
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
PDF
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
PDF
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
PPTX
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
PPTX
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 
PDF
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
PPTX
Installing Python in Visual Studio Code
bydabydcatahanibmcom
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
Prompt Engineering vs Content Engineering vs RAG.pdf
byVineet Sharma
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
The Modern Architect's Codex: Design Patterns in .NET 9
byVineet Sharma
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
Installing Python in Visual Studio Code
bydabydcatahanibmcom
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 

Getting Started with Spring Authorization Server

  • 1.
    Getting Started with SpringAuthorization Server Joe Grandja @joe_grandja Steve Riesenberg @sjohnr
  • 2.
    Security Standards ● OAuth2.1 Authorization Framework ● OAuth 2.0 Token Revocation ● OAuth 2.0 Token Introspection ● JSON Web Token (JWT) ● JSON Web Key (JWK) ● JSON Web Signature (JWS) ● OpenID Connect Core 1.0 ● OpenID Connect Discovery 1.0 ● OpenID Connect Dynamic Client Registration 1.0
  • 3.
    Core Components /Default Configuration ● RegisteredClientRepository / RegisteredClient ● OAuth2AuthorizationService / OAuth2Authorization ● OAuth2AuthorizationConsentService / OAuth2AuthorizationConsent ● JWKSource<SecurityContext> (Nimbus API) ● ProviderSettings ● OAuth2AuthorizationServerConfiguration / OAuth2AuthorizationServerConfigurer
  • 4.
    Customizing Authorization ● AuthorizationEndpoint ● Insufficient Redirect URI Validation ● Mix-Up ● Authorization Code Injection
  • 5.
    Customizing Client Authentication ●Mutual-TLS Client Authentication ● Client Certificate-Bound Access Tokens ● Token Replay Prevention
  • 6.
  • 7.
    Roadmap ● OpenID ConnectCore 1.0 ● JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication ● OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens ● Resource Indicators for OAuth 2.0
  • 8.
    Thank you! ● SpringAuthorization Server ○ https://github.com/spring-projects/spring-authorization-server ● Sample branches ○ https://github.com/jgrandja/spring-authorization-server/tree/springone-2021 ○ https://github.com/sjohnr/spring-authorization-server/tree/springone-2021 Joe Grandja @joe_grandja Steve Riesenberg @sjohnr