/samples

Microservices Security in Action Book Samples

Primary LanguageJava

Microservices Security In Action

By Prabath Siriwardena and Nuwan Dias

Amazon | Manning | YouTube | Slack | Notes | Supplementary Readings

NOTE: While writing the book we wanted to mostly focus on the concepts, as the concrete technologies used to implement the concepts are constantly changing and we wanted to keep them as much as simple. So we decided to use Spring Boot to implement the OAuth 2.0 authorization server used in the samples of the book. However in practice you may use Keycloak, Auth0, Okta, WSO2, and so on as your authorization server.

Spring Boot has deprecated AuthorizationServerConfigurerAdapter, ClientDetailsServiceConfigurer, and AuthorizationServerSecurityConfigurer classes, which we used to implement the authorization server, which we will surely update in the next edition of the book and will also update the github project even before that. However, we expect this will not distract the readers that much, because we don't expect them to implement an authorization server.

PART 1 OVERVIEW

1 ■ Microservices security landscape

PART 2 EDGE SECURITY

PART 3 SERVICE-TO-SERVICE COMMUNICATIONS

PART 4 SECURE DEPLOYMENT

PART 5 SECURE DEVELOPMENT

APPENDICES

A ■ OAuth 2.0 and OpenID Connect

C ■ Single-page application architecture

D ■ Observability in a microservices deployment

G ■ Creating a certificate authority and related keys with OpenSSL

H ■ Secure Production Identity Framework for Everyone