Micronaut Security Deep Dive

Through lectures and lab exercises, this 2-day, deep-dive workshop will prepare you to use Micronaut's robust, built-in security capabilities when building microservices and serverless applications using the framework. 

Overview

Micronaut is a new JVM-based, full-stack framework for building modular, easily testable microservices and serverless applications. Multiple features of the framework, such as token propagation, are specifically designed to boost productivity and simplify coding when working with microservice security.

In this workshop, Micronaut team member, Sergio del Amo, provides an in-depth overview of the Micronaut security landscape, using demonstrations and hands-on exercises to prepare participants to use the framework's security features with confidence.

Participants will learn how to define security for Micronaut endpoints (@Secured, Intercept URL Map), retrieve the current user, use different authentication flows (basic, ldap, database), and create custom authentication providers.

Sergio also discusses Micronaut's out-of-the-box support for JSON web token (JWT) validation, generation, claims customization, JWKS, and Oauth 2. Finally, he demonstrates how easy it is to integrate Micronaut apps with an OpenID connect provider, such as AWS Cognito, Auth0, or Okta.

INTENDED AUDIENCE

This workshop is a great learning opportunity for JVM developers interested in learning to leverage Micronaut's wide range of capabilities and build secure apps with the framework.

Technical Requirements

For the lab exercises, you will need JDK 8 and IntelliJ IDEA Community Edition or Ultimate.

Duration & Format

3 hours

Schedule a custom offering of this workshop at your location, online, or in our Midwest training lab (12140 Woodcrest Executive Drive; St. Louis, MO. 63141).

Outline

The following topics are covered in this workshop:

• Security installation

• Access authenticated user

• Define security: @Secured, Intercept URL Map

• Session-based authentication

• Basic authentication

• LDAP authentication

• Database authentication

• JSON web token (JWT) validation, generation etc.

• JWKS

• Security events

• Token propagation.

• Oauth2

  • authorization code flow

  • password grant flows

  • integration with third-party Oauth2 providers: Auth0, Okta, Keycloack, AWS Cognito

Prerequisites

Although everyone is welcome, we recommend attendees have at least a working familiarity with web development, HTTP, Java, and JVM development frameworks, such as Grails and Spring Boot. Experience with Micronaut is a plus, but not required.