The learning curve for REST API security is severe and unforgiving. When left to the end of a project, we miss key opportunities to create truly scalable, stateless architectures. The first half of this session delves into OAuth 2.0 with and without JWTs and shows how it falls into two camps: stateful and stateless. We then take a code-driven deep dive into MicroProfile JWT, which offers a clean Java API and standard configuration for consuming JWTs across Microservices in an elegantly stateless architecture.
Founder of Tomitribe, veteran of Open Source Java EE in both implementing and defining JavaEE specifications for over 10 years with a strong drive to see JavaEE simple, testable and as light as Java SE. Co-Founder of OpenEJB (1999), Geronimo (2003), TomEE (2011). Member of the Java EE 7 and EJB 3.2 Expert Groups, past member of the Java EE 6, EJB 3.1, and EJB 3.0 Expert Groups. Contributing author to Component-Based Software Engineering: Putting the Pieces Together from Addison Wesley.