Securing your Microservices with Spring Security, OAuth 2 and OpenID Connect (OICD)

Softwareentwicklung mit Open Source

9:00 – 17:00 Uhr
BFH - Berner Fachhochschule
Max. Teilnehmer: 30


Microservices are bringing, besides many benefits also, new challenges to the teams working with them. In this workshop, we will look at how we create flexible, secure and efficient authentication and authorisation for your microservice architecture.
We are covering standard protocols like OAuth 2 and OpenID Connect (OICD) and the new features of Spring Security and the Spring Authorisation Server.


  • ProtocolBasics of OAuth 2.0, changes in the upcoming OAuth 2.1 version, and OpenID Connect
  • Authenticating a Microservice using JWT bearer tokens
  • Authenticating a Microservice using Opaque bearer tokens with token introspection
  • Authorization (for JWT and Opaque tokens)
  • Bearer Token Propagation between Microservices
  • Automated testing of Microservices authentication/authorization (JWT and Opaque tokens)
  • Configuring and using the new Spring Authorization Server


Participants will secure and test the individual parts of a software system written with Spring Boot and Spring Security. They will understand how OAuth2 works and use and configure the new Spring Authorization Server. Finally, a resource server and client will be implemented.


Software developers and architects.


Java and Spring Boot knowledge.


  • A laptop with enough spare disk space and RAM
  • Java, Maven and your favourite IDE installed (Eclipse, Spring STS, IntelliJ, Netbeans)
  • Having rights to install additional software
  • No VPN restrictions – direct internet access


Patrick Baumgartner


Patrick is a passionate Software Crafter, trainer and coach for 42talents. His calling is to improve the working environment in IT. He believes that this work is not just about code but about people. Also, he is actively involved in the software community by organising events and promoting topics such as Agile Software Development, Software Craft and Testing, graph and NoSQL databases, and anything around Java EE and Spring.