Midwest Dev Chat

MidwestDevChat.com github.com/skidvis/Midwest-Dev-Chat

  • The newest 15 messages in the super-cool #java channel.

  • 04/18 20:55:17 Nasir: https://dzone.com/articles/advanced-microservices-security-with-spring-and-oa seems promising

  • 04/18 21:02:19 Sharon: Oauth is overkill unless you're SSO provider is using it

  • 04/18 21:05:30 Nasir: i really just want service to service security

  • 04/18 21:06:09 Nasir: tokens, user/pass, really whatever makes sense

  • 04/18 21:06:20 Sharon: I haven't looked lately, but a year or so ago JHipster had both a traditional spring security cookie approach, or a JWT token style based on a choice at generation time

  • 04/18 21:06:26 Nasir: yes they do

  • 04/18 21:06:34 Nasir: it comes out a little… heavy.

  • 04/18 21:06:43 Nasir: which, maybe it IS heavy

  • 04/18 21:07:08 Nasir: it just seems like something so necessary and common would have a bangin annotation that gives you a sane baseline

  • 04/18 21:07:13 Sharon: Service to service could use certificates. More setup time but easier to use once setup is done

  • 04/18 21:07:32 Nasir: just the ol’ ssl stuff

  • 04/18 21:07:58 Nasir: well cool

  • 04/18 21:08:33 Sharon: Trust store stuff, yeah. Pretty confusing to initially setup though

  • 04/18 21:11:48 Sharon: Server to server can use something like this http://www.baeldung.com/x-509-authentication-in-spring-security

  • 04/18 21:21:08 Sharon: behind a trusted secure firewall, I've used the preauthenticated filter instead to just specify the user http://docs.spring.io/spring-security/site/docs/current/reference/html/preauth.html

  • *Usernames have been changed to protect the innocent.

Check out all the cool channels!

Join the conversation!