Architectural Patterns for Spring Security You Wish Your Tech Lead Knew
Cristian Schuszter - CERN
You’ve made Spring Security work in one service: congratulations! 🥳 But what happens when your system grows into dozens of microservices, multiple identity providers, and a requirement for single sign-on that “just works”?
Building a secure architecture around Spring Security is not as straightforward as it seems. In this talk, we’ll explore architectural patterns for handling authentication and authorization in complex environments using Spring Security, OAuth2, and OIDC. We’ll look at how to federate multiple IdPs, design authentication and authorization as separate fault-tolerant services, and apply the API gateway approach with Spring Cloud to make it all play nicely together.
You’ll walk away with practical insights, examples, and lessons learned from real-world setups that will help you design a secure and scalable architecture your tech lead will be proud of.