ArchitectureConference40min
Architectural Patterns for Spring Security You Wish Your Tech Lead Knew
This talk discusses architectural patterns for implementing authentication and authorization in complex microservice systems using Spring Security, OAuth2, and OIDC. It covers federating multiple identity providers, designing fault-tolerant security services, and leveraging API gateways, offering practical insights and real-world examples for building secure, scalable architectures.
Cristian SchuszterCERN
talkDetail.whenAndWhere
Saturday, April 25, 09:45-10:25
MC 2
talks.roomOccupancytalks.noOccupancyInfo
You’ve made Spring Security work in one service: congratulations! 🥳 But what happens when your system grows into dozens of microservices, multiple identity providers, and a requirement for single sign-on that “just works”?
Building a secure architecture around Spring Security is not as straightforward as it seems. In this talk, we’ll explore architectural patterns for handling authentication and authorization in complex environments using Spring Security, OAuth2, and OIDC. We’ll look at how to federate multiple IdPs, design authentication and authorization as separate fault-tolerant services, and apply the API gateway approach with Spring Cloud to make it all play nicely together.
You’ll walk away with practical insights, examples, and lessons learned from real-world setups that will help you design a secure and scalable architecture your tech lead will be proud of.
Building a secure architecture around Spring Security is not as straightforward as it seems. In this talk, we’ll explore architectural patterns for handling authentication and authorization in complex environments using Spring Security, OAuth2, and OIDC. We’ll look at how to federate multiple IdPs, design authentication and authorization as separate fault-tolerant services, and apply the API gateway approach with Spring Cloud to make it all play nicely together.
You’ll walk away with practical insights, examples, and lessons learned from real-world setups that will help you design a secure and scalable architecture your tech lead will be proud of.
Cristian Schuszter
Dr. Cristian Schuszter holds a PhD in Systems Engineering, where his research focused on distributed fault-tolerant software architectures and machine learning-based failure prediction. With experience across academia and industry, he works at the intersection of data engineering, full-stack development, and software architecture.
For the past eight years, Cristian has been part of CERN, the European Organization for Nuclear Research, where he helps shape the architectural direction of the Business Computing Group. His current work centers on enterprise Java systems, modern UI design, and developer productivity, bringing engineering discipline and innovation to some of CERN’s most complex enterprise software environments.
For the past eight years, Cristian has been part of CERN, the European Organization for Nuclear Research, where he helps shape the architectural direction of the Business Computing Group. His current work centers on enterprise Java systems, modern UI design, and developer productivity, bringing engineering discipline and innovation to some of CERN’s most complex enterprise software environments.
talkDetail.shareFeedback
talkDetail.feedbackNotYetAvailable
talkDetail.feedbackAvailableAfterStart
talkDetail.signInRequired
talkDetail.signInToFeedbackDescription
occupancy.title
occupancy.votingNotYetAvailable
occupancy.votingAvailableBeforeStart
talkDetail.signInRequired
occupancy.signInToVoteDescription
comments.speakerNotEnabledComments