Applying Spring Security Framework and OAuth2 To Protect Microservice Architecture API

Nguyen, Quy Hy; Baker, Oras F.

doi:10.17706/jsw.14.6.257-264

Cited by 22 publications

(13 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, these studies were performed separately without verifying the efficacy of the Spring Framework (SF), SSF, and OAuth2 when these technologies were used on MSA endpoint authentication and authorization. Nguyen et al [15] created a proof-of-concept (PoC) MSA application using SF, spring protection, and OAuth2 to reduce the information gap on MSA and API security. They did not test how the solution would work after integrating with a third-party IAM platform.…”

Section: Passwordencodermentioning

confidence: 99%

“…Therefore, maintaining the privacy and security of EHRs has become an open challenge. In combination with open source KeyCloak software [27], the Spring Security [14][15][16] paradigm may offer an opportunity to enhance security features, functionalities, identity brokering, session handling, CORS support, access management solutions, and security assertion markup language (SAML) [28] for a health system's web and REST APIs. The required security background for understanding the SSK security solution is discussed in this section.…”

Section: Basic Preliminariesmentioning

confidence: 99%

“…Spring Security Framework [14][15][16] is a robust, highly customizable, comprehensive, and extensible open-source Java framework supporting authentication and authorization. Furthermore, it provides a solution to protect common external attacks [28][29][30][31][32][33][34][35][36][37], such as session fixation, clickjacking, CSRF, etc.…”

Section: Basic Preliminariesmentioning

confidence: 99%

“…Microservice Architecture (MSA) [29][30][31][32][33][34][35][36][37] has arisen to describe a specific way of developing software systems for independently deployable services. The traditional monolithic software development approach suffers from the following drawbacks: bundled deployment as a single stack, intransigent scalability, high cost of resources and refactoring efforts, and DevOps challenges among dispersed teams [15,16]. In contrast, MSA handles such concerns with the following measures: task decomposition into services, service communication using APIs with the smallest granularity, agility, independent deployment, and execution of services.…”

Section: Basic Preliminariesmentioning

confidence: 99%

See 3 more Smart Citations

Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study

Chatterjee

Prinz

2022

Sensors

View full text Add to dashboard Cite

In this study, we implemented an integrated security solution with Spring Security and Keycloak open-access platform (SSK) to secure data collection and exchange over microservice architecture application programming interfaces (APIs). The adopted solution implemented the following security features: open authorization, multi-factor authentication, identity brokering, and user management to safeguard microservice APIs. Then, we extended the security solution with a virtual private network (VPN), Blowfish and crypt (Bcrypt) hash, encryption method, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure. To accomplish and describe the adopted SSK solution, we utilized a web engineering security method. As a case study, we designed and developed an electronic health coaching (eCoach) prototype system and hosted the system in the expanded digital secure infrastructure to collect and exchange personal health data over microservice APIs. We further described our adopted security solution’s procedural, technical, and practical considerations. We validated our SSK solution implementation by theoretical evaluation and experimental testing. We have compared the test outcomes with related studies qualitatively to determine the efficacy of the hybrid security solution in digital infrastructure. The SSK implementation and configuration in the eCoach prototype system has effectively secured its microservice APIs from an attack in all the considered scenarios with 100% accuracy. The developed digital infrastructure with SSK solution efficiently sustained a load of (≈)300 concurrent users. In addition, we have performed a qualitative comparison among the following security solutions: Spring-based security, Keycloak-based security, and their combination (our utilized hybrid security solution), where SSK showed a promising outcome.

show abstract

Section: Passwordencodermentioning

confidence: 99%

Section: Basic Preliminariesmentioning

confidence: 99%

Section: Basic Preliminariesmentioning

confidence: 99%

Section: Basic Preliminariesmentioning

confidence: 99%

See 2 more Smart Citations

Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study

Chatterjee

Prinz

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…[23] Applying Spring Security Framework and OAuth2 To Protect Microservice Architecture API. [24] Design of a micro-service based Data Pool for device integration to speed up digitalization. [25] Hybrid Blockchain-Enabled Secure Microservices Fabric for Decentralized Multi-Domain Avionics Systems.…”

mentioning

confidence: 99%