A microservices architecture connects many independent processes that communicate with one another over an API, or multiple APIs. These processes, and there are often a lot of them, need to exchange information and each communication exposes your application to vulnerabilities and latency.

In this presentation, Stormpath Java Evangelist Micah Silverman gives an overview of the JJWT library, how it can be used in a CSRF (Cross Site Request Forgery) prevention implementation, and a simple (but powerful) PKI (Public Key Infrastructure) approach to secure communication between microservices.

Follow along with the resources demonstrated in this presentation:

  • JJWT library
  • JWT CSRF Tutorial
  • JWT Microservices Tutorial
  • Excited to learn more about JWTs and authentication? Check out these resources:

  • How to: Secure Connected Microservices in Spring Boot with OAuth and JWTs
  • A Beginner’s Guide to JWTs in Java
  • 5 Practical Tips for Building Your Spring Boot API
  • OZorkAuth — Learn OAuth2 + Spring Boot the Fun Way!
  • Where to Store Your JWTs — Cookies or HTML5 Web Storage