It’s the week before a conference. You’re giving a new talk. This is the moment when all speakers are at their least confident. And what, I have to write a blog to earn a shirt? Who made these rules?
Oh, we did.
Alright, let’s do this.
Introducing OpenSource R³ Jam
In a very PartyOne inspired front, we’re getting together with DevNexus, Hazelcast, Jakarta EE, Okta, and Sonatype needs to throw a fun new party at DevNexus next week in Atlanta, Georgia, March 6-8th. DevNexus has soared to the top of my US conferences list and is sitting right up there next to CodeOne. It has all the right things, great local companies filling it up with attendees that need to do a lot of real work and ask great questions, top-notch speakers, walkable locations to explore between sessions, good nightlife that allows you to meet everyone and best of all, Vince and Pratik. These two are the dynamic duo of conferences, except both of them are Batman. Vince wrote a really awesome blog on the story behind OpenSource R³ Jam.
The one thing that we wanted to add was that “I can’t miss it” event that makes you look forward to it every year. The R³ stands for Relax, Recharge, Reflect and is dedicated to Open Source. Speaking as a long time open source person, these are three things I almost never do. Speakers at conferences can be hard to meet, no matter how nice they are — it’s tough to catch them when they aren’t busy working on their unfinished talk or racing between sessions. The OpenSource R³ Jam is everyone’s chance to connect with nowhere to rush off to. Thursday night, 6pm – 8pm, don’t miss it. If you’re a local, you might want to Lyft or Uber that day 🙂 Just saying.
Stateless Microservice Security via JWT and MicroProfile
This year’s talk is an evolution of the Deconstructing REST Security talk I’ve given many times. Deconstructing REST Security is an all-slide talk that crams 3 years of learning right into your head, including the effect on load of the various parts of your architecture as you shift from various types of REST security techniques. It’s a 2 hour talk I try to cram into 1 hour.
This talk aims to be the best bits of that talk, focusing entirely on OAuth 2.0 + JWT, giving you the “punchline” of Deconstructing REST Security and then answering the question “now what, how do I do this?” by rolling up our sleeves and implementing it. We’ll be straight into the IDE and rolling out the entire architecture, booting up every system live. It would be very tempting to focus on just the backend, but that’s only 1/3rd of the picture. The goal of this talk is to give a full-stack perspective. The challenge, I’m not a full-stack developer. I am definitely a backend guy. But hey, if I don’t stretch my boundaries, how I can help anyone do the same?
The example we’ll be working with is a simple and clean full-stack app many of us here in the Tribe have worked on. It’s like the Java EE Petstore but for full-stack security. We’ve got an AngularJS front-end, a TomEE MicroProfile JWT powered backend, our API Gateway in there producing JWTs and all code out in Github. We’ll start with this basic setup and then have some real fun. We’ll get out of hello world and into “this is some crazy…” territory as fast as we can, showing real-world techniques you can use to make JWTs not just fill the role of identity, but role-based authorization, client-side caching and reducing state on the backend. When you leave this talk, your security team will probably hate you.
So fair warning, don’t come unless you’re a bit of a trouble-maker. 🙂