Get started with security for your Java Microservi
  • Introduction
  • Setup the IBM Cloud Environment
    • Overview
    • Access the Cluster
    • Access IBM Cloud Shell and get the code
  • Setup the IBM Cloud application environment
    • Overview
    • Exercise 1: Setup Istio
    • Exercise 2: Expose Istio Ingress gateway
    • Exercise 3: Expose the gateway via DNS with TLS enabled
    • Exercise 4: Setup Keycloak
  • Platform security with mTLS
    • Exercise 1: Deploy microservices to Kubernetes
    • Exercise 2: Secure microservices using Authentication with mTLS
    • (Optional) Exercise 3: Authorization with Istio
  • Authentication and Authorization with Keycloak and Quarkus
    • (Optional) Exercise 1: Setup the web-application and Microservices locally
    • Exercise 2: Authentication in Vue.js fronted application
    • Exercise 3: Authorization in Quarkus application
  • Additional Resources
    • Known issues
    • Blog posts related to security
    • Cloud-Native-Starter project
    • Cloud-Native-Starter project security
    • Cloud-Native-Starter project reactive
Powered by GitBook
On this page
  • Architecture
  • Estimated time and level
  • Objectives
  • About this workshop
  • Agenda
  • Compatibility
  • Technology Used
  • Credits
  • Additional resources

Was this helpful?

Introduction

NextOverview

Last updated 4 years ago

Was this helpful?

As a developer you should ask yourself: "How can I make my application (more) secure?"

In this workshop you will learn how to get started with Application Security from two perspectives:

  • Platform security

  • Authentication and Authorization implementation

We will show you with an example application:

  • How to secure external access to a Kubernetes cluster with TLS

  • How to secure communication between Microservices with Istio and mTLS

  • How to implement authorization and authentication with the Open Source Identity and Access Management system Keycloak and JSON Web Tokens (JWT)

The exercises are based on an example application based on our Open Source Github project , build with Quarkus and Microprofile

The following screenshot shows the web application, you have to logon to see the list of articles.

Architecture

The following diagram shows the architecture of the sample application. There is a Web-App service that serves the Javascript/Vue.js code to the browser. The Web-App code running in the browser invokes a REST API of the Web-API microservice. The Web-API microservice in turn invokes a REST API of the Articles microservice.

To see the results in the web application, users need to be authenticated and they need to have the role user.

Estimated time and level

Time

Level

one hour

beginners

Objectives

Application security provided by the platform

Application security with Keycloak and Quarkus

The scope of this workshop is not to explain every aspect of application security.

About this workshop

Agenda

These are the sections of this workshop, go through all of them in sequence, start with 1. Setup the IBM Cloud Environment :

Compatibility

The workshop with his two major parts, has been tested on the following platforms and local installations:

  1. Platform security

    • IBM Cloud Kubernetes Service: Kubernetes Version 1.17, Istio Version 1.5 on IBM Cloud (pre-provisioned for the workshop or a paid cluster)

    • IBM Cloud Shell: Version 1.0.2

  2. Authorization and authentication implementation

    • git 2.24.1

    • yarn 1.22.4

    • Node.js v14.6.0

    • Apache Maven 3.6.3

    • Docker 3.0.4

    • Java 9

Technology Used

Credits

Additional resources

After you complete this workshop, you'll understand the following related topics:

/

on the Web Fronted

for specific Microservices in the backend

are some blogs that describe how this project has been implemented-

The presentation that goes with this workshop is available .

application security
TLS
HTTPS
mTLS
Authentication with Keycloak
Authorization in Quarkus
Setup the IBM Cloud Environment
Setup the IBM Cloud application environment
Platform security with mTLS
Application security with Keycloak and Quarkus
Microservices architecture
KEYCLOAK
Jakarta EE
MicroProfile
Quarkus
Ingress
Istio
Vue.js
NGINX
Kubernetes
git 2.24.1 or higher
yarn 1.22.4 or higher
Node.js v14.6.0 or higher
Apache Maven 3.6.3
Niklas Heidloff
Harald Uebele
Thomas Südbröcker
Here
here
Cloud Native Starter
architecture
architecture