Thomas Südbröcker

Get started with securing your cloud-native Java microservices applications

Secure your entire cloud-native Java stack. This guide covers JWT authentication with Keycloak and encrypts all internal traffic with Istio's mutual TLS.

Get started with securing your cloud-native Java microservices applications
#1about 5 minutes

Introducing the cloud-native starter security project

An overview of the sample Java microservices application, its architecture, and the security goals of the workshop.

#2about 7 minutes

Choosing an open source stack for security

Keycloak, Quarkus, and MicroProfile are chosen for their standards-based support for OpenID Connect and JSON Web Tokens.

#3about 12 minutes

Implementing the authentication and authorization workflow

The complete login flow is detailed, from the frontend JavaScript SDK to backend token propagation between microservices.

#4about 13 minutes

Understanding platform security with the Istio service mesh

Core Istio concepts are explained, including the sidecar proxy model for traffic control, ingress gateways, and mutual TLS.

#5about 6 minutes

Setting up the hands-on lab environment

Instructions are provided for requesting a pre-configured Kubernetes cluster on IBM Cloud to follow along with the workshop.

#6about 29 minutes

Configuring the Istio ingress with a TLS certificate

This lab section covers installing Istio and configuring the ingress gateway with a DNS name and a Let's Encrypt TLS certificate.

#7about 17 minutes

Deploying and configuring the full application stack

The lab continues with deploying Keycloak, the Java microservices, and the web frontend onto the Kubernetes cluster.

#8about 17 minutes

Enforcing internal security with mTLS and authorization policies

Learn how to apply a strict mutual TLS policy to encrypt all internal traffic and use authorization policies to control service-to-service communication.

#9about 2 minutes

Conclusion and next steps in cloud security

The workshop concludes with a recap and a look at other important security dimensions like container scanning and vulnerability management.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Understanding the core components of cloud security
13:39 MIN

Understanding the core components of cloud security

Building Well-Architected applications

Summary and resources for getting started with Quarkus
24:44 MIN

Summary and resources for getting started with Quarkus

Test-Driven Development: It's easier than you think!

Deploying reactive apps and key takeaways
33:43 MIN

Deploying reactive apps and key takeaways

Development of reactive applications with Quarkus

Q&A on managed Kubernetes security in the cloud
39:53 MIN

Q&A on managed Kubernetes security in the cloud

Kubernetes Security - Challenge and Opportunity

Q&A on microservice architecture and security
33:54 MIN

Q&A on microservice architecture and security

Security Challenges of Breaking A Monolith

Building and securing the new microservices architecture
16:17 MIN

Building and securing the new microservices architecture

How to Destroy a Monolith?

Centralizing security services in a Kubernetes ecosystem
22:09 MIN

Centralizing security services in a Kubernetes ecosystem

DevSecOps: Security in DevOps

Accelerating development with AI and security tools
06:17 MIN

Accelerating development with AI and security tools

30 powerful AWS hacks in just 30 minutes: Boost your developer productivity

Featured Partners

Related Videos

See all videos
Keycloak case study: Making users happy with service level indicators and observability27:15

Keycloak case study: Making users happy with service level indicators and observability

Alexander Schwartz

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Architecting API Security47:34

Architecting API Security

Philippe De Ryck

Development of reactive applications with Quarkus39:10

Development of reactive applications with Quarkus

Niklas Heidloff

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

2021: Familiar APIs on Kickass Runtimes #slideless37:55

2021: Familiar APIs on Kickass Runtimes #slideless

Adam Bien

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips27:11

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips

Kevin Dubois & Daniel Oh

Related Articles

View all articles
CH
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025
CH
Chris Heilmann
WeAreDevelopers LIVE days are changing - get ready to take part
Starting with this week's Web Dev Day edition of WeAreDevelopers LIVE Days, we changed the the way we run these online conferences. The main differences are:Shorter talks (half an hour tops)More interaction in Q&AA tips and tricks "Did you know" sect...
WeAreDevelopers LIVE days are changing - get ready to take part

From learning to earning

Jobs that call for the skills explored in this talk.

Cloud Engineer (m/w/d)

Cloud Engineer (m/w/d)

fulfillmenttools
Köln, Germany

50-65K
Intermediate
TypeScript
Google Cloud Platform
Continuous Integration