Thomas Südbröcker

Get started with securing your cloud-native Java microservices applications

Secure your entire cloud-native Java stack. This guide covers JWT authentication with Keycloak and encrypts all internal traffic with Istio's mutual TLS.

Get started with securing your cloud-native Java microservices applications
#1about 5 minutes

Introducing the cloud-native starter security project

An overview of the sample Java microservices application, its architecture, and the security goals of the workshop.

#2about 7 minutes

Choosing an open source stack for security

Keycloak, Quarkus, and MicroProfile are chosen for their standards-based support for OpenID Connect and JSON Web Tokens.

#3about 12 minutes

Implementing the authentication and authorization workflow

The complete login flow is detailed, from the frontend JavaScript SDK to backend token propagation between microservices.

#4about 13 minutes

Understanding platform security with the Istio service mesh

Core Istio concepts are explained, including the sidecar proxy model for traffic control, ingress gateways, and mutual TLS.

#5about 6 minutes

Setting up the hands-on lab environment

Instructions are provided for requesting a pre-configured Kubernetes cluster on IBM Cloud to follow along with the workshop.

#6about 29 minutes

Configuring the Istio ingress with a TLS certificate

This lab section covers installing Istio and configuring the ingress gateway with a DNS name and a Let's Encrypt TLS certificate.

#7about 17 minutes

Deploying and configuring the full application stack

The lab continues with deploying Keycloak, the Java microservices, and the web frontend onto the Kubernetes cluster.

#8about 17 minutes

Enforcing internal security with mTLS and authorization policies

Learn how to apply a strict mutual TLS policy to encrypt all internal traffic and use authorization policies to control service-to-service communication.

#9about 2 minutes

Conclusion and next steps in cloud security

The workshop concludes with a recap and a look at other important security dimensions like container scanning and vulnerability management.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Understanding the core components of cloud security
13:39 MIN

Understanding the core components of cloud security

Building Well-Architected applications

Deploying reactive apps and key takeaways
33:43 MIN

Deploying reactive apps and key takeaways

Development of reactive applications with Quarkus

Centralizing security services in a Kubernetes ecosystem
22:09 MIN

Centralizing security services in a Kubernetes ecosystem

DevSecOps: Security in DevOps

Demo: Initiating a secure code update for an application
18:46 MIN

Demo: Initiating a secure code update for an application

Open Source Secure Software Supply Chain in action

Answering questions on Micronaut and its ecosystem
42:17 MIN

Answering questions on Micronaut and its ecosystem

Microservices with Micronaut

A seven-step guide to securing modern web apps
36:35 MIN

A seven-step guide to securing modern web apps

Full-stack role-based authorization in 45 minutes

Key takeaways on IDE and developer tool security
27:19 MIN

Key takeaways on IDE and developer tool security

You click, you lose: a practical look at VSCode's security

Moving beyond the "it just works" developer mindset
02:54 MIN

Moving beyond the "it just works" developer mindset

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Featured Partners

Related Videos

See all videos
Keycloak case study: Making users happy with service level indicators and observability27:15

Keycloak case study: Making users happy with service level indicators and observability

Alexander Schwartz

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Development of reactive applications with Quarkus39:10

Development of reactive applications with Quarkus

Niklas Heidloff

Architecting API Security47:34

Architecting API Security

Philippe De Ryck

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

2021: Familiar APIs on Kickass Runtimes #slideless37:55

2021: Familiar APIs on Kickass Runtimes #slideless

Adam Bien

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips27:11

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips

Kevin Dubois & Daniel Oh

From learning to earning

Jobs that call for the skills explored in this talk.