Thomas Südbröcker

Get started with securing your cloud-native Java microservices applications

Secure your entire cloud-native Java stack. This guide covers JWT authentication with Keycloak and encrypts all internal traffic with Istio's mutual TLS.

Get started with securing your cloud-native Java microservices applications
#1about 5 minutes

Introducing the cloud-native starter security project

An overview of the sample Java microservices application, its architecture, and the security goals of the workshop.

#2about 7 minutes

Choosing an open source stack for security

Keycloak, Quarkus, and MicroProfile are chosen for their standards-based support for OpenID Connect and JSON Web Tokens.

#3about 12 minutes

Implementing the authentication and authorization workflow

The complete login flow is detailed, from the frontend JavaScript SDK to backend token propagation between microservices.

#4about 13 minutes

Understanding platform security with the Istio service mesh

Core Istio concepts are explained, including the sidecar proxy model for traffic control, ingress gateways, and mutual TLS.

#5about 6 minutes

Setting up the hands-on lab environment

Instructions are provided for requesting a pre-configured Kubernetes cluster on IBM Cloud to follow along with the workshop.

#6about 29 minutes

Configuring the Istio ingress with a TLS certificate

This lab section covers installing Istio and configuring the ingress gateway with a DNS name and a Let's Encrypt TLS certificate.

#7about 17 minutes

Deploying and configuring the full application stack

The lab continues with deploying Keycloak, the Java microservices, and the web frontend onto the Kubernetes cluster.

#8about 17 minutes

Enforcing internal security with mTLS and authorization policies

Learn how to apply a strict mutual TLS policy to encrypt all internal traffic and use authorization policies to control service-to-service communication.

#9about 2 minutes

Conclusion and next steps in cloud security

The workshop concludes with a recap and a look at other important security dimensions like container scanning and vulnerability management.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Understanding the core components of cloud security
05:32 MIN

Understanding the core components of cloud security

Building Well-Architected applications

Summary and resources for getting started with Quarkus
00:52 MIN

Summary and resources for getting started with Quarkus

Test-Driven Development: It's easier than you think!

Q&A on managed Kubernetes security in the cloud
02:52 MIN

Q&A on managed Kubernetes security in the cloud

Kubernetes Security - Challenge and Opportunity

Q&A on microservice architecture and security
11:25 MIN

Q&A on microservice architecture and security

Security Challenges of Breaking A Monolith

Deploying reactive apps and key takeaways
05:27 MIN

Deploying reactive apps and key takeaways

Development of reactive applications with Quarkus

Building and securing the new microservices architecture
01:20 MIN

Building and securing the new microservices architecture

How to Destroy a Monolith?

Centralizing security services in a Kubernetes ecosystem
02:04 MIN

Centralizing security services in a Kubernetes ecosystem

DevSecOps: Security in DevOps

Accelerating development with AI and security tools
03:26 MIN

Accelerating development with AI and security tools

30 powerful AWS hacks in just 30 minutes: Boost your developer productivity

Featured Partners

Related Videos

See all videos
Development of reactive applications with Quarkus
39:10

Development of reactive applications with Quarkus

Niklas Heidloff

You can’t hack what you can’t see
29:34

You can’t hack what you can’t see

Reto Kaeser

Security Challenges of Breaking A Monolith
45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

2021: Familiar APIs on Kickass Runtimes #slideless
37:55

2021: Familiar APIs on Kickass Runtimes #slideless

Adam Bien

Walking into the era of Supply Chain Risks
37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Enabling automated 1-click customer deployments with built-in quality and security
44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

DevSecOps: Security in DevOps
33:20

DevSecOps: Security in DevOps

Aarno Aukia

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips
27:11

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips

Kevin Dubois & Daniel Oh

Related Articles

View all articles
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025
Chris Heilmann
WeAreDevelopers LIVE days are changing - get ready to take part
Starting with this week's Web Dev Day edition of WeAreDevelopers LIVE Days, we changed the the way we run these online conferences. The main differences are:Shorter talks (half an hour tops)More interaction in Q&AA tips and tricks "Did you know" sect...
WeAreDevelopers LIVE days are changing - get ready to take part

From learning to earning

Jobs that call for the skills explored in this talk.