Thomas Südbröcker

Get started with securing your cloud-native Java microservices applications

Secure your entire cloud-native Java stack. This guide covers JWT authentication with Keycloak and encrypts all internal traffic with Istio's mutual TLS.

Get started with securing your cloud-native Java microservices applications
#1about 5 minutes

Introducing the cloud-native starter security project

An overview of the sample Java microservices application, its architecture, and the security goals of the workshop.

#2about 7 minutes

Choosing an open source stack for security

Keycloak, Quarkus, and MicroProfile are chosen for their standards-based support for OpenID Connect and JSON Web Tokens.

#3about 12 minutes

Implementing the authentication and authorization workflow

The complete login flow is detailed, from the frontend JavaScript SDK to backend token propagation between microservices.

#4about 13 minutes

Understanding platform security with the Istio service mesh

Core Istio concepts are explained, including the sidecar proxy model for traffic control, ingress gateways, and mutual TLS.

#5about 6 minutes

Setting up the hands-on lab environment

Instructions are provided for requesting a pre-configured Kubernetes cluster on IBM Cloud to follow along with the workshop.

#6about 29 minutes

Configuring the Istio ingress with a TLS certificate

This lab section covers installing Istio and configuring the ingress gateway with a DNS name and a Let's Encrypt TLS certificate.

#7about 17 minutes

Deploying and configuring the full application stack

The lab continues with deploying Keycloak, the Java microservices, and the web frontend onto the Kubernetes cluster.

#8about 17 minutes

Enforcing internal security with mTLS and authorization policies

Learn how to apply a strict mutual TLS policy to encrypt all internal traffic and use authorization policies to control service-to-service communication.

#9about 2 minutes

Conclusion and next steps in cloud security

The workshop concludes with a recap and a look at other important security dimensions like container scanning and vulnerability management.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Getting hired by contributing to open source projects
05:32 MIN

Getting hired by contributing to open source projects

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

The industry's focus on frameworks over web fundamentals
11:32 MIN

The industry's focus on frameworks over web fundamentals

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Why small companies shouldn't copy big tech processes
03:10 MIN

Why small companies shouldn't copy big tech processes

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Featured Partners

Related Videos

See all videos
Keycloak case study: Making users happy with service level indicators and observability27:15

Keycloak case study: Making users happy with service level indicators and observability

Alexander Schwartz

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Development of reactive applications with Quarkus39:10

Development of reactive applications with Quarkus

Niklas Heidloff

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

2021: Familiar APIs on Kickass Runtimes #slideless37:55

2021: Familiar APIs on Kickass Runtimes #slideless

Adam Bien

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips27:11

Serverless Java in Action: Cloud Agnostic Design Patterns and Tips

Kevin Dubois & Daniel Oh

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Related Articles

View all articles
CH
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025

From learning to earning

Jobs that call for the skills explored in this talk.

Platform Engineer (m/w/d)

Platform Engineer (m/w/d)

Qvest Digital AG
Bonn, Germany

Remote
Intermediate
Senior
Terraform
Continuous Integration
Cloud (AWS/Google/Azure)