Get started with securing your cloud-native Java microservices applications

Secure your entire cloud-native Java stack. This guide covers JWT authentication with Keycloak and encrypts all internal traffic with Istio's mutual TLS.

#1about 5 minutes

Introducing the cloud-native starter security project

An overview of the sample Java microservices application, its architecture, and the security goals of the workshop.

#2about 7 minutes

Choosing an open source stack for security

Keycloak, Quarkus, and MicroProfile are chosen for their standards-based support for OpenID Connect and JSON Web Tokens.

#3about 12 minutes

Implementing the authentication and authorization workflow

The complete login flow is detailed, from the frontend JavaScript SDK to backend token propagation between microservices.

#4about 13 minutes

Understanding platform security with the Istio service mesh

Core Istio concepts are explained, including the sidecar proxy model for traffic control, ingress gateways, and mutual TLS.

#5about 6 minutes

Setting up the hands-on lab environment

Instructions are provided for requesting a pre-configured Kubernetes cluster on IBM Cloud to follow along with the workshop.

#6about 29 minutes

Configuring the Istio ingress with a TLS certificate

This lab section covers installing Istio and configuring the ingress gateway with a DNS name and a Let's Encrypt TLS certificate.

#7about 17 minutes

Deploying and configuring the full application stack

The lab continues with deploying Keycloak, the Java microservices, and the web frontend onto the Kubernetes cluster.

#8about 17 minutes

Enforcing internal security with mTLS and authorization policies

Learn how to apply a strict mutual TLS policy to encrypt all internal traffic and use authorization policies to control service-to-service communication.

#9about 2 minutes