SlideShare une entreprise Scribd logo

Security enforcement of Java Microservices with Apiman & Keycloak

Charles Moulliard
Charles Moulliard

Security enforcement of Java Microservices with Apiman & Keycloak

Technologie
1  sur  40
Télécharger pour lire hors ligne
Security enforcement of the Java Microservice Applications Charles Moulliard (@cmoulliard) 9th February 2017  
Who Software Engineer Work on Spring Boot & Cloud, WildFly Swarm, Fabric8 Mountain Biker, Belgian Beer Fan Blog: Twitter: Email: http://cmoulliard.github.io @cmoulliard cmoulliard@redhat.com
Agenda RESTfull Use case How to Secure the Endpoint Policy Web Container Api Management Demo
Use case description  
Use case
REST Service @GET @Path("/customers/{id}/") @Produces("application/xml") @ApiOperation(value = "Find Customer by ID", notes = "More notes about this method", response = Customer.class) @ApiResponses(value = { @ApiResponse(code = 500, message = "Invalid ID supplied"), @ApiResponse(code = 204, message = "Customer not found") }) public Customer getCustomer(@ApiParam(value = "ID of Customer to fetch", required = true) @PathParam("id") String id) { LOG.info("Invoking getCustomer, Customer id is: {}", id); long idNumber = Long.parseLong(id); Customer c = customers.get(idNumber); return c; }
Api documented : Swagger
How to Secure ?  
Level ! Endpoint Framework/Policy/Interceptor   HTTP Web Container Handler & Constraints   Externally Api Manager
Endpoint Level  
Endpoint level
Intercept Framework based : Apache Shiro, Spring Security Interceptor/Policy : Apache Camel, Apache CXF JAXRS : @Roles
Camel Design import org.apache.camel.builder.RouterBuilder; public class FilterRoute extends RouteBuilder { public void configure() throws Exception { from("netty4-http://http://localhost:7777/camel/client) .setHeader("id").simple("$header.CamelHttpQuery") .beanRef("customerServer","getCustomer"; } }
Interceptor To trace, log, secure
Camel Endpoint Goal Extract from the HTTP request the info needed to authenticate a user How Use a Camel Policy to wrap the Route / Pipeline with a new processor     Camel Example public class ShiroSecurityPolicy implements AuthorizationPolicy { public Processor wrap(RouteContext routeContext, final Processor processor) { return new ShiroSecurityProcessor(processor, this); } ... @Override public boolean process(Exchange exchange, AsyncCallback callback) { try { applySecurityPolicy(exchange);
CXF Endpoint How Using the ContainerRequestFilter JAXRS Interface Rely on CXF Intercept    CXF Example @Provider @PreMatching public class SecurityRequestFilter implements ContainerRequestFilter { @Override public void filter(final ContainerRequestContext requestContext) throws IOException { ...
Web HTTP Container  
Web container level
HTTP Handler How Apply Constraints on Web Resources path(s) GET /rest/accountservice/account for User POST /webservices/customerservices/customer for Admin Designed using JAAS JDBC, LDAP, Properties Could use Roles 
Jetty Example Goal restrict or allow access to resources How URL requested matched with one the rule(s)   Example Constraint constraint = new Constraint(); constraint.setRoles(new String[] { "user", "admin" }); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec("/say/hello/*"); mapping.setMethod("GET"); mapping.setConstraint(constraint);
Login Auth Example // Describe the Authentication Constraint to be applied (BASIC, DIGEST, NEGOTIATE, ...) Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "user"); constraint.setAuthenticate(true); // Map the Auth Constraint with a Path ConstraintMapping cm = new ConstraintMapping(); cm.setPathSpec("/*"); cm.setConstraint(constraint); HashLoginService loginService = new HashLoginService("MyRealm", "myrealm.props"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setAuthenticator(new BasicAuthenticator()); sh.setConstraintMappings(cm); sh.setLoginService(loginService);
JAXRS @Roles Goal Allow/Deny Access to resources How using annotation @RolesAllowed   Example @Path("projects") @Produces("application/json") public class ProjectsResource { @POST @RolesAllowed("manager") public Project createProject(final Project project) { ... } @GET @Path("{id}") public Project getProject(@PathParam("id") final Long id) { ... }
Web Secured & Policy Level
Pros / Cons  
Conclusions Pros No product lock Great flexibility Spec managed Cons Intrusive Low Management Capability Lack of Governance
External Player  
Api Manager
Api Man Goal Externalize/Delegate security endpoint to Api   How Api acts as a Proxy/Gateway matching : Incoming request against 1 Many policies Delivering requests to target endpoint if validation succeeds  
Manager
Api
Api
Api Man - Basic Auth How : Associate a Policy using the Basic Auth Plugin to an endpoint "contracts" : [ { "apiOrgId" : "Policy_BasicAuthStatic", "apiId" : "echo", "apiVersion" : "1.0.0", "policies" : [ { "policyImpl" : "class:io.apiman.gateway.engine.policies.BasicAuthenticationPol "policyJsonConfig" : "{ "realm" : "Test", "forwardIdentityHttpHeader" : } ] } ]
Api Man - OpenId connect Goal Authenticate a user using an Identity provider to get a token used for SSO purposes Authentication between Client and Identity Provider: public, secret or PKI JSon Web Token : Compact token format, Encode claims to be transmitted, Base64url encoded and digitally signed and/or encrypted 
OpenId connect - Example { "jti": "af68fac6-fd50-4b73-bd37-5c555a8e561e", "exp": 1442847825, "nbf": 0, "iat": 1442847525, "iss": "http://localhost:8080/auth/realms/fuse", "aud": "fuse", "sub": "3591e417-7c60-4464-8714-96190c7fad92", "azp": "fuse", "session_state": "f58d5dfc-6e4c-4ad2-bd2f-70713f6b942d", "client_session": "f06b673f-ecbe-47f2-ba76-b6a5901d5afe", "allowed-origins": [], "realm_access": { "roles": [ "write" ] }, "name": "writer ", "preferred_username": "writer", "given_name": "writer" }
Role Mapping Goal Restrict/allow access to an application based on an Authorization Rule How Define a collection of Authorization rules as such & Combined with Auth Plugin (Keycloak, Basic, …)     Path Verb Role required .* PUT Writer .* GET Reader
Pros / Cons  
Conclusions Pros Centralized governance policy configuration Loose coupling Tracking of APIs and consumers of those APIs Gathering statistics/metrics Service Discovery Simplify security audit Cons Performance New Architecture Brick Features = plugins available 
Demo  
Questions Twitter : @cmoulliard Apiman : Keycloak : http://apiman.io http://www.keycloak.org/

Recommandé

Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
User Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakUser Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakMuhammad Edwin
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 

Recommandé

Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
User Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakUser Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakMuhammad Edwin
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsJon Todd
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerIBM DataPower Gateway
 
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSMike Felch
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-OnRavi Yasas
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & ComplianceAmazon Web Services
 
Serverless Authentication and Authorisation for Your APIs on AWS
Serverless Authentication and Authorisation for Your APIs on AWS Serverless Authentication and Authorisation for Your APIs on AWS
Serverless Authentication and Authorisation for Your APIs on AWS Amazon Web Services
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and securityErik Paulsson
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)Prof. Jacques Folon (Ph.D)
 
Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko ŠtrukeljJavantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko ŠtrukeljHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementCharles Moulliard
 

Contenu connexe

Tendances

Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsJon Todd
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerIBM DataPower Gateway
 
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSMike Felch
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-OnRavi Yasas
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Serverless Authentication and Authorisation for Your APIs on AWS
Serverless Authentication and Authorisation for Your APIs on AWS Serverless Authentication and Authorisation for Your APIs on AWS
Serverless Authentication and Authorisation for Your APIs on AWS Amazon Web Services
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and securityErik Paulsson
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 

Tendances (20)

Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPower
 
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWS
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Serverless Authentication and Authorisation for Your APIs on AWS
Serverless Authentication and Authorisation for Your APIs on AWS Serverless Authentication and Authorisation for Your APIs on AWS
Serverless Authentication and Authorisation for Your APIs on AWS
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
 

En vedette

Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementCharles Moulliard
 
De git à la blockchain
De git à la blockchainDe git à la blockchain
De git à la blockchainsabativi
 
Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016Charles Moulliard
 
Keycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaKeycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaYoshimasa Tanabe
 
WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7George Gastaldi
 
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016ManageIQ
 
CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?Daniel Kulp
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsJean-Frederic Clere
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Alvaro Sanchez-Mariscal
 
Fusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliardFusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliardCharles Moulliard
 
Secure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API GatewaySecure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API GatewayMohammed Badran
 
Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration Charles Moulliard
 
Develop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backendDevelop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backendCharles Moulliard
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The ThingsAlan Williams
 
WildFly AppServer - State of the Union
WildFly AppServer - State of the UnionWildFly AppServer - State of the Union
WildFly AppServer - State of the UnionDimitris Andreadis
 

En vedette (20)

Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko ŠtrukeljJavantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
 
Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API Management
 
Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...
Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...
Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...
 
De git à la blockchain
De git à la blockchainDe git à la blockchain
De git à la blockchain
 
Presentation
PresentationPresentation
Presentation
 
Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016
 
Keycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaKeycloak で SSO #渋谷java
Keycloak で SSO #渋谷java
 
WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7
 
Javantura v4 - What’s NOT new in modular Java - Milen Dyankov
Javantura v4 - What’s NOT new in modular Java - Milen DyankovJavantura v4 - What’s NOT new in modular Java - Milen Dyankov
Javantura v4 - What’s NOT new in modular Java - Milen Dyankov
 
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
 
CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projects
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Fusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliardFusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliard
 
Secure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API GatewaySecure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API Gateway
 
Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration
 
Develop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backendDevelop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backend
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The Things
 
WildFly AppServer - State of the Union
WildFly AppServer - State of the UnionWildFly AppServer - State of the Union
WildFly AppServer - State of the Union
 
Openshift v3-a-revolucao-dos-containers-3
Openshift v3-a-revolucao-dos-containers-3Openshift v3-a-revolucao-dos-containers-3
Openshift v3-a-revolucao-dos-containers-3
 

Similaire à Security enforcement of Java Microservices with Apiman & Keycloak

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013Kiril Iliev
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB
 
Externalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldExternalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldSitaraman Lakshminarayanan
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMProvectus
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
Browser security
Browser securityBrowser security
Browser securityUday Anand
 
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...Ivan Sanders
 
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...Thomas Witt
 
May 2010 - RestEasy
May 2010 - RestEasyMay 2010 - RestEasy
May 2010 - RestEasyJBug Italy
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-AssuredMichel Schudel
 
Exposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerExposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerSalesforce Developers
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with SpringJoshua Long
 
WebAppSec Updates from W3C
WebAppSec Updates from W3CWebAppSec Updates from W3C
WebAppSec Updates from W3CNatasha Rooney
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsTom Johnson
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Ballerina
 

Similaire à Security enforcement of Java Microservices with Apiman & Keycloak (20)

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
 
Externalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldExternalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services world
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAM
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
 
Browser security
Browser securityBrowser security
Browser security
 
CDI @javaonehyderabad
CDI @javaonehyderabadCDI @javaonehyderabad
CDI @javaonehyderabad
 
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
 
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
 
May 2010 - RestEasy
May 2010 - RestEasyMay 2010 - RestEasy
May 2010 - RestEasy
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-Assured
 
Exposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerExposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using Swagger
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVC
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with Spring
 
WebAppSec Updates from W3C
WebAppSec Updates from W3CWebAppSec Updates from W3C
WebAppSec Updates from W3C
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108
 

Plus de Charles Moulliard

MicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache CamelMicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache CamelCharles Moulliard
 
Design a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST BackendDesign a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST BackendCharles Moulliard
 
Continuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftContinuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftCharles Moulliard
 
Development of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & HawtioDevelopment of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & HawtioCharles Moulliard
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyCharles Moulliard
 
Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013Charles Moulliard
 
Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012Charles Moulliard
 
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCamelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCharles Moulliard
 
Fusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliardFusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliardCharles Moulliard
 
Devoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemqDevoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemqCharles Moulliard
 
Be jug 090611_apacheservicemix
Be jug 090611_apacheservicemixBe jug 090611_apacheservicemix
Be jug 090611_apacheservicemixCharles Moulliard
 
Fuse source parisjug-10052011
Fuse source parisjug-10052011Fuse source parisjug-10052011
Fuse source parisjug-10052011Charles Moulliard
 

Plus de Charles Moulliard (14)

MicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache CamelMicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache Camel
 
Design a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST BackendDesign a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST Backend
 
Fuse technology-2015
Fuse technology-2015Fuse technology-2015
Fuse technology-2015
 
Continuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftContinuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on Openshift
 
Development of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & HawtioDevelopment of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & Hawtio
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric Technology
 
Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013
 
Karaf ee-apachecon eu-2012
Karaf ee-apachecon eu-2012Karaf ee-apachecon eu-2012
Karaf ee-apachecon eu-2012
 
Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012
 
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCamelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
 
Fusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliardFusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliard
 
Devoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemqDevoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemq
 
Be jug 090611_apacheservicemix
Be jug 090611_apacheservicemixBe jug 090611_apacheservicemix
Be jug 090611_apacheservicemix
 
Fuse source parisjug-10052011
Fuse source parisjug-10052011Fuse source parisjug-10052011
Fuse source parisjug-10052011
 

Dernier

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Security enforcement of Java Microservices with Apiman & Keycloak

  • 1. Security enforcement of the Java Microservice Applications Charles Moulliard (@cmoulliard) 9th February 2017  
  • 2. Who Software Engineer Work on Spring Boot & Cloud, WildFly Swarm, Fabric8 Mountain Biker, Belgian Beer Fan Blog: Twitter: Email: http://cmoulliard.github.io @cmoulliard cmoulliard@redhat.com
  • 3. Agenda RESTfull Use case How to Secure the Endpoint Policy Web Container Api Management Demo
  • 6. REST Service @GET @Path("/customers/{id}/") @Produces("application/xml") @ApiOperation(value = "Find Customer by ID", notes = "More notes about this method", response = Customer.class) @ApiResponses(value = { @ApiResponse(code = 500, message = "Invalid ID supplied"), @ApiResponse(code = 204, message = "Customer not found") }) public Customer getCustomer(@ApiParam(value = "ID of Customer to fetch", required = true) @PathParam("id") String id) { LOG.info("Invoking getCustomer, Customer id is: {}", id); long idNumber = Long.parseLong(id); Customer c = customers.get(idNumber); return c; }
  • 9. Level ! Endpoint Framework/Policy/Interceptor   HTTP Web Container Handler & Constraints   Externally Api Manager
  • 12. Intercept Framework based : Apache Shiro, Spring Security Interceptor/Policy : Apache Camel, Apache CXF JAXRS : @Roles
  • 13. Camel Design import org.apache.camel.builder.RouterBuilder; public class FilterRoute extends RouteBuilder { public void configure() throws Exception { from("netty4-http://http://localhost:7777/camel/client) .setHeader("id").simple("$header.CamelHttpQuery") .beanRef("customerServer","getCustomer"; } }
  • 15. Camel Endpoint Goal Extract from the HTTP request the info needed to authenticate a user How Use a Camel Policy to wrap the Route / Pipeline with a new processor     Camel Example public class ShiroSecurityPolicy implements AuthorizationPolicy { public Processor wrap(RouteContext routeContext, final Processor processor) { return new ShiroSecurityProcessor(processor, this); } ... @Override public boolean process(Exchange exchange, AsyncCallback callback) { try { applySecurityPolicy(exchange);
  • 16. CXF Endpoint How Using the ContainerRequestFilter JAXRS Interface Rely on CXF Intercept    CXF Example @Provider @PreMatching public class SecurityRequestFilter implements ContainerRequestFilter { @Override public void filter(final ContainerRequestContext requestContext) throws IOException { ...
  • 19. HTTP Handler How Apply Constraints on Web Resources path(s) GET /rest/accountservice/account for User POST /webservices/customerservices/customer for Admin Designed using JAAS JDBC, LDAP, Properties Could use Roles 
  • 20. Jetty Example Goal restrict or allow access to resources How URL requested matched with one the rule(s)   Example Constraint constraint = new Constraint(); constraint.setRoles(new String[] { "user", "admin" }); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec("/say/hello/*"); mapping.setMethod("GET"); mapping.setConstraint(constraint);
  • 21. Login Auth Example // Describe the Authentication Constraint to be applied (BASIC, DIGEST, NEGOTIATE, ...) Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "user"); constraint.setAuthenticate(true); // Map the Auth Constraint with a Path ConstraintMapping cm = new ConstraintMapping(); cm.setPathSpec("/*"); cm.setConstraint(constraint); HashLoginService loginService = new HashLoginService("MyRealm", "myrealm.props"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setAuthenticator(new BasicAuthenticator()); sh.setConstraintMappings(cm); sh.setLoginService(loginService);
  • 22. JAXRS @Roles Goal Allow/Deny Access to resources How using annotation @RolesAllowed   Example @Path("projects") @Produces("application/json") public class ProjectsResource { @POST @RolesAllowed("manager") public Project createProject(final Project project) { ... } @GET @Path("{id}") public Project getProject(@PathParam("id") final Long id) { ... }
  • 23. Web Secured & Policy Level
  • 25. Conclusions Pros No product lock Great flexibility Spec managed Cons Intrusive Low Management Capability Lack of Governance
  • 28. Api Man Goal Externalize/Delegate security endpoint to Api   How Api acts as a Proxy/Gateway matching : Incoming request against 1 Many policies Delivering requests to target endpoint if validation succeeds  
  • 30. Api
  • 31.
  • 32. Api
  • 33. Api Man - Basic Auth How : Associate a Policy using the Basic Auth Plugin to an endpoint "contracts" : [ { "apiOrgId" : "Policy_BasicAuthStatic", "apiId" : "echo", "apiVersion" : "1.0.0", "policies" : [ { "policyImpl" : "class:io.apiman.gateway.engine.policies.BasicAuthenticationPol "policyJsonConfig" : "{ "realm" : "Test", "forwardIdentityHttpHeader" : } ] } ]
  • 34. Api Man - OpenId connect Goal Authenticate a user using an Identity provider to get a token used for SSO purposes Authentication between Client and Identity Provider: public, secret or PKI JSon Web Token : Compact token format, Encode claims to be transmitted, Base64url encoded and digitally signed and/or encrypted 
  • 35. OpenId connect - Example { "jti": "af68fac6-fd50-4b73-bd37-5c555a8e561e", "exp": 1442847825, "nbf": 0, "iat": 1442847525, "iss": "http://localhost:8080/auth/realms/fuse", "aud": "fuse", "sub": "3591e417-7c60-4464-8714-96190c7fad92", "azp": "fuse", "session_state": "f58d5dfc-6e4c-4ad2-bd2f-70713f6b942d", "client_session": "f06b673f-ecbe-47f2-ba76-b6a5901d5afe", "allowed-origins": [], "realm_access": { "roles": [ "write" ] }, "name": "writer ", "preferred_username": "writer", "given_name": "writer" }
  • 36. Role Mapping Goal Restrict/allow access to an application based on an Authorization Rule How Define a collection of Authorization rules as such & Combined with Auth Plugin (Keycloak, Basic, …)     Path Verb Role required .* PUT Writer .* GET Reader
  • 38. Conclusions Pros Centralized governance policy configuration Loose coupling Tracking of APIs and consumers of those APIs Gathering statistics/metrics Service Discovery Simplify security audit Cons Performance New Architecture Brick Features = plugins available 
  • 40. Questions Twitter : @cmoulliard Apiman : Keycloak : http://apiman.io http://www.keycloak.org/