SlideShare a Scribd company logo

Security enforcement of Java Microservices with Apiman & Keycloak

Charles Moulliard
Charles Moulliard

Security enforcement of Java Microservices with Apiman & Keycloak

Technology
1 of 40
Download to read offline
Security enforcement of the Java Microservice Applications Charles Moulliard (@cmoulliard) 9th February 2017  
Who Software Engineer Work on Spring Boot & Cloud, WildFly Swarm, Fabric8 Mountain Biker, Belgian Beer Fan Blog: Twitter: Email: http://cmoulliard.github.io @cmoulliard cmoulliard@redhat.com
Agenda RESTfull Use case How to Secure the Endpoint Policy Web Container Api Management Demo
Use case description  
Use case
REST Service @GET @Path("/customers/{id}/") @Produces("application/xml") @ApiOperation(value = "Find Customer by ID", notes = "More notes about this method", response = Customer.class) @ApiResponses(value = { @ApiResponse(code = 500, message = "Invalid ID supplied"), @ApiResponse(code = 204, message = "Customer not found") }) public Customer getCustomer(@ApiParam(value = "ID of Customer to fetch", required = true) @PathParam("id") String id) { LOG.info("Invoking getCustomer, Customer id is: {}", id); long idNumber = Long.parseLong(id); Customer c = customers.get(idNumber); return c; }
Api documented : Swagger
How to Secure ?  
Level ! Endpoint Framework/Policy/Interceptor   HTTP Web Container Handler & Constraints   Externally Api Manager
Endpoint Level  
Endpoint level
Intercept Framework based : Apache Shiro, Spring Security Interceptor/Policy : Apache Camel, Apache CXF JAXRS : @Roles
Camel Design import org.apache.camel.builder.RouterBuilder; public class FilterRoute extends RouteBuilder { public void configure() throws Exception { from("netty4-http://http://localhost:7777/camel/client) .setHeader("id").simple("$header.CamelHttpQuery") .beanRef("customerServer","getCustomer"; } }
Interceptor To trace, log, secure
Camel Endpoint Goal Extract from the HTTP request the info needed to authenticate a user How Use a Camel Policy to wrap the Route / Pipeline with a new processor     Camel Example public class ShiroSecurityPolicy implements AuthorizationPolicy { public Processor wrap(RouteContext routeContext, final Processor processor) { return new ShiroSecurityProcessor(processor, this); } ... @Override public boolean process(Exchange exchange, AsyncCallback callback) { try { applySecurityPolicy(exchange);
CXF Endpoint How Using the ContainerRequestFilter JAXRS Interface Rely on CXF Intercept    CXF Example @Provider @PreMatching public class SecurityRequestFilter implements ContainerRequestFilter { @Override public void filter(final ContainerRequestContext requestContext) throws IOException { ...
Web HTTP Container  
Web container level
HTTP Handler How Apply Constraints on Web Resources path(s) GET /rest/accountservice/account for User POST /webservices/customerservices/customer for Admin Designed using JAAS JDBC, LDAP, Properties Could use Roles 
Jetty Example Goal restrict or allow access to resources How URL requested matched with one the rule(s)   Example Constraint constraint = new Constraint(); constraint.setRoles(new String[] { "user", "admin" }); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec("/say/hello/*"); mapping.setMethod("GET"); mapping.setConstraint(constraint);
Login Auth Example // Describe the Authentication Constraint to be applied (BASIC, DIGEST, NEGOTIATE, ...) Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "user"); constraint.setAuthenticate(true); // Map the Auth Constraint with a Path ConstraintMapping cm = new ConstraintMapping(); cm.setPathSpec("/*"); cm.setConstraint(constraint); HashLoginService loginService = new HashLoginService("MyRealm", "myrealm.props"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setAuthenticator(new BasicAuthenticator()); sh.setConstraintMappings(cm); sh.setLoginService(loginService);
JAXRS @Roles Goal Allow/Deny Access to resources How using annotation @RolesAllowed   Example @Path("projects") @Produces("application/json") public class ProjectsResource { @POST @RolesAllowed("manager") public Project createProject(final Project project) { ... } @GET @Path("{id}") public Project getProject(@PathParam("id") final Long id) { ... }
Web Secured & Policy Level
Pros / Cons  
Conclusions Pros No product lock Great flexibility Spec managed Cons Intrusive Low Management Capability Lack of Governance
External Player  
Api Manager
Api Man Goal Externalize/Delegate security endpoint to Api   How Api acts as a Proxy/Gateway matching : Incoming request against 1 Many policies Delivering requests to target endpoint if validation succeeds  
Manager
Api
Api
Api Man - Basic Auth How : Associate a Policy using the Basic Auth Plugin to an endpoint "contracts" : [ { "apiOrgId" : "Policy_BasicAuthStatic", "apiId" : "echo", "apiVersion" : "1.0.0", "policies" : [ { "policyImpl" : "class:io.apiman.gateway.engine.policies.BasicAuthenticationPol "policyJsonConfig" : "{ "realm" : "Test", "forwardIdentityHttpHeader" : } ] } ]
Api Man - OpenId connect Goal Authenticate a user using an Identity provider to get a token used for SSO purposes Authentication between Client and Identity Provider: public, secret or PKI JSon Web Token : Compact token format, Encode claims to be transmitted, Base64url encoded and digitally signed and/or encrypted 
OpenId connect - Example { "jti": "af68fac6-fd50-4b73-bd37-5c555a8e561e", "exp": 1442847825, "nbf": 0, "iat": 1442847525, "iss": "http://localhost:8080/auth/realms/fuse", "aud": "fuse", "sub": "3591e417-7c60-4464-8714-96190c7fad92", "azp": "fuse", "session_state": "f58d5dfc-6e4c-4ad2-bd2f-70713f6b942d", "client_session": "f06b673f-ecbe-47f2-ba76-b6a5901d5afe", "allowed-origins": [], "realm_access": { "roles": [ "write" ] }, "name": "writer ", "preferred_username": "writer", "given_name": "writer" }
Role Mapping Goal Restrict/allow access to an application based on an Authorization Rule How Define a collection of Authorization rules as such & Combined with Auth Plugin (Keycloak, Basic, …)     Path Verb Role required .* PUT Writer .* GET Reader
Pros / Cons  
Conclusions Pros Centralized governance policy configuration Loose coupling Tracking of APIs and consumers of those APIs Gathering statistics/metrics Service Discovery Simplify security audit Cons Performance New Architecture Brick Features = plugins available 
Demo  
Questions Twitter : @cmoulliard Apiman : Keycloak : http://apiman.io http://www.keycloak.org/

Recommended

Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
OAuth
OAuthOAuth
OAuthIván Fernández Perea
 

Recommended

Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
OAuth
OAuthOAuth
OAuthIván Fernández Perea
 
Introduction to SAML & OIDC
Introduction to SAML & OIDCIntroduction to SAML & OIDC
Introduction to SAML & OIDCForgeRock Identity Tech Talks
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectUbisecure
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
User Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakUser Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakMuhammad Edwin
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
Java 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJava 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJosé Paumard
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~5 6
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API SecurityAmila Paranawithana
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko ŠtrukeljJavantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko ŠtrukeljHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementCharles Moulliard
 

More Related Content

What's hot

SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectUbisecure
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
User Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakUser Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakMuhammad Edwin
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
Java 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJava 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJosé Paumard
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~5 6
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 

What's hot (20)

Introduction to SAML & OIDC
Introduction to SAML & OIDCIntroduction to SAML & OIDC
Introduction to SAML & OIDC
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
 
User Management Life Cycle with Keycloak
User Management Life Cycle with KeycloakUser Management Life Cycle with Keycloak
User Management Life Cycle with Keycloak
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
Java 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJava 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelization
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API Security
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 

Viewers also liked

Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementCharles Moulliard
 
De git à la blockchain
De git à la blockchainDe git à la blockchain
De git à la blockchainsabativi
 
Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016Charles Moulliard
 
Keycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaKeycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaYoshimasa Tanabe
 
WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7George Gastaldi
 
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016ManageIQ
 
CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?Daniel Kulp
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsJean-Frederic Clere
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Alvaro Sanchez-Mariscal
 
Fusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliardFusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliardCharles Moulliard
 
Secure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API GatewaySecure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API GatewayMohammed Badran
 
Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration Charles Moulliard
 
Develop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backendDevelop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backendCharles Moulliard
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The ThingsAlan Williams
 
WildFly AppServer - State of the Union
WildFly AppServer - State of the UnionWildFly AppServer - State of the Union
WildFly AppServer - State of the UnionDimitris Andreadis
 

Viewers also liked (20)

Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko ŠtrukeljJavantura v4 - Keycloak – instant login for your app - Marko Štrukelj
Javantura v4 - Keycloak – instant login for your app - Marko Štrukelj
 
Security enforcement of Microservices with API Management
Security enforcement of Microservices with API ManagementSecurity enforcement of Microservices with API Management
Security enforcement of Microservices with API Management
 
Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...
Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...
Javantura v4 - (Spring)Boot your application on Red Hat middleware stack - Al...
 
De git à la blockchain
De git à la blockchainDe git à la blockchain
De git à la blockchain
 
Presentation
PresentationPresentation
Presentation
 
Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016Microservices with WildFly Swarm - JavaSI 2016
Microservices with WildFly Swarm - JavaSI 2016
 
Keycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaKeycloak で SSO #渋谷java
Keycloak で SSO #渋谷java
 
WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7WildFly Swarm: Criando Microservices com Java EE 7
WildFly Swarm: Criando Microservices com Java EE 7
 
Javantura v4 - What’s NOT new in modular Java - Milen Dyankov
Javantura v4 - What’s NOT new in modular Java - Milen DyankovJavantura v4 - What’s NOT new in modular Java - Milen Dyankov
Javantura v4 - What’s NOT new in modular Java - Milen Dyankov
 
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
Authentication - Alberto Bellotti - ManageIQ Design Summit 2016
 
CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projects
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Fusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliardFusesource camel-persistence-part1-webinar-charles-moulliard
Fusesource camel-persistence-part1-webinar-charles-moulliard
 
Secure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API GatewaySecure Your APIs with Amazon API Gateway
Secure Your APIs with Amazon API Gateway
 
Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration Apache ServiceMix4 : Dream platform for Java Integration
Apache ServiceMix4 : Dream platform for Java Integration
 
Develop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backendDevelop a Mobile Application coonected to a REST backend
Develop a Mobile Application coonected to a REST backend
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The Things
 
WildFly AppServer - State of the Union
WildFly AppServer - State of the UnionWildFly AppServer - State of the Union
WildFly AppServer - State of the Union
 
Openshift v3-a-revolucao-dos-containers-3
Openshift v3-a-revolucao-dos-containers-3Openshift v3-a-revolucao-dos-containers-3
Openshift v3-a-revolucao-dos-containers-3
 

Similar to Security enforcement of Java Microservices with Apiman & Keycloak

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013Kiril Iliev
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB
 
Externalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldExternalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldSitaraman Lakshminarayanan
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMProvectus
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
Browser security
Browser securityBrowser security
Browser securityUday Anand
 
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...Ivan Sanders
 
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...Thomas Witt
 
May 2010 - RestEasy
May 2010 - RestEasyMay 2010 - RestEasy
May 2010 - RestEasyJBug Italy
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-AssuredMichel Schudel
 
Exposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerExposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerSalesforce Developers
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with SpringJoshua Long
 
WebAppSec Updates from W3C
WebAppSec Updates from W3CWebAppSec Updates from W3C
WebAppSec Updates from W3CNatasha Rooney
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsTom Johnson
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Ballerina
 

Similar to Security enforcement of Java Microservices with Apiman & Keycloak (20)

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
jsSaturday - PhoneGap and jQuery Mobile for SharePoint 2013
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
 
Externalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldExternalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services world
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAM
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
 
Browser security
Browser securityBrowser security
Browser security
 
CDI @javaonehyderabad
CDI @javaonehyderabadCDI @javaonehyderabad
CDI @javaonehyderabad
 
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
 
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
 
May 2010 - RestEasy
May 2010 - RestEasyMay 2010 - RestEasy
May 2010 - RestEasy
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-Assured
 
Exposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using SwaggerExposing Salesforce REST Services Using Swagger
Exposing Salesforce REST Services Using Swagger
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVC
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with Spring
 
WebAppSec Updates from W3C
WebAppSec Updates from W3CWebAppSec Updates from W3C
WebAppSec Updates from W3C
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108
 

More from Charles Moulliard

MicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache CamelMicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache CamelCharles Moulliard
 
Design a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST BackendDesign a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST BackendCharles Moulliard
 
Continuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftContinuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftCharles Moulliard
 
Development of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & HawtioDevelopment of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & HawtioCharles Moulliard
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyCharles Moulliard
 
Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013Charles Moulliard
 
Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012Charles Moulliard
 
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCamelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCharles Moulliard
 
Fusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliardFusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliardCharles Moulliard
 
Devoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemqDevoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemqCharles Moulliard
 
Be jug 090611_apacheservicemix
Be jug 090611_apacheservicemixBe jug 090611_apacheservicemix
Be jug 090611_apacheservicemixCharles Moulliard
 
Fuse source parisjug-10052011
Fuse source parisjug-10052011Fuse source parisjug-10052011
Fuse source parisjug-10052011Charles Moulliard
 

More from Charles Moulliard (14)

MicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache CamelMicroService and MicroContainer with Apache Camel
MicroService and MicroContainer with Apache Camel
 
Design a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST BackendDesign a Mobil Hybrid Application connected to a REST Backend
Design a Mobil Hybrid Application connected to a REST Backend
 
Fuse technology-2015
Fuse technology-2015Fuse technology-2015
Fuse technology-2015
 
Continuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftContinuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on Openshift
 
Development of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & HawtioDevelopment of social media projects with Apache Camel, Fabric8 & Hawtio
Development of social media projects with Apache Camel, Fabric8 & Hawtio
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric Technology
 
Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013Make easier Integration of your services with Fuse Solutions - RedHat 2013
Make easier Integration of your services with Fuse Solutions - RedHat 2013
 
Karaf ee-apachecon eu-2012
Karaf ee-apachecon eu-2012Karaf ee-apachecon eu-2012
Karaf ee-apachecon eu-2012
 
Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012Cloud fuse-apachecon eu-2012
Cloud fuse-apachecon eu-2012
 
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCamelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
 
Fusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliardFusesource camel-persistence-part2-webinar-charles-moulliard
Fusesource camel-persistence-part2-webinar-charles-moulliard
 
Devoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemqDevoxx 2011 integration-camel-cxf-servicemix-activemq
Devoxx 2011 integration-camel-cxf-servicemix-activemq
 
Be jug 090611_apacheservicemix
Be jug 090611_apacheservicemixBe jug 090611_apacheservicemix
Be jug 090611_apacheservicemix
 
Fuse source parisjug-10052011
Fuse source parisjug-10052011Fuse source parisjug-10052011
Fuse source parisjug-10052011
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Security enforcement of Java Microservices with Apiman & Keycloak

  • 1. Security enforcement of the Java Microservice Applications Charles Moulliard (@cmoulliard) 9th February 2017  
  • 2. Who Software Engineer Work on Spring Boot & Cloud, WildFly Swarm, Fabric8 Mountain Biker, Belgian Beer Fan Blog: Twitter: Email: http://cmoulliard.github.io @cmoulliard cmoulliard@redhat.com
  • 3. Agenda RESTfull Use case How to Secure the Endpoint Policy Web Container Api Management Demo
  • 6. REST Service @GET @Path("/customers/{id}/") @Produces("application/xml") @ApiOperation(value = "Find Customer by ID", notes = "More notes about this method", response = Customer.class) @ApiResponses(value = { @ApiResponse(code = 500, message = "Invalid ID supplied"), @ApiResponse(code = 204, message = "Customer not found") }) public Customer getCustomer(@ApiParam(value = "ID of Customer to fetch", required = true) @PathParam("id") String id) { LOG.info("Invoking getCustomer, Customer id is: {}", id); long idNumber = Long.parseLong(id); Customer c = customers.get(idNumber); return c; }
  • 9. Level ! Endpoint Framework/Policy/Interceptor   HTTP Web Container Handler & Constraints   Externally Api Manager
  • 12. Intercept Framework based : Apache Shiro, Spring Security Interceptor/Policy : Apache Camel, Apache CXF JAXRS : @Roles
  • 13. Camel Design import org.apache.camel.builder.RouterBuilder; public class FilterRoute extends RouteBuilder { public void configure() throws Exception { from("netty4-http://http://localhost:7777/camel/client) .setHeader("id").simple("$header.CamelHttpQuery") .beanRef("customerServer","getCustomer"; } }
  • 15. Camel Endpoint Goal Extract from the HTTP request the info needed to authenticate a user How Use a Camel Policy to wrap the Route / Pipeline with a new processor     Camel Example public class ShiroSecurityPolicy implements AuthorizationPolicy { public Processor wrap(RouteContext routeContext, final Processor processor) { return new ShiroSecurityProcessor(processor, this); } ... @Override public boolean process(Exchange exchange, AsyncCallback callback) { try { applySecurityPolicy(exchange);
  • 16. CXF Endpoint How Using the ContainerRequestFilter JAXRS Interface Rely on CXF Intercept    CXF Example @Provider @PreMatching public class SecurityRequestFilter implements ContainerRequestFilter { @Override public void filter(final ContainerRequestContext requestContext) throws IOException { ...
  • 19. HTTP Handler How Apply Constraints on Web Resources path(s) GET /rest/accountservice/account for User POST /webservices/customerservices/customer for Admin Designed using JAAS JDBC, LDAP, Properties Could use Roles 
  • 20. Jetty Example Goal restrict or allow access to resources How URL requested matched with one the rule(s)   Example Constraint constraint = new Constraint(); constraint.setRoles(new String[] { "user", "admin" }); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec("/say/hello/*"); mapping.setMethod("GET"); mapping.setConstraint(constraint);
  • 21. Login Auth Example // Describe the Authentication Constraint to be applied (BASIC, DIGEST, NEGOTIATE, ...) Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "user"); constraint.setAuthenticate(true); // Map the Auth Constraint with a Path ConstraintMapping cm = new ConstraintMapping(); cm.setPathSpec("/*"); cm.setConstraint(constraint); HashLoginService loginService = new HashLoginService("MyRealm", "myrealm.props"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setAuthenticator(new BasicAuthenticator()); sh.setConstraintMappings(cm); sh.setLoginService(loginService);
  • 22. JAXRS @Roles Goal Allow/Deny Access to resources How using annotation @RolesAllowed   Example @Path("projects") @Produces("application/json") public class ProjectsResource { @POST @RolesAllowed("manager") public Project createProject(final Project project) { ... } @GET @Path("{id}") public Project getProject(@PathParam("id") final Long id) { ... }
  • 23. Web Secured & Policy Level
  • 25. Conclusions Pros No product lock Great flexibility Spec managed Cons Intrusive Low Management Capability Lack of Governance
  • 28. Api Man Goal Externalize/Delegate security endpoint to Api   How Api acts as a Proxy/Gateway matching : Incoming request against 1 Many policies Delivering requests to target endpoint if validation succeeds  
  • 30. Api
  • 31.
  • 32. Api
  • 33. Api Man - Basic Auth How : Associate a Policy using the Basic Auth Plugin to an endpoint "contracts" : [ { "apiOrgId" : "Policy_BasicAuthStatic", "apiId" : "echo", "apiVersion" : "1.0.0", "policies" : [ { "policyImpl" : "class:io.apiman.gateway.engine.policies.BasicAuthenticationPol "policyJsonConfig" : "{ "realm" : "Test", "forwardIdentityHttpHeader" : } ] } ]
  • 34. Api Man - OpenId connect Goal Authenticate a user using an Identity provider to get a token used for SSO purposes Authentication between Client and Identity Provider: public, secret or PKI JSon Web Token : Compact token format, Encode claims to be transmitted, Base64url encoded and digitally signed and/or encrypted 
  • 35. OpenId connect - Example { "jti": "af68fac6-fd50-4b73-bd37-5c555a8e561e", "exp": 1442847825, "nbf": 0, "iat": 1442847525, "iss": "http://localhost:8080/auth/realms/fuse", "aud": "fuse", "sub": "3591e417-7c60-4464-8714-96190c7fad92", "azp": "fuse", "session_state": "f58d5dfc-6e4c-4ad2-bd2f-70713f6b942d", "client_session": "f06b673f-ecbe-47f2-ba76-b6a5901d5afe", "allowed-origins": [], "realm_access": { "roles": [ "write" ] }, "name": "writer ", "preferred_username": "writer", "given_name": "writer" }
  • 36. Role Mapping Goal Restrict/allow access to an application based on an Authorization Rule How Define a collection of Authorization rules as such & Combined with Auth Plugin (Keycloak, Basic, …)     Path Verb Role required .* PUT Writer .* GET Reader
  • 38. Conclusions Pros Centralized governance policy configuration Loose coupling Tracking of APIs and consumers of those APIs Gathering statistics/metrics Service Discovery Simplify security audit Cons Performance New Architecture Brick Features = plugins available 
  • 40. Questions Twitter : @cmoulliard Apiman : Keycloak : http://apiman.io http://www.keycloak.org/