Reader small image

You're reading from  Practical Cloud-Native Java Development with MicroProfile

Product typeBook
Published inSep 2021
PublisherPackt
ISBN-139781801078801
Edition1st Edition
Concepts
Right arrow
Authors (5):
Emily Jiang
Emily Jiang
author image
Emily Jiang

Emily Jiang is a Java Champion, a cloud-native architect with practical experience of building cloud-native applications. She is a MicroProfile guru, leading a number of MicroProfile specifications as well as the implementations in Open Liberty. She is a well-known international conference speaker.
Read more about Emily Jiang

Andrew McCright
Andrew McCright
author image
Andrew McCright

Andy McCright is IBM's Web Services Architect with 20 years of experience building Enterprise Java runtimes. He leads the MicroProfile Rest Client & GraphQL projects and contributes to Open Liberty, Jakarta REST, CXF, RESTEasy, and more. He is also a blogger.
Read more about Andrew McCright

John Alcorn
John Alcorn
author image
John Alcorn

John Alcorn is an application modernization architect in the Cloud Engagement Hub, specializing in helping customers modernize their traditional Java EE applications to the cloud. He developed and maintains the Stock Trader application that shows how to build a composite application out of MicroProfile-based microservices in Java. You can connect with John via Twitter.
Read more about John Alcorn

David Chan
David Chan
author image
David Chan

David Chan is a software developer at IBM who works on the observability and serviceability components of the Open Liberty project. He is involved with the MicroProfile project with a specialization in the MicroProfile Metrics component.
Read more about David Chan

Alasdair Nottingham
Alasdair Nottingham
author image
Alasdair Nottingham

Alasdair Nottingham is a software developer and lead architect for Open Liberty, and WebSphere. He has been involved with the MicroProfile and Jakarta EE projects to a varying extent since their inception.
Read more about Alasdair Nottingham

View More author details
Right arrow

Securing cloud-native applications using MicroProfile JWT

MicroProfile JWT utilizes JSON Web Token (JWT) with some additional claims for role-based access control of an endpoint to help with securing cloud-native applications. Securing cloud-native applications is often the must-have feature. It is often the case that cloud-native applications supply sensitive information, which should only be accessible to a particular group of users. Without securing cloud-native applications, everyone would be able to access the information. Jakarta Security (source code at https://github.com/eclipse-ee4j/security-api), a specification (https://jakarta.ee/specifications/security/) under Jakarta EE, can be used to secure cloud-native applications.

In the following example, the method checkAccount is secured via the Jakarta Security API @RolesAllowed. This method can only be invoked by clients with the access group StockViewer or StockTrader. All other users are denied as shown here:

@RolesAllowed...
lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
Practical Cloud-Native Java Development with MicroProfile
Published in: Sep 2021Publisher: PacktISBN-13: 9781801078801

Authors (5)

author image
Emily Jiang

Emily Jiang is a Java Champion, a cloud-native architect with practical experience of building cloud-native applications. She is a MicroProfile guru, leading a number of MicroProfile specifications as well as the implementations in Open Liberty. She is a well-known international conference speaker.
Read more about Emily Jiang

author image
Andrew McCright

Andy McCright is IBM's Web Services Architect with 20 years of experience building Enterprise Java runtimes. He leads the MicroProfile Rest Client & GraphQL projects and contributes to Open Liberty, Jakarta REST, CXF, RESTEasy, and more. He is also a blogger.
Read more about Andrew McCright

author image
John Alcorn

John Alcorn is an application modernization architect in the Cloud Engagement Hub, specializing in helping customers modernize their traditional Java EE applications to the cloud. He developed and maintains the Stock Trader application that shows how to build a composite application out of MicroProfile-based microservices in Java. You can connect with John via Twitter.
Read more about John Alcorn

author image
David Chan

David Chan is a software developer at IBM who works on the observability and serviceability components of the Open Liberty project. He is involved with the MicroProfile project with a specialization in the MicroProfile Metrics component.
Read more about David Chan

author image
Alasdair Nottingham

Alasdair Nottingham is a software developer and lead architect for Open Liberty, and WebSphere. He has been involved with the MicroProfile and Jakarta EE projects to a varying extent since their inception.
Read more about Alasdair Nottingham