This chapter covers
- Securing microservices with authentication and authorization
- Quarkus authentication and authorization options
- Utilizing Quarkus file-based user and role definitions during development to secure REST endpoints
- Utilizing Keycloak and OpenID Connect to authenticate users and generate JWT tokens
- Securing microservices using MicroProfile JWT
- Quarkus features that facilitate unit testing
Enterprises require secure applications to prevent unauthorized access to information. This chapter focuses on authentication and authorization as two primary application security measures. This chapter updates the Bank service, Account service, and Transaction service with new endpoints that require authenticated users. The new, secured endpoints will exist alongside the existing insecure endpoints so services can easily switch between them. These services will also require a user to belong to a specific role to access new, secured REST endpoints. Existing REST endpoints will continue to work so the reader can compare the approaches.