13 Securing a microservice

This chapter covers

Securing microservices with authentication and authorization
Quarkus authentication and authorization options
Utilizing Quarkus file-based user and role definitions during development to secure REST endpoints
Utilizing Keycloak and OpenID Connect to authenticate users and generate JWT tokens
Securing microservices using MicroProfile JWT
Quarkus features that facilitate unit testing

Enterprises require secure applications to prevent unauthorized access to information. This chapter focuses on authentication and authorization as two primary application security measures. This chapter updates the Bank service, Account service, and Transaction service with new endpoints that require authenticated users. The new, secured endpoints will exist alongside the existing insecure endpoints so services can easily switch between them. These services will also require a user to belong to a specific role to access new, secured REST endpoints. Existing REST endpoints will continue to work so the reader can compare the approaches.

13.1 Authorization and authentication overview

Let’s define a the following terms before continuing to figure 13.1:

13.2 Using file-based authentication and authorization

13.3 Authentication and authorization with OpenID Connect

13.3.1 Introduction to OpenID Connect (OIDC)

13.3.2 OIDC and Keycloak

13.3.3 Accessing a protected resource with OpenID Connect

13.3.4 Testing the Code Authorization Flow

13.4 Json Web Tokens (JWT) and MicroProfile JWT

13.4.1 JWT header

13.4.2 JWT payload

13.4.3 JWT signature

13.5 Securing the Transaction service using MicroProfile JWT

13.6 Propagating the JWT

13.6.1 Secure an Account service endpoint

13.6.2 Propagating JWT from the Transaction service to the Account service

13.7 Running the services in Kubernetes

Summary