6 Exposing and securing web applications

This chapter covers

Developing a basic secured web application with HTML
Creating a more advanced HTMX-based UI
Propagating the security context for calls between a web application and a REST service
Exploring other alternatives for frontend development

In this chapter, we focus on two concepts: creating an HTML-based frontend for your application and securing it to require authentication. We already touched security with OIDC and Keycloak a little in chapter 3. We will now apply this concept to the car rental project.

Security, just like testing, is another aspect of software development that is often viewed as a boring but necessary evil and, thus, is often neglected in the early stages of a project. Properly securing an application is generally not an easy task. We will see how Quarkus addresses this and makes security as simple as possible while still providing a high level of flexibility. Changing most security aspects of a Quarkus application is often just a matter of changing a few configuration properties without having to update the code.

6.1 Creating a secured web application

6.1.1 Creating a simple HTML page

6.1.2 Adding security to the application

6.2 Creating a UI for managing car reservations

6.2.1 Updates to the Reservation service needed by the Users service

6.2.2 Preparing backend parts in the Users service to be used by the UI

6.2.3 Creating the UI using Qute, HTMX, and a REST backend

6.2.4 Trying the application

6.3 Other security features of Quarkus

6.4 Running in production mode

6.4.1 Running Keycloak and PostgreSQL as containers

6.4.2 Wiring the services to use Keycloak

6.5 Next steps

Summary