Book Image

Practical Cloud-Native Java Development with MicroProfile

By : Emily Jiang, Andrew McCright, John Alcorn, David Chan, Alasdair Nottingham
Book Image

Practical Cloud-Native Java Development with MicroProfile

By: Emily Jiang, Andrew McCright, John Alcorn, David Chan, Alasdair Nottingham

Overview of this book

In this cloud-native era, most applications are deployed in a cloud environment that is public, private, or a combination of both. To ensure that your application performs well in the cloud, you need to build an application that is cloud native. MicroProfile is one of the most popular frameworks for building cloud-native applications, and fits well with Kubernetes. As an open standard technology, MicroProfile helps improve application portability across all of MicroProfile's implementations. Practical Cloud-Native Java Development with MicroProfile is a comprehensive guide that helps you explore the advanced features and use cases of a variety of Jakarta and MicroProfile specifications. You'll start by learning how to develop a real-world stock trader application, and then move on to enhancing the application and adding day-2 operation considerations. You'll gradually advance to packaging and deploying the application. The book demonstrates the complete process of development through to deployment and concludes by showing you how to monitor the application's performance in the cloud. By the end of this book, you will master MicroProfile's latest features and be able to build fast and efficient cloud-native applications.
Table of Contents (18 chapters)
1
Section 1: Cloud-Native Applications
5
Section 2: MicroProfile 4.1 Deep Dive
10
Section 3: End-to-End Project Using MicroProfile
13
Section 4: MicroProfile Standalone Specifications and the Future

Securing cloud-native applications using MicroProfile JWT

MicroProfile JWT utilizes JSON Web Token (JWT) with some additional claims for role-based access control of an endpoint to help with securing cloud-native applications. Securing cloud-native applications is often the must-have feature. It is often the case that cloud-native applications supply sensitive information, which should only be accessible to a particular group of users. Without securing cloud-native applications, everyone would be able to access the information. Jakarta Security (source code at https://github.com/eclipse-ee4j/security-api), a specification (https://jakarta.ee/specifications/security/) under Jakarta EE, can be used to secure cloud-native applications.

In the following example, the method checkAccount is secured via the Jakarta Security API @RolesAllowed. This method can only be invoked by clients with the access group StockViewer or StockTrader. All other users are denied as shown here:

@RolesAllowed...