Securing applications is a critical aspect of modern software development, ensuring that only authorised users can access sensitive functionalities and data. In the realm of Java enterprise development, one of the robust solutions for securing applications is the use of MicroProfile JWT (JSON Web Tokens). This approach combines the strengths of Jakarta EE, with the agility and portability of MicroProfile standards, particularly for microservices architectures.
Our new guide - Securing Jakarta EE Applications with MicroProfile JWT - will show you how to secure Jakarta EE applications with MicroProfile JWT authentication. As security is a very complex topic, this guide uses the Keycloak project as the security provider. It is recommended to not roll out your own security infrastructure but defer to experts. Keycloak is an open source identity and access management (IAM) framework. It provides user federation, strong authentication, user management, fine-grained authorization, and more.
The guide starts by looking at the anatomy of a JWT, the proceeds to using the MicroProfile JWT Authentication APIs to secure and get information from JWT tokens. By the end of this guide, you will be able to secure your Jakarta EE applications using the MicroProfile JWT API.