Securing Jakarta EE Applications with MicroProfile JWT

Securing applications is a critical aspect of modern software development, ensuring that only authorised users can access sensitive functionalities and data. In the realm of Java enterprise development, one of the robust solutions for securing applications is the use of MicroProfile JWT (JSON Web Tokens). This approach combines the strengths of Jakarta EE, with the agility and portability of MicroProfile standards, particularly for microservices architectures.

MicroProfile JWT (MP JWT) is a specification within the MicroProfile project, designed to provide a common way of using JWTs for authentication and authorization in microservices. This specification aligns with the industry-standard JWT format, a compact, URL-safe means of representing claims to be transferred between two parties, enabling Single Sign-On (SSO) and simplified token-based authentication and authorization. Using this, Jakarta EE applications can leverage MP JWT to enhance their security, allowing seamless integration with modern authentication mechanisms like OAuth 2.0 and OpenID Connect.

This guide will show you how to secure Jakarta EE applications with MicroProfile JWT authentication. As security is a very complex topic, this guide uses the Keycloak project as the security provider. It is recommended to not roll out your own security infrastructure but defer to experts. Keycloak is an open source identity and access management (IAM) framework. It provides user federation, strong authentication, user management, fine-grained authorization, and more. This chapter delegates the process of creating users to Keycloak and focuses on using JWT to secure web resources.

The guide starts by looking at the anatomy of a JWT, the proceeds to using the MicroProfile JWT Authentication APIs to secure and get information from JWT tokens. By the end of this guide, you will be able to secure your Jakarta EE applications using the MicroProfile JWT API.

Category: User Guide

Subject: Jakarta EE, MicroProfile, Security

Securing Jakarta EE Applications with MicroProfile JWT

Back to top