What do you think about the OWASP web application security top ten as a developer?

I like the OWASP Top Ten for “developers” charts. From my point of view, it gives an awesome advice, where to start or helps to take care and remember what you maybe already know about web security implementation. From my side it feels a bit like “rub salt into the wound” of a developer soul, isn’t it so? Especially when you starting developing cloud native and microservices based applications.

Continue reading

Authentication and Authorization for Java Microservices with Keycloak, Quarkus and Microprofile

In this blog post I want to point out that I created a 18 min YouTube video related to the newly created workshop Get started with security for your Java Microservices made by Harald, Niklas and me .

I focus in that video on the topics authentication and authorization for Java Microservices with Keycloak, Quarkus and Microprofile. Have fun 😉

I hope this was useful for you and let’s see what’s next?



#Authorization, #Authentication, #Java, #Microprofile, #Quarkus, #Keycloak

How to create a new realm with the Keycloak REST API?

In this blog post I want to show, how to create a new realm with Keycloak REST API , because later I want to automate the Keycloak realm creation for a workshop using curl in a bash script.

The reason of that blog post is, that the information in the REST API documentation wasn’t detailed enough for me. The image shows what I found first in the Keycloak REST API documentation .


In common it’s very simple to use the Keycloak REST API. For more details see in my blog post Getting started to secure a simple Java Microservice with Keycloak, MicroProfile and OpenLiberty.

First you need a bearer authorization token for an administration user and with that token you create a new realm using the realm json exported before.

Here is what I found:

I used POSTMAN to check it out. These are the steps I did in POSTMAN.

Continue reading