This short blog post is about my perspective related to, how to get technical started with white box security testing, when you use SonarQube.Continue reading
I want to provide a basic overview from my perspective, which I structured in following sections:
- Basic Overview
- Try it out
- Open-Source Tools/Technologies
- What are the major tasks inside a OOTB Tekton pipeline?
I like the OWASP Top Ten for “developers” charts. From my point of view, it gives an awesome advice, where to start and helps to take care and remember what you maybe already know about web security implementation. From my side it feels a bit like “rub salt into the wound” of a developer soul, isn’t it so? Especially when you starting developing cloud native and microservices based applications.Continue reading
The reason of that blog post is, that the information in the REST API documentation wasn’t detailed enough for me. The image shows what I found first in the Keycloak REST API documentation .
In common it’s very simple to use the Keycloak REST API. For more details see in my blog post Getting started to secure a simple Java Microservice with Keycloak, MicroProfile and OpenLiberty.
First you need a bearer authorization token for an administration user and with that token you create a new realm using the realm json exported before.
Here is what I found:
- … for the Authorization user for administrative tasks, I got the missing pieces in the Keycloak documentation here.
- … for the submit of the realm json, I got the missing pieces as a part of the answer on StackOverflow “Unable to create Keycloak realm via the rest admin API: Unsupported Media Type“.
In that project I want to …
The Microservice runs on OpenLiberty and uses MicroProfile. The example Microservice is called
Authors and is from the open sourced Cloud Native Starter project. So, you can compare the implementation of the
Authors Microservice in this project with the implementation in the Cloud Native Starter project. The example doesn’t use a frontend UI for the Authentication. The JUnit test will authenticate with the Keycloak REST API.
Here is a 7 min YouTube video about the setup of the example: