Skip to main content

JWT authentication and authorization with Apache ActiveMQ

By ActiveMQ No Comments

Apache ActiveMQ is a well known and very flexible message broker. As such, it fully embraced the AAA model (Authentication, Authorization, Accountability) with built-in plugins.  For example, by default, it comes with Simple Authentication Plugin: it handles user authentication based on the `activemq.xml` defined list of users. Or, as an alternative, you can load users from properties. This is very useful for tests or to quickly bootstrap a project but does not target real-life deployments. JAAS Authentication Plugin: JAAS stands for Java Authentication and Authorization Service and is quite well known in the Java EE space (or Jakarta EE space)….

Read More

Apache ActiveMQ Failover with a SQL Database

By ActiveMQ No Comments

ActiveMQ is often a critical component in Enterprise systems, and therefore High Availability (HA) is a “must have” in order to meet production Service Level Agreements (SLA). This blog aims at providing a deployment architecture based on a set of Apache ActiveMQ brokers wired up to a SQL database.  This blog targets Apache ActiveMQ “classic” as opposed to Apache ActiveMQ Artemis. Failover architecture for high availability What are we trying to achieve? A single instance of ActiveMQ can receive and deliver a very high volume of messages. It is very easy to increase performance and handle more messages by simply…

Read More

Custom Identity Store with Jakarta Security in TomEE

By Jakarta EE, TomEE No Comments

In the previous post, we saw how to use the built-in ‘tomcat-users.xml’ identity store with Apache TomEE. While this identity store is inherited from Tomcat and integrated into Jakarta Security implementation in TomEE, this is usually good for development or simple deployments, but may appear too simple or restrictive for production environments.  This blog will focus on how to implement your own identity store. TomEE can use LDAP or JDBC identity stores out of the box. We will try them out next time. Let’s say you have your own file store or your own data store like an in-memory data…

Read More

Using Tomcat’s `tomcat-users.xml` with Jakarta Security in TomEE

By Jakarta EE, Tomcat, TomEE No Comments

While working on Jakarta EE 10 certification (See announcement Apache Tomee Jakarta EE certified after 10 years, Apache TomEE implemented Jakarta Security specification.  Currently, there is only one implementation used in Glassfish and used by all the other vendors for Jakarta Security. In TomEE, we decided to create an alternative to bring some diversity, and have an Apache implementation. What is Jakarta Security? Jakarta Security defines a standard for creating secure Jakarta EE applications in modern application paradigms. It defines an overarching (end-user targeted) Security API for Jakarta EE Applications. Jakarta Security builds on the lower level Security SPIs defined…

Read More

Understanding Jakarta Security with TomEE

By Apache TomEE, Jakarta EE, Tomcat 2 Comments

There are many blogs explaining how to get Jakarta Security on Tomcat using all sorts of libraries and wiring everything manually. So many opportunities to get it wrong, if you are evaluating or currently using Apache TomEE. In TomEE, the good news is that, like JAX-RS, CDI or Bean Validation, Jakarta Security is out of the box ready to be used like Servlet, and CDI for example. This blog is a high-level view so you have the big picture of the technologies and how they interact with each other in the security landscape. The goal is to be able to…

Read More

JakartaONE Brazil 2020: Como alavancar microservices com TomEE e MicroProfile para ajudar a indústria médica no Brasil.

By Apache TomEE, Jakarta EE, JakartaONE, JakartaONE Brazil, TomEE, Tribers vTour No Comments
No dia 29 de agosto, aconteceu o JakartaOne Livestream Brazil. Foi uma conferência virtual de um dia para desenvolvedores e líderes técnicos trazendo o estado atual e futuro de Jakarta EE e tecnologias relacionadas, com foco no desenvolvimento de aplicativos nativos em nuvem corporativa. A participação foi ótima, com cerca de 200 pessoas conectadas continuamente. Nosso parceiro no Brasil, Rafael Guimares, CEO of GBR Sistemas, falou sobre como eles alavancaram microservices com TomEE para ajudar a indústria médica no Brasil. Graças à sua experiência, a equipe de Rafael foi capaz de construir rapidamente um novo aplicativo para suporte à telemedicina no contexto do Coronavírus (consulta...
Read More

MicroProfile: How it has evolved and where it’s headed?

By Jakarta EE, Java EE, MicroProfile, Open Source No Comments

About a year ago, I wrote a blog post about MicroProfile that explained what it is and why it was created. The explanation of what it is and why it was created is still valuable, but MicroProfle evolves rapidly, so it’s time to talk about where we are at, what’s new, and what to expect in the next few months. MicroProfile Today As per June 2019, MicroProfile 3.0 has been released with the following content.   MicroProfile 1.4 release from last year MicroProfile 3.0 release from this year   Updated versions of Metrics and Health Check introduced breaking API changes….

Read More

MicroProfile JSON Web Token (JWT)

By MicroProfile, Open Source No Comments

In the post, “What is Eclipse MicroProfile”, we explained what Eclipse MicroProfile is and why it’s important. MicroProfile is made up of several specifications. In this post, I’ll explain the JSON Web Tokens (JWT), the MicroProfile JWT specification, and how it can be used to implement stateless security in microservices. I’ll also talk about the extensibility and flexibility of MicroProfile with claims. Tomitribe has been helping companies implement REST services for years and one of the most common problems our clients have is deciding how to implement authentication and authorization. The development of MicroProfile and its use of JWT is…

Read More

What is Eclipse MicroProfile?

By Community, Eclipse Foundation, MicroProfile No Comments
Eclipse MicroProfile defines itself as: The MicroProfile is a baseline platform definition that optimizes Enterprise Java for a microservices architecture and delivers application portability across multiple MicroProfile runtimes.  -- MicroProfile FAQ Java for Enterprise applications are usually built on two options: Spring Framework and Java EE. Java EE created a set of specifications defined first by Sun Microsystems and then by Oracle through the Java Community Process. Specifications were meant to facilitate vendor agnostic development and deployment. During the last 5 years, the Java EE platform has become stable and mature resulting in less frequent releases. Java EE has also...
Read More