WebSphere Application Server & Liberty

 View Only

Best practices to secure cloud native applications in WebSphere Liberty

By Gary Picher posted Tue May 17, 2022 05:20 PM

Last week, I presented an IBM Expert TV session about securing cloud native applications in WebSphere Liberty. Although "cloud native" implies a lot of things (e.g. dev ops, containers, etc...), for the purposes of securing your application I focused on the Micro Services pattern that is common with cloud native deployments.

Legacy applications are often coded as monoliths and are located in a single place, making authenticating to the application a reasonably simple process because you only need to authenticate once. The Micro Services development pattern involves breaking an application into potentially dozens or hundreds of very small application parts that are each deployed separately and that call each other as needed to perform various tasks of the overall application. This pattern has a number of advantages for development, but one difficulty is that security information needs to be propagated from the initial endpoint of the application to all of the Micro Services that are relied upon.

Given that, I focused the presentation on the various ways that WebSphere Liberty supports Single Sign-On, that is, the ability to authenticate once when you access the application's initial endpoint, and to then have your general authentication information propagated to various Micro Services without propagating any sensitive information (such as your password).

Beyond that, I touched briefly on application authorization, which is the process by which you define which users can access which parts of your application. After all, even if a user successfully authenticates to your application, you don't want, say, a "regular user" accessing parts of your application that are only meant for administrators.

Finally, I discussed further hardening guidelines contained in Liberty's newly-created Center for Internet Security (CIS) benchmark.

Download the slide deck HERE

Watch the full presentation below

If you have any further questions, please feel free to drop me a note at gpicher@us.ibm.com!