Modern Java Security: Zero Trust Architectures with Jakarta EE 11

Demo application for JDD Poland conference showcasing Zero Trust security implementation using Jakarta EE 11 and Payara.

Getting Started

Prerequisites

Java SE 21+
Maven
Docker and Docker Compose

Quick Start

1. Start Keycloak and PostgreSQL

docker-compose up -d

This will start:

Keycloak at http://localhost:8180 (admin/admin)
PostgreSQL database for Keycloak

Wait for Keycloak to be fully started (check with docker-compose logs -f keycloak).

2. Verify Keycloak Setup

Access the Keycloak admin console at http://localhost:8180

The realm jdd-poland will be automatically imported with:

4 pre-configured users (doctor, nurse, admin, patient)
2 clients (main app and service client)
4 roles (DOCTOR, NURSE, ADMIN, PATIENT)

3. Run the Application

./mvnw clean package payara-micro:dev

The application will start at http://localhost:8080/

Pre-configured Test Users

Username	Password	Role	Description
dr.smith	doctor123	DOCTOR	Full access to patient records
nurse.jones	nurse123	NURSE	Limited patient access
admin	admin123	ADMIN	System administration
patient.doe	patient123	PATIENT	Self-access only

Architecture

This application demonstrates Zero Trust security principles:

Fine-grained Authentication: OAuth 2.0/OIDC via Keycloak
Attribute-Based Access Control: Jakarta Security with custom attributes
Continuous Validation: CDI interceptors for runtime monitoring
Service-to-Service Security: JWT-based authentication with least privilege
Encrypted Transit: Jakarta Security annotations

Input Validation

A key principle of Zero Trust is "Never Trust, Always Verify". This applies to all data entering the system. This demo uses Jakarta Bean Validation to enforce strict data validation at the API boundary. For a detailed explanation of the input validation strategy, see VALIDATION_ZERO_TRUST.md.

Docker Commands

# Start all services
docker-compose up -d

# View logs
docker-compose logs -f

# Stop all services
docker-compose down

# Stop and remove volumes (clean slate)
docker-compose down -v

Keycloak Configuration

Client credentials for application:

Client ID: jdd-healthcare-app
Client Secret: jdd-healthcare-secret-2024
Realm: jdd-poland

Service-to-service client:

Client ID: service-client
Client Secret: service-client-secret-2024

Environment Variables

Copy .env.example to .env and adjust as needed:

cp .env.example .env

Development

The application uses:

Jakarta EE 11
Payara 7.2025.1.Beta1
Java 21
MicroProfile 7.0

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
keycloak/imports		keycloak/imports
src/main		src/main
.env.example		.env.example
.gitignore		.gitignore
README.md		README.md
cfp.md		cfp.md
docker-compose.yml		docker-compose.yml
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pom.xml		pom.xml
test-api.sh		test-api.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Modern Java Security: Zero Trust Architectures with Jakarta EE 11

Getting Started

Prerequisites

Quick Start

1. Start Keycloak and PostgreSQL

2. Verify Keycloak Setup

3. Run the Application

Pre-configured Test Users

Architecture

Input Validation

Docker Commands

Keycloak Configuration

Environment Variables

Development

About

Uh oh!

Releases

Packages

Languages

pedanticdev/jdd-poland

Folders and files

Latest commit

History

Repository files navigation

Modern Java Security: Zero Trust Architectures with Jakarta EE 11

Getting Started

Prerequisites

Quick Start

1. Start Keycloak and PostgreSQL

2. Verify Keycloak Setup

3. Run the Application

Pre-configured Test Users

Architecture

Input Validation

Docker Commands

Keycloak Configuration

Environment Variables

Development

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages