Try Free

Securing Your Applications Running on Payara Platform (JAX-RS Endpoints)

Security
Jadon Ortlepp
Published: 09 Jul 2020
Updated: 21 Oct 2025

Securing your application is a very important aspect of the development of your application. You not only need to make sure that the application has the intended functionality but also that this functionality can only be executed by the appropriate people. You not only need to make sure that updates to data are restricted to the correct people, but it is also important that end users only see data they are allowed to see. And in case of sensitive data, this is even more important.

When your application is based on REST endpoints, securing the application is even more challenging. Those endpoints are in most cases called by some front end, written in all types of technologies ranging from browser-based to native mobile apps, and thus you can’t ask for a user name and password when they are called. They are also stateless, they don’t keep track of previous calls. So we need to provide them all the information about the user in a secure way, every time.

This User Guide will discuss the different aspects of securing the JAX-RS endpoints of your application using standards and common practices like OAuth2, OpenID Connect, JWT Tokens, and MicroProfile JWT authentication in combination with the Payara Platform.

Security is one of the major aspects of the application that needs to be addressed. When using REST endpoints this imposes an additional challenge. How can user information be passed on in a secure way and in a format that the microservice can validate with additional remote calls?

By using JWT tokens that contain claims about the user identity and authorization, we can make sure that this information is passed in a way that rules out tampering. We will also discuss the usage of an OpenID Connect provider to supply these tokens instead of generating them yourself.

In the second half of the guide, a detailed description of an application is will be given to use such JWT tokens and how these tokens can be passed on to other microservices.

{{cta(‘ce3578a9-acc6-4efc-9445-065ec2efc16e’)}}

 

Share:

Download Payara Platform Community

Comments (2)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Slavisa Paunovic

    Is there sample code? When implement my sample I get – Unauthorized This request requires HTTP authentication.

    Reply
  2. Jadon Ortlepp

    Hi Slavisa,
    Just to check, is this from implementing the example on page 7?

    Reply

Related Posts

Patrik Dudits presenting at Devoxx Belgium 2025 5 minutes
Cloud & Microservices
Patrik Duditš
14 Nov 2025

Devoxx BE 2025: It Only Starts with a Container & How Abstraction Becomes Reality 

At Devoxx Belgium 2025, I was able to talk about what happens after you build your container. In theory, […]

Read More
The Imperative for Legacy Java Modernization in Banking Cover 2 minutes
Jakarta EE
Luqman Saeed
24 Oct 2025

The $57 Billion Problem: Why Banking’s Java Legacy Crisis Demands Immediate Action

How outdated Java systems are draining budgets and throttling innovation across financial services? Let’s dig in in this blog […]

Read More
Interview The software that could be putting your cyber-security at risk 2 minutes
Security
Payara Content Team
22 Oct 2025

Middleware Cyber Security: The Hidden Risk Every C-Suite Should Prioritize

When tackling cyber risk at the strategic level, it pays to learn from trusted leaders. Steve Millidge, CEO and […]

Read More