Securing Microservices with mTLS, JWT, OAuth2, and more

Overview

This article explains how to secure your microservices deployment practically using the Ballerina programming language. Ballerina has first-class support for a whole bunch of security features from transport layer security like SSL/TLS, mTLS to application layer security like Basic Authentication (Basic Auth), JWT Authentication, OAuth2, etc. Let’s see how we can apply those for microservices deployment.

Ballerina is an open-source programming language for the cloud that makes it easier to use, combine, and create network services.
Source: https://ballerina.io

Microservices (or microservices architecture) is a cloud-native architectural approach in which a single application is composed of many loosely coupled and independently…


The motivation behind redesigning of Ballerina cache and its implementation from the scratch

Overview

Cache is a concept we used in programming to improve the performance.

Cache is a hardware or software component that stores data so that future requests for that data can be served faster; the data stored in a cache might be the result of an earlier computation or a copy of data stored elsewhere.
~ Source: Wikipedia

Ballerina had a cache standard library v1.0 (ballerina/cache) from the initial stages. But there were few drawbacks.

  1. The ballerina/cache only supported in memory storage mechanism where cache entries are stored in a map-based data structure as a key, value pair. There was no…


Writing Go Lang HTTP/1.1 & HTTP/2 client and server

Introduction

In this article, we will implement HTTP client and server with both HTTP/1.1 and HTTP/2 protocols; and with Go programming language.

What is HTTP/2

HTTP/2 is the second major version of the application protocol, which was officially standardized in response to Google’s HTTP-compatible SPDY protocol. Following articles explain everything about HTTP/2 clearly.

Prerequisites

Before starting, you have to setup your machine with Go Lang. Please refer Go Getting Started Guide.

Once you have successfully installed Go, execute go version command to ensure it works. This should display the Go version you installed.

NOTE: All the Go codes in this article are tested and…


Writing a Ballerina HTTP/2 client and server

NOTE: All the Ballerina codes in this article are tested and compatible with Ballerina version 1.1.0

What is Ballerina

Ballerina is a cloud-native programming language whose syntax and run-time address the difficult problems of integration.

What is HTTP/2

HTTP/2 is the second major version of the application protocol, which was officially standardized in response to Google’s HTTP-compatible SPDY protocol. These 2 articles explain everything clearly.


Authentication of HTTP endpoints

Source: https://www.trisoft.co.uk

NOTE: All the Ballerina codes in this article are tested and compatible with Ballerina version 0.980.0

What is Ballerina

Ballerina is a cloud-native programming language whose syntax and run-time address the difficult problems of integration.

What is a client endpoint

Ballerina uses client endpoints to connect to external systems. With the use of an endpoint, it handles security and makes the end user’s life easier by avoiding the external API behavior. Simply, this is a wrapper of external API.

What is securely invoking

Almost all the client endpoints are secured with different kind of authentication schemes like Basic, HMAC, OAuth 1.0, OAuth 2.0, etc. Some endpoints even support multiple authentication schemes. …


Writing a Twitter client in Ballerina

NOTE: All the Ballerina codes in this article are tested and compatible with Ballerina version 1.2.0

TL; DR

We build a Twitter connector, which can be used to Tweet, Retweet etc. with the use of Ballerina programming language. Then we publish it to Ballerina Central using GitHub Actions and make our connector available to use by everyone.

GitHub Repository:

Connector in Ballerina Central:

Prerequisites

Before starting, you have to setup your machine with Ballerina. Please refer to Installing Ballerina guide.

Once you have successfully installed Ballerina, execute ballerina -v command to make sure it works. This should display the Ballerina version you installed.


with Project-X and UltraStudio

Java NIO

Overview

File transport allows files in the local file system to be read from and written to. A polling transport scans a directory or set of directories repetitively with a given period of interval. This is usually an overhead and leads to inefficient use of system resources since it scans the entire set or directories and files periodically even when there are no modifications. As a solution, NIO file transport acts as a non-polling transport which will trigger an event if and only if a file or a directory is created or modified within its monitoring scope.

NIO File Transport

NIO File Transport of…


Source: https://blog.digitalocean.com/sammy-the-shark-gets-a-birthday-makeover-from-simon-oxley

This article explains how to deploy a JAVA web application which have MySQL database in DigitalOcean. You have to do following steps in order.

  1. Create a Droplet with Ubuntu 16.04
  2. Install Apache Tomcat 8
  3. Install MySQL
  4. Install phpMyAdmin
  5. Set Up Apache Virtual Hosts

These steps are already explained as Tutorials in DigitalOcean community. So, I will use those tutorials and connect them with the required modifications.

Step 1

First you have to create and DigitalOcean and create a droplet which is a virtual private server. …


Source: https://www.exavault.com/blog/what-is-sftp-tutorial-video-blog/

This is a comparison of the research done by Sandra Parsick. This analyze a deeper comparison of SSHJ, Apache’s Commons VFS and JSch libraries for SFTP support.

The comparison is done under the following categories:
* Client authentication over password/public key
* Server authentication
* Upload/Download files over SFTP
* Execute plain shell commands
* File operations on the remote host like move, delete, list over SFTP


Secure Copy with Java using JSch

Source: http://cdn.journaldev.com/wp-content/uploads/2011/02/jsch-example.jpg

What is SCP?

SCP (Secure Copy) allows the files in the local file system or a remote file system to be copied to the local files system or a remote file system. This uses SSH for data transfer and provides the same authentication and same level of security as SSH.

Authentication

Authentication between two hosts can be done using the ‘private and public key pair’ or ‘username and password’. But user has to make sure that the public key of the local machine should be saved in authorized_keys of the remote machine.

Test SCP

Note: The remote host can be the same localhost. …

Chanaka Lakmal

Associate Technical Lead @ WSO2 | B.Sc. Computer Science Engineering (First Class Honours) | Tech Enthusiast | Researcher | Love IAM & Security Space

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store