Once the decision has been made to use containers and microservices, it's good to know that MVC 1.0 and the Java EE Security API will make the development process much easier.

I'm not sure if you'd call it an irony or a paradox, but something definitely is amusing about the fact that microservices sessions at JavaOne tend to pack the house, while Java Champion Ivar Grimstad's talks on Java EE Security and the Model-View-Controller framework will largely fly under the radar.

Sure, loads of people are still wondering about what the benefits are to using Docker containers or how they can convince the rest of the development team to move away from a traditional service-oriented architecture-based system and into a container-based microservices architecture. But once those decisions are made and the rubber hits the road, they'll likely be leveraging the MVC 1.0 API for developing presentation-tier components, and it's the new Java EE Security API, included with Java Enterprise Edition (EE) 8, that will make self-contained microservices security possible.

MVC 1.0 and JAX-RS

The relationship between the UI-based MVC 1.0 API and microservices development may not be obvious, but when you look under the covers of how the API is implemented, the relationship becomes much clearer. Under the covers, the MVC 1.0 API plays heavily with representational state transfer and the Java API for RESTful Web Services (JAX-RS). "The most important thing, the way I see it, is that MVC 1.0 is built on top of JAX-RS. If you're used to using JAX-RS to create your REST endpoints, it's an easy decision to also add some web interfaces to your applications," Grimstad said. "Most REST-based microservices have some type of admin tool that goes along with them. With MVC 1.0, you can now build that UI tool using exactly the same technology as the microservice itself."

With MVC 1.0, you can now build that UI tool using exactly the same technology as the microservice itself. Ivar GrimstadJava Champion

The other big facilitator for future microservices deployment and development is the ratification of JSR-375, the Java EE Security API.

One the one hand, JSR-375 reads like the standardization of a large number of topics that everyone was already dealing with. HTTP authentication mechanisms, custom user registry creation and interaction with an identity store were all subjects that needed standardization -- there's no doubt about that -- but it's not exactly a project that elicits tears of joy from the greater Java community. However, according to Grimstad, a little gem is hidden between the lines of the Java Security API that will bring securing microservices into a new age of enlightenment.

Java EE Security API and microservices

"This is a brand-new API for EE 8," Grimstad said. "And it's an important specification because it bridges some of the gaps missing in earlier editions." But more than bridging gaps, it has the ability to include annotation-based security configurations within the application itself, creating a situation in which an application or, more to the point, a self-contained microservices component can go directly into production without any external configuration being required. "You do it within the application, so you don't have to configure it from the outside. Security configuration is contained within the application."

Together, the new Java Security API and MVC 1.0 will drive Java-based microservices development into the future faster than any flux capacitor on a DeLorean ever could. To learn more about how that will happen, attend Grimstad's JavaOne session on the topic. And for those not in San Francisco attending the Oracle conference, an inexpensive alternative is to listen to the accompanying podcast in which TheServerSide's Cameron McKenzie chats with the Java Champion.