Pavel B. Java Software Engineer with Keycloak expertise
Summary
- 15 years in the software development industry as a Java Engineer
- 6+ years of experience with Keycloak, utilizing Keycloak for permission and role/group-based authorization with decentralized user access management.
- Adept at integrating Keycloak with external user sources such as LDAP and databases, and implementing custom sync mappers for groups.
- Proficient in designing and implementing architectural solutions of web-based applications.
- Team leading, organization of development process experience.
- Experience with Java, and JS (SpringBoot, ReactJs).
- Experience with different DB engines, and SQL performance optimization.
- Web app security. Authentication & Authorization.
- DevOps (Docker, K8s, Jenkins)
- AWS Cloud
- Upper-Intermediate English
Experience
Senior Software Engineer, zooplus
Dec 2016 - Present (6 years 5 months)
Responsibilities:
- Working on a company cross-cutting topics.
- Making the architectural design and implementation in the Cloud. Working closely with other development teams daily.
- Defining and developing distributed microservices-based architecture—particular accent on security and microservices authorization, following the principles of DevOps.
- Developing and maintaining the company's SSO infrastructure and multiple client-oriented applications.
Keycloak authorization scenario:
Permission and role/group-based authorization with decentralized user access management.
The system is based on the Keycloak cluster, integrated with an external user base running on LDAP, plus another DB integration.
Keycloak has custom integration with an LDAP server that allows custom sync mappers for groups and supports event emitting via a cloud-based queue for synchronization with an external user rights management system.
Custom user permissions and group mappers are used during the authorization (OAuth2 or SAML) process. Mappers request the external user rights management system (which has REST endpoints protected by Keycloak) with authorization based on the s2s token obtained on the Keycloak level and stored in the local cache to increase performance.
Keycloak SPIs:
Keycloak is used as a central authorization/authentication point with HA cluster setup in the Cloud and has various integration with external user sources (DB, LDAP, Azure AD) with custom synchronization support extensions. Support user authorization with the usage of external permissions management system. Also, custom actions were implemented for auth flow and user account actions with user actions SPI and an extension that allows sending various events to the messaging system.
User session management SPI extension that enables running sessions backup and restores process. And much more others.
Technologies: AWS, Java, Kotlin, Spring Boot, Terraform, React JS, Keycloak, PostgreSQL, Oracle, Jenkins Pipeline DSL, Docker, K8S.
Java Developer, Luxoft
Dec 2015 - Nov 2016 (1 year)
Responsibilities:
- Data visualization framework - Java web application for business data visualization and reports building.
- GWT, SpringBoot, data management (based on Apache Calcite, Apache Spark)
Java developer, Luxoft
Mar 2014 - Dec 2014 (10 months)
Responsibilities:
- Financial Data Managing - a high-loaded system for managing, organizing, and storing incoming data.
- Enterprise Java application, JBPM5 framework, XML, XSLT data transformation, Hibernate, Spock
Java developer, PrivatBank
Aug 2006 - Feb 2014 (7 years 7 months)
Responsibilities:
- High-loaded services for inner usage.
- Java (JDBC, JMS, j2ee, JSP, Spring, MyBatis), SQL (Sybase, ASE, IQ) complex query optimization, REST
- Team leading, organization of development process
- Architecture design of web-based applications
Education
Bachelor's Degree, Computer Systems Networking and Telecommunications, Dnipropetrovs'kij Nacional'nij Universitet
2002 - 2007