Securing inter-service communication and data access has become crucial as microservices become the architectural standard in enterprise software development. In dynamic, cloud-native systems, traditional perimeter-based security solutions are no longer adequate. The Zero-Trust Architecture (ZTA) in Java-based microservices is thoroughly examined in this study. We go over the fundamentals of ZTA, look at how it applies to microservices, and offer thorough methods for implementing zero-trust policies with industry-standard frameworks and tools like OAuth 2.0, Istio, and Spring Security. Additionally, a case study showing how ZTA is implemented in a distributed Java microservices application is provided.

Zero-Trust Architecture, Java Microservices, Spring Security, OAuth 2.0, Service Mesh, Istio, Cloud Security, Identity and Access Management.Identity and Access Management.

NIST Special Publication 800-207, "Zero Trust Architecture," National Institute of Standards and Technology, 2020.

R. Chandramouli, “Zero Trust Architecture Design Principles,” NIST.

Spring Security Reference, https://docs.spring.io/spring-security/

Istio Security Guide, https://istio.io/latest/docs/concepts/security/

OAuth 2.0 Framework, https://datatracker.ietf.org/doc/html/rfc6749

OpenID Connect Core 1.0, https://openid.net/specs/openid-connect-core-1_0.html

“Securing Microservices with Istio and Mutual TLS,” CNCF, 2021.

Keycloak Documentation, https://www.keycloak.org/documentation

GitHub - Java JWT Libraries, https://github.com/jwtk/jjwt

“Zero Trust Security for Microservices,” InfoQ, https://www.infoq.com/articles/zero-trust-microservices/