Skip to content
/ jwt-rbac-quarkus Public

This repository is a tutorial for JUG Istanbul's How to use JWT RBAC with Quarkus meetup that showing how to verify JSON Web Tokens and provide secured access to the HTTP endpoints using Bearer Token Authorization and RBAC in Quarkus

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hakdogan/jwt-rbac-quarkus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
rsaKeyPair.sh
rsaKeyPair.sh
 
 

Repository files navigation

How to Use JWT RBAC in Quarkus

This repository is a tutorial for JUG Istanbul's How to use JWT RBAC with Quarkus meetup that showing how to verify JSON Web Tokens and provide secured access to the HTTP endpoints using Bearer Token Authorization and Role-Based Access Control in Quarkus.

@Provider
@Secured
public class AuthenticationFilter implements ContainerRequestFilter
{

    private static final Logger LOG = LoggerFactory.getLogger(SignInResource.class);

    @Context
    HttpServerRequest httpServerRequest;

    @Override
    public void filter(ContainerRequestContext context) throws IOException {

        var method = context.getMethod();
        var uriInfo = context.getUriInfo();

        var path = uriInfo.getPath();
        var remoteAddress = httpServerRequest.remoteAddress().toString();
        var auth = null != context.getHeaderString(HttpHeaders.AUTHORIZATION);

        if(!auth) {
            context.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            return;
        }

        LOG.info(String.format("Request %s %s from IP %s User %s", method, path, remoteAddress,
                context.getSecurityContext().getUserPrincipal().getName()));
    }
}
@Path("/api/secured")
@RequestScoped
@Secured
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public class AuthorizedUserResource {
 ....   
}
@Provider
@SecuredForAdmin
public class AdminAuthorizationFilter implements ContainerRequestFilter
{

    @Override
    public void filter(ContainerRequestContext context) throws IOException {

        if(!context.getSecurityContext().isUserInRole("admin")) {
            context.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }
}
@POST
@Path("/addUser")
@SecuredForAdmin
@Transactional
public User addUser(final UserDTO dto){
    return User.add(dto);
}

Usage examples

export token=$(http POST localhost:8080/api/signIn/guest/12345)
http POST http://localhost:8080/api/secured/addUser \
"username"="testUser", \
"password"="12345", \
"role"="user" 'Authorization: Bearer '$token
HTTP/1.1 401 Unauthorized
Content-Length: 0

export token=$(http POST localhost:8080/api/signIn/hakdogan/12345)
http POST http://localhost:8080/api/secured/addUser \
"username"="testUser", \
"password"="12345", \
"role"="user" 'Authorization: Bearer '$token
HTTP/1.1 200 OK
Content-Length: 119
Content-Type: application/json

{
    "id": 4,
    "password": "$2a$10$.x9NaYIin1EqI/C5nsxAD.6cisP4HghRgDNmfG/N0nQkk8AeAGAcW",
    "role": "user",
    "username": "testUser,"
}

Requirements

  • JDK 11 or later
  • Maven 3.8.1 or later
  • Docker (for Postgresql)

How to run

#You must run rsaKeyPair.sh script before running the application
mvn quarkus:dev

About

This repository is a tutorial for JUG Istanbul's How to use JWT RBAC with Quarkus meetup that showing how to verify JSON Web Tokens and provide secured access to the HTTP endpoints using Bearer Token Authorization and RBAC in Quarkus

Topics

quarkus microprofile-jwt

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages