Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hakdogan/jwt-rbac-quarkus
This repository is a tutorial for JUG Istanbul's How to use JWT RBAC with Quarkus meetup that showing how to verify JSON Web Tokens and provide secured access to the HTTP endpoints using Bearer Token Authorization and RBAC in Quarkus
https://github.com/hakdogan/jwt-rbac-quarkus
microprofile-jwt quarkus
Last synced: about 1 month ago
JSON representation
This repository is a tutorial for JUG Istanbul's How to use JWT RBAC with Quarkus meetup that showing how to verify JSON Web Tokens and provide secured access to the HTTP endpoints using Bearer Token Authorization and RBAC in Quarkus
- Host: GitHub
- URL: https://github.com/hakdogan/jwt-rbac-quarkus
- Owner: hakdogan
- Created: 2021-07-16T12:34:49.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-08-01T14:39:56.000Z (over 3 years ago)
- Last Synced: 2024-12-20T17:59:52.532Z (about 1 month ago)
- Topics: microprofile-jwt, quarkus
- Language: Java
- Homepage:
- Size: 17.6 KB
- Stars: 1
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# How to Use JWT RBAC in Quarkus
This repository is a tutorial for `JUG Istanbul`'s `How to use JWT RBAC with Quarkus` meetup that showing how to verify JSON Web Tokens and provide secured access to the HTTP endpoints using Bearer Token Authorization and Role-Based Access Control in Quarkus.
```java
@Provider
@Secured
public class AuthenticationFilter implements ContainerRequestFilter
{
private static final Logger LOG = LoggerFactory.getLogger(SignInResource.class);
@Context
HttpServerRequest httpServerRequest;
@Override
public void filter(ContainerRequestContext context) throws IOException {
var method = context.getMethod();
var uriInfo = context.getUriInfo();
var path = uriInfo.getPath();
var remoteAddress = httpServerRequest.remoteAddress().toString();
var auth = null != context.getHeaderString(HttpHeaders.AUTHORIZATION);
if(!auth) {
context.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
return;
}
LOG.info(String.format("Request %s %s from IP %s User %s", method, path, remoteAddress,
context.getSecurityContext().getUserPrincipal().getName()));
}
}
```
```java
@Path("/api/secured")
@RequestScoped
@Secured
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public class AuthorizedUserResource {
....
}
```
```java
@Provider
@SecuredForAdmin
public class AdminAuthorizationFilter implements ContainerRequestFilter
{
@Override
public void filter(ContainerRequestContext context) throws IOException {
if(!context.getSecurityContext().isUserInRole("admin")) {
context.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
}
}
}
```
```java
@POST
@Path("/addUser")
@SecuredForAdmin
@Transactional
public User addUser(final UserDTO dto){
return User.add(dto);
}
```
## Usage examples
```shell
export token=$(http POST localhost:8080/api/signIn/guest/12345)
http POST http://localhost:8080/api/secured/addUser \
"username"="testUser", \
"password"="12345", \
"role"="user" 'Authorization: Bearer '$token
HTTP/1.1 401 Unauthorized
Content-Length: 0
export token=$(http POST localhost:8080/api/signIn/hakdogan/12345)
http POST http://localhost:8080/api/secured/addUser \
"username"="testUser", \
"password"="12345", \
"role"="user" 'Authorization: Bearer '$token
HTTP/1.1 200 OK
Content-Length: 119
Content-Type: application/json
{
"id": 4,
"password": "$2a$10$.x9NaYIin1EqI/C5nsxAD.6cisP4HghRgDNmfG/N0nQkk8AeAGAcW",
"role": "user",
"username": "testUser,"
}
```
## Requirements
- JDK 11 or later
- Maven 3.8.1 or later
- Docker (for Postgresql)
## How to run
```shell
#You must run rsaKeyPair.sh script before running the application
mvn quarkus:dev
```