Reputation: 53
Is it possible to use quarkus security with quarkus-smallrye-graphql?
I am trying to use the quarkus-smallrye-graphql extension. And it seems like I cannot use any of the security annotations such as @Authenticated in a class annotated with @GraphQLApi. I previously tried to use the smallrye-graphql project directly and I was able to use security. But now when using the offered extension in quarkus, it does not work.
A simple example of api class is
@GraphQLApi
public class SomeApi {
@Query
@Authenticated
public String testQuery() {
return "hello...";
}
}
This does not work with the extension and I always get the unauthorized exception. Does anyone know how to do this?
Upvotes: 5
Views: 1596
Answers (1)
Reputation: 1314
The extension is not properly integrated with programmatic security yet. Please follow https://github.com/quarkusio/quarkus/issues/10001 that I've reported, it should be fixed soon.
In the meantime, it is possible to use config-based security as described in https://quarkus.io/guides/security#authorization-of-web-endpoints-using-configuration, just use /graphql* for the quarkus.http.auth.permission.roles1.paths property
Upvotes: 3
Related Questions
- Is it possible to use jOOQ with Quarkus?
- Quarkus SmallRye Graphql-Client Mutation Query
- Unit Testing with quarkus-smallrye-graphql
- Quarkus: automatically generate CRUD for Graphql endpoint
- Quarkus GraphQL Client with Keycloak
- Quarkus Configure Metrics for SmallRye Fault Tolerance
- Accessing headers on Quarkus Graphql
- Quarkus and Firebase Authentication
- Quarkus GraphQL: How to change the default endpoint?
- Quarkus with ActiveMQ?