xwoker
Reputation: 3171
Securing resources served from META-INF/resources with authentication in quarkus
What is the idiomatic way to secure static resources with authentication in quarkus?
In quarkus.io it's very easy to secure JAX-RS resources, e.g. via jwt or BasicAuth. But I failed to identify how to secure the resources served from resources/META-INF/resources with the same authentication mechanism.
As a workaround, we read the files placed directly into resources and wrote an passthrough JAX-RS resource:
@RequestScoped
@Path("static")
public class StaticResources {
@Inject
protected JsonWebToken jwt;
@GET
@Path("{filename}")
public Response serve(@PathParam("filename") String file) {
if (! hasValidJwt()) {
return Response.status(401).build();
}
return Response.ok(loadFromFile(file)).build();
}
...
}
This works fine (for our purposes)! But I assume that there are better ways to solve this requirement.
Upvotes: 0
Views: 830
Answers (1)
Serkan
Reputation: 1215
if I'm not wrong you can define paths in application.properties and protect them.
Here is an example:
https://quarkus.io/guides/security-authorization
the relevant lines are:
quarkus.http.auth.permission.authenticated.paths=/*
quarkus.http.auth.permission.authenticated.policy=authenticated
Upvotes: 1
Related Questions
- How to retrieve SecurityContext in a Quarkus application?
- Providing the SecurityIdentity directly to a Quarkus/RESTEasy web service method
- Quarkus Security: Using JPA security in combination with LDAP Authentication
- Quarkus Custom JWT Validation
- How to configure JPA security for Quarkus (Getting NullPointerException)?
- How to securing programmatic resources in a jersey?
- How can a JAX-RS REST service have authentication handled by annotations?
- JAX-RS security and Authentication
- JAX-RS: How to secure REST endpoints?
- JAX-RS and custom authorization