book

Quarkus Cookbook

by Alex Soto Bueno, Jason Porter

July 2020

Intermediate to advanced

392 pages

7h 20m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Who Should Read This BookWhy We Wrote This BookNavigating This BookConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
Developer-FriendlyIntegration with KubernetesMemory and First Response TimeA Basic Quarkus Workflow
2.1. Scaffolding a Quarkus Project with Maven2.2. Scaffolding a Quarkus Project with Gradle2.3. Scaffolding a Quarkus Project with the Quarkus Start Coding Website2.4. Scaffolding a Quarkus Project with Visual Studio Code2.5. Live Reloading with Dev Mode2.6. Serving Static Resources
3.1. Creating a Simple REST API Endpoint3.2. Extracting Request Parameters3.3. Using Semantic HTTP Response Status Codes3.4. Binding HTTP Methods3.5. Enabling Cross-Origin Resource Sharing (CORS)3.6. Using Reactive Routes3.7. Intercepting HTTP Requests3.8. Secure Connections with SSL
4.1. Configuring the Application with Custom Properties4.2. Accessing Configuration Properties Programmatically4.3. Overwriting Configuration Values Externally4.4. Configuring with Profiles4.5. Changing Logger Configuration4.6. Adding Application Logs4.7. Advanced Logging4.8. Configuring with Custom Profiles4.9. Creating Custom Sources4.10. Creating Custom Converters4.11. Grouping Configuration Values4.12. Validating Configuration Values
5.1. Marshalling/Unmarshalling JSON5.2. Marshalling/Unmarshalling XML5.3. Validating Input and Output Values5.4. Creating Custom Validations5.5. Validating Objects Programmatically5.6. Injecting Dependencies5.7. Creating Factories5.8. Executing Object Life Cycle Events5.9. Executing Application Life Cycle Events5.10. Using a Named Qualifier5.11. Using Custom Qualifiers5.12. Qualifying and Configuring Annotations5.13. Creating Interceptors5.14. Writing Behavioral Tests5.15. Writing Unit Tests5.16. Creating Mock Objects5.17. Creating Mock Objects with Mockito5.18. Grouping Several Annotations into One with a Meta-Annotation5.19. Executing Code Before or After a Test5.20. Testing the Native Executable
6.1. Running in Command Mode6.2. Creating a Runnable JAR File6.3. Über-JAR Packaging6.4. Building a Native Executable6.5. Building a Docker Container for JAR File6.6. Building a Docker Container for Native File6.7. Build and Dockerize a Native SSL Application
7.1. Defining a Datasource7.2. Using Multiple Datasources7.3. Adding Datasource Health Check7.4. Defining Transaction Boundaries Declaratively7.5. Setting a Transaction Context7.6. Programmatic Transaction Control7.7. Setting and Modifying a Transaction Timeout7.8. Setup with Persistence.xml7.9. Setup Without persistence.xml7.10. Using Entities from a Different JAR7.11. Persisting Data with Panache7.12. Finding All Entity Instances with Panache listAll Method7.13. Finding Individual Entities with Panache findById Method7.14. Finding Entities Using Panache Find and List Methods7.15. Obtaining a Count of Entities Using the Panache count Method7.16. Paginating Through Entity Lists Using the Panache page Method7.17. Streaming Results via the Panache Stream Method7.18. Testing Panache Entities7.19. Using a Data Access Object (DAO) or Repository Pattern7.20. Using Amazon DynamoDB7.21. Working with MongoDB7.22. Using Panache with MongoDB7.23. Using Neo4j with Quarkus7.24. Flyway at Startup7.25. Using Flyway Programmatically
8.1. Implementing Automatic Retries8.2. Implementing Timeouts8.3. Avoiding Overloads with the Bulkhead Pattern8.4. Avoiding Unnecessary Calls with the Circuit Breaker Pattern8.5. Disabling Fault Tolerance

9.1. Using Automatic Health Checks9.2. Creating Custom Health Checks9.3. Exposing Metrics9.4. Creating Metrics9.5. Using Distributed Tracing9.6. Custom Distributed Tracing
10.1. Building and Pushing Container Images10.2. Generating Kubernetes Resources10.3. Generating Kubernetes Resources with Health Checks10.4. Deploying Services on Kubernetes10.5. Deploying Services on OpenShift10.6. Building and Deploying a Container Image Automatically10.7. Configuring an Application from Kubernetes10.8. Configuring an Application from Kubernetes with Config Extension10.9. Interacting with a Kubernetes Cluster Programmatically10.10. Testing Kubernetes Client Interactions10.11. Implementing a Kubernetes Operator10.12. Deploying and Managing Serverless Workloads with Knative
Quarkus Security Basics11.1. Authentication and Authorization with Elytron Properties File Config11.2. Authentication and Authorization with Elytron Security JDBC Config11.3. Authorization with MicroProfile JWT11.4. Authorization and Authentication with OpenId Connect11.5. Protecting Web Resources with OpenId Connect
12.1. Storing Data Using Kubernetes Secrets12.2. Store Configuration Secrets Securely with Vault12.3. Cryptography as a Service12.4. Generate Database Password as Secret12.5. Authenticating Services Using Vault Kubernetes Auth
13.1. Using the JAX-RS Web Client13.2. Using the MicroProfile REST Client13.3. Implementing a CRUD Client13.4. Manipulating Headers13.5. Using REST Client for Multipart Messages13.6. Using REST Client to Configure SSL
14.1. Using Spring Dependency Injection14.2. Using Spring Web14.3. Using Spring Data JPA14.4. Using Spring Security14.5. Using Spring Boot Properties
15.1. Creating Async HTTP Endpoints15.2. Streaming Data Asynchronously15.3. Using Messaging to Decouple Components15.4. Reacting to Apache Kafka Messages15.5. Sending Messages to Apache Kafka15.6. Marshalling POJOs into/out of Kafka15.7. Using Kafka Streams API15.8. Using AMQP with Quarkus15.9. Using MQTT15.10. Query Using Reactive SQL15.11. Insert Using Reactive SQL Client15.12. Using the Reactive MongoDB Client15.13. Using the Reactive Neo4j Client
16.1. Creating Templates with the Qute Template Engine16.2. Rending HTML Using Qute16.3. Changing the Location of Qute Templates16.4. Extending Qute Data Classes16.5. Describing Endpoints with OpenAPI16.6. Customizing OpenAPI Spec16.7. Sending Email Synchronously16.8. Sending Email Reactively16.9. Creating Scheduled Jobs16.10. Using Application Data Caching

Content preview from Quarkus Cookbook

Chapter 11. Authentication and Authorization

In this chapter, you will learn about how authorization and authentication, the backbone of application security, work within a Quarkus application. We’ll discuss the following topics:

File-backed authentication and authorization schemes
Databased-backed authentication and authorization schemes
External-service-backed authentication and authorization schemes

Quarkus Security Basics

Before we get to our first recipe, this section will show you the basics of Quarkus and security, the security extensions you will use to load authentication sources, and how to protect resources using a role-based access control (RBAC) approach.

The examples shown in this section are not meant to be runnable, but they will be the basis for the upcoming recipes in which we are going to see the security extensions in action.

The following are the two main concepts regarding security:

Authentication: Validate your credentials (i.e., username/password) to verify your identity so that the system knows who you are.
Authorization: Verify your rights to be granted access to a protected resource. This happens after the authentication process.

Authentication

Quarkus provides two authenticating mechanisms for HTTP, the well-known BASIC and FORM methods. These mechanisms can be extended by any Quarkus extension to provide a custom authentication method. An example of these mechanisms is found in the form of the Quarkus extension to authenticate against ...