Chapter 11. Authentication and Authorization
In this chapter, you will learn about how authorization and authentication, the backbone of application security, work within a Quarkus application. We’ll discuss the following topics:
-
File-backed authentication and authorization schemes
-
Databased-backed authentication and authorization schemes
-
External-service-backed authentication and authorization schemes
Quarkus Security Basics
Before we get to our first recipe, this section will show you the basics of Quarkus and security, the security extensions you will use to load authentication sources, and how to protect resources using a role-based access control (RBAC) approach.
The examples shown in this section are not meant to be runnable, but they will be the basis for the upcoming recipes in which we are going to see the security extensions in action.
The following are the two main concepts regarding security:
- Authentication
-
Validate your credentials (i.e., username/password) to verify your identity so that the system knows who you are.
- Authorization
-
Verify your rights to be granted access to a protected resource. This happens after the authentication process.
Authentication
Quarkus provides two authenticating mechanisms for HTTP, the well-known BASIC and FORM methods. These mechanisms can be extended by any Quarkus extension to provide a custom authentication method. An example of these mechanisms is found in the form of the Quarkus extension to authenticate against ...
Get Quarkus Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
