I have a quarkus project I try to secure some of my endpoints with a Jwt token. So far, it don't work. everything is still accessible. my application.properties: it worth notting that the lines are in gray in my IDE ( Intellij), and my IDE say they are not used nor by my project nor it's dependency. Speaking of dependency,

quarkus and jwt token, application.properties var don’t work

I have a quarkus project I try to secure some of my endpoints with a Jwt token.

So far, it don’t work. everything is still accessible.

my application.properties:

quarkus.http.auth.permission.public.paths=/api/bo/authenticate
quarkus.http.auth.permission.public.policy=permit

quarkus.http.auth.policy.admin-role.roles-allowed=ADMINISTRATEUR_SYSTEME
quarkus.http.auth.permission.admin.paths=/api/bo/private/**
quarkus.http.auth.permission.admin.policy=admin-role
quarkus.http.auth.permission.admin.enabled=true

mp.jwt.verify.publickey.location=jwt/publicKey.pem
mp.jwt.verify.issuer=https://xxxxx.fr
quarkus.smallrye-jwt.enabled=true
smallrye.jwt.sign.key.location=jwt/privateKey.pem

JavaScript
​x
 
quarkus.http.auth.permission.public.paths=/api/bo/authenticatequarkus.http.auth.permission.public.policy=permit​quarkus.http.auth.policy.admin-role.roles-allowed=ADMINISTRATEUR_SYSTEMEquarkus.http.auth.permission.admin.paths=/api/bo/private/**quarkus.http.auth.permission.admin.policy=admin-rolequarkus.http.auth.permission.admin.enabled=true​mp.jwt.verify.publickey.location=jwt/publicKey.pemmp.jwt.verify.issuer=https://xxxxx.frquarkus.smallrye-jwt.enabled=truesmallrye.jwt.sign.key.location=jwt/privateKey.pem​

it worth notting that the lines

mp.jwt.verify.publickey.location=jwt/publicKey.pem
mp.jwt.verify.issuer=https://xxxxx.fr
quarkus.smallrye-jwt.enabled=true
smallrye.jwt.sign.key.location=jwt/privateKey.pem

JavaScript
 
mp.jwt.verify.publickey.location=jwt/publicKey.pemmp.jwt.verify.issuer=https://xxxxx.frquarkus.smallrye-jwt.enabled=truesmallrye.jwt.sign.key.location=jwt/privateKey.pem​

are in gray in my IDE ( Intellij), and my IDE say they are not used nor by my project nor it’s dependency.

Speaking of dependency, I have this in my pom:

<dependencies>
...
<dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-smallrye-jwt-build</artifactId>
</dependency>
<dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-smallrye-health</artifactId>
</dependency>
   <dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-smallrye-jwt</artifactId>
</dependency>
  <dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-smallrye-openapi</artifactId>
</dependency>

JavaScript
 
<dependencies>...<dependency>  <groupId>io.quarkus</groupId>  <artifactId>quarkus-smallrye-jwt-build</artifactId></dependency><dependency>  <groupId>io.quarkus</groupId>  <artifactId>quarkus-smallrye-health</artifactId></dependency>   <dependency>  <groupId>io.quarkus</groupId>  <artifactId>quarkus-smallrye-jwt</artifactId></dependency>  <dependency>  <groupId>io.quarkus</groupId>  <artifactId>quarkus-smallrye-openapi</artifactId></dependency>​

Any idea?

Answer

The issue was, the double “**” a simple * work just fine

quarkus.http.auth.permission.admin.paths=/api/bo/private/*

Advertisement

Answer