I have a quarkus project I try to secure some of my endpoints with a Jwt token.
So far, it don’t work. everything is still accessible.
my application.properties:
quarkus.http.auth.permission.public.paths=/api/bo/authenticate quarkus.http.auth.permission.public.policy=permit quarkus.http.auth.policy.admin-role.roles-allowed=ADMINISTRATEUR_SYSTEME quarkus.http.auth.permission.admin.paths=/api/bo/private/** quarkus.http.auth.permission.admin.policy=admin-role quarkus.http.auth.permission.admin.enabled=true mp.jwt.verify.publickey.location=jwt/publicKey.pem mp.jwt.verify.issuer=https://xxxxx.fr quarkus.smallrye-jwt.enabled=true smallrye.jwt.sign.key.location=jwt/privateKey.pem
it worth notting that the lines
mp.jwt.verify.publickey.location=jwt/publicKey.pem mp.jwt.verify.issuer=https://xxxxx.fr quarkus.smallrye-jwt.enabled=true smallrye.jwt.sign.key.location=jwt/privateKey.pem
are in gray in my IDE ( Intellij), and my IDE say they are not used nor by my project nor it’s dependency.
Speaking of dependency, I have this in my pom:
<dependencies> ... <dependency> <groupId>io.quarkus</groupId> <artifactId>quarkus-smallrye-jwt-build</artifactId> </dependency> <dependency> <groupId>io.quarkus</groupId> <artifactId>quarkus-smallrye-health</artifactId> </dependency> <dependency> <groupId>io.quarkus</groupId> <artifactId>quarkus-smallrye-jwt</artifactId> </dependency> <dependency> <groupId>io.quarkus</groupId> <artifactId>quarkus-smallrye-openapi</artifactId> </dependency>
Any idea?
Advertisement
Answer
The issue was, the double “**” a simple * work just fine
quarkus.http.auth.permission.admin.paths=/api/bo/private/*