or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

cdi-dependency-injection.mdconfiguration.mdcore-runtime.mddata-persistence.mdindex.mdreactive-programming.mdrest-web-services.mdscheduling.mdsecurity.mdtesting.md

security.mddocs/

0
# Security and Authentication
1


2
Quarkus provides comprehensive security framework with support for OIDC, JWT, RBAC, and integration with various authentication providers and security standards.
3


4
## Core Security Annotations
5


6
### Authorization Annotations
7


8
```java { .api }
9
@Target({ElementType.TYPE, ElementType.METHOD})
10
@Retention(RetentionPolicy.RUNTIME)
11
public @interface RolesAllowed {
12
    String[] value();
13
}
14


15
@Target({ElementType.TYPE, ElementType.METHOD})
16
@Retention(RetentionPolicy.RUNTIME)
17
public @interface PermitAll {
18
}
19


20
@Target({ElementType.TYPE, ElementType.METHOD})
21
@Retention(RetentionPolicy.RUNTIME)
22
public @interface DenyAll {
23
}
24
```
25


26
Standard security annotations for method-level authorization.
27


28
### QuarkusSecurityIdentity
29


30
```java { .api }
31
public interface QuarkusSecurityIdentity extends SecurityIdentity {
32
    Principal getPrincipal();
33
    Set<String> getRoles();
34
    <T> Attribute<T> getAttribute(String name);
35
    boolean hasRole(String role);
36
    boolean isAnonymous();
37
}
38
```
39


40
Quarkus-specific security identity interface providing access to authentication and authorization information.
41


42
**Usage Example:**
43
```java
44
@Path("/secure")
45
public class SecureResource {
46
    
47
    @Inject
48
    SecurityIdentity identity;
49
    
50
    @GET
51
    @RolesAllowed("user")
52
    public String userEndpoint() {
53
        return "Hello " + identity.getPrincipal().getName();
54
    }
55
    
56
    @GET
57
    @Path("/admin")
58
    @RolesAllowed("admin")
59
    public String adminEndpoint() {
60
        return "Admin access granted";
61
    }
62
}
63
```