Skip to content

Quarkus Security

DodaTech 1 min read

In this tutorial, you'll learn about Fix Quarkus Security Not Authenticating. We cover key concepts, practical examples, and best practices.

The Problem

Security annotations like @Authenticated do not enforce authentication.

Quick Fix

Add security dependency

Wrong:

<!-- No security -->

Output:

@Authenticated ignored

Right:

<dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-elytron-security</artifactId>
</dependency>

Output:

Security enabled

Use @Authenticated

Wrong:

@Path("/api")
public class SecureResource { } // No security

Output:

Open to all

Right:

@Path("/api")
@Authenticated
public class SecureResource { }

Output:

Requires authentication

Configure JWT auth

Wrong:

# No JWT config
quarkus.http.auth.permission.authenticated.paths=/api/*

Output:

No auth method

Right:

quarkus:
  http:
    auth:
      permission:
        authenticated:
          paths: /api/*
          policy: authenticated
  smallrye-jwt:
    enabled: true

Output:

JWT authentication configured

Prevention

  • Add quarkus-elytron-security dependency
  • Use @Authenticated or @RolesAllowed annotations
  • Configure JWT with smallrye-jwt extension

Common Mistakes with security

  1. Overlapping type class instances that cause GHC to reject the program with ambiguous dispatch errors
  2. Non-exhaustive pattern matches that compile with warnings then crash at runtime
  3. Misunderstanding that String is [Char] with poor performance for large text operations

These mistakes appear frequently in real-world QUARKUS code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### How do I configure role-based access control?

Use @RolesAllowed("admin") on endpoints. Configure roles in application.properties.

This quick fix is part of the DodaTech Spring & JVM ecosystem series. Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro