1. Create Project
quarkus create app at.htl:http-filter-auth \
--extension quarkus-resteasy \
,quarkus-resteasy-jacksonresult:
Looking for the newly published extensions in registry.quarkus.io ----------- selected extensions: - io.quarkus:quarkus-resteasy - io.quarkus:quarkus-resteasy-jackson applying codestarts... 📚 java 🔨 maven 📦 quarkus 📝 config-properties 🔧 tooling-dockerfiles 🔧 tooling-maven-wrapper 🚀 resteasy-codestart ----------- Looking for the newly published extensions in registry.quarkus.io ----------- selected extensions: - io.quarkus:quarkus-resteasy - io.quarkus:quarkus-resteasy-jackson applying codestarts... 📚 java 🔨 maven 📦 quarkus 📝 config-properties 🔧 tooling-dockerfiles 🔧 tooling-maven-wrapper 🚀 resteasy-codestart ----------- [SUCCESS] ✅ quarkus project has been successfully generated in: --> /Users/stuetz/SynologyDrive/htl/skripten/themen/jakartaee-microprofile/quarkus/50-quarkus-security/quarkus-security-lecture-notes/labs/auth ----------- Navigate into this directory and get started: quarkus dev
run project
quarkus dev --clean
access endpoint with curl
❯ curl http://localhost:8080/hello Hello RESTEasy%
access endpoint with httpie
❯ http localhost:8080/hello HTTP/1.1 200 OK Content-Type: text/plain;charset=UTF-8 content-length: 14 Hello RESTEasy
Figure 1. access endpoint with the rest-client of the IDE
3. First Usage of a ContainerRequestFilter
package at.htl.auth;
import io.quarkus.logging.Log;
import jakarta.annotation.Priority;
import jakarta.ws.rs.Priorities;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
@Provider
@Priority(Priorities.AUTHENTICATION) (1)
public class AuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext ctx) throws IOException {
Log.info("Container Request Filter for authentication - Wer bin ich?");
}
}| 1 | Die Priority legt die Aufrufreihenfolge der Filter fest. Die Authentifizierung muss als Erstes erfolgen. |
-
Führt man neuerlich einen Request aus, so wird in der Console des Servers der Logeintrag angezeigt
2024-09-28 17:51:18,515 INFO [at.htl.aut.AuthenticationFilter] (executor-thread-1) Container Request Filter for authentication - Wer bin ich?
4. Add Basic Auth to ContainerRequestFilter
Zunächst erstellen base64-codierte Credentials
❯ echo -n "john:doe" | base64 am9objpkb2U=
-
When you do
echo "password" | md5, echo adds a newline to the string to be hashed, i.e. password\n. When you add the -n switch, it doesn’t, so only the characters password are hashed. (source)
Nun setzen wir einen GET-Request ab
GET http://localhost:8080/hello
Authorization: Basic am9objpkb2U=