A few weeks ago I interested to try Quarkus, actually 1.0 was released last November, but I didn’t have much free time to try. Right now I have pretty much free time because of the rona. I want to share my experience on how to secure your http API in Quarkus using JWT, because I think it’s important feature. For comparison with Spring Webflux, you can see my story here, for Spring Webmvc see my repo here.
JWT on Quarkus is more simple than Spring, because it’s an official feature.
1. Setup Project
Go to https://code.quarkus.io/ select at least this 2 package dependency.
- RESTEasy JSON-B
- SmallRye JWT
2. Create Public and Private Key
For unix-like OS you can run this command on terminal, for private key
openssl req -newkey rsa:2048 -new -nodes -keyout privatekey.pem -out csr.pem
for public key
openssl rsa -in privatekey.pem -pubout > publickey.pem
publickey.pem to resource folder (src/main/resources).
3. Config Project
Add some config to
quarkus.smallrye-jwt.enabled=true# for jwt expiration duration
TokenUtils class for generating token.
Next, create some User POJO and some other DTO.
6. Password Encoder
Next, create your custom password encoder (for user’s password simulation), don’t forget to add some properties for your secret salt on
# for user's password simulation
7. http API
Next, create endpoint for login (generate token), don’t forget
@PermitAll for login endpoint.
And this is for example secured endpoint.
Done 👍, next you can test your http API (e.g. using Postman).
Full source code is available on my Github page.
Contribute to ard333/quarkus-jwt development by creating an account on GitHub.
Thanks for reading (Sorry For My Bad English 😅) and feel free to comment.
Are you looking for information about remote work?
or have a cool resource about remote work?
remotework.FYI is all you need to know about remote work, find and share cool resources right now.