'How to disable security in Quarkus
I´ve implemented JWT RBAC in my Quarkus application, but I don´t want to provide tokens whenever I´m testing my application locally.
EDIT:
What I´ve tried so far are setting these properties to "false" without any effect.
quarkus.oauth2.enabled=false
quarkus.security.enabled=false
quarkus.smallrye-jwt.enabled=false
Currently I´ve commented out all of
//@RolesAllowed({"user"})
to "disable" auth locally.
Is there any property to disable security / enable endpoints for any given role?
Solution 1:[1]
You can implement an AuthorizationController (io.quarkus.security.spi.runtime.AuthorizationController)
public class DisabledAuthController extends AuthorizationController {
@ConfigProperty(name = "disable.authorization")
boolean disableAuthorization;
@Override
public boolean isAuthorizationEnabled() {
return disableAuthorization;
}
}
In Quarkus guides, you can find more information
https://quarkus.io/guides/security-customization#disabling-authorization
Solution 2:[2]
Use following quarkus configuration:
quarkus.http.auth.proactive=false
Solution 3:[3]
It looks like you are using MicroProfile JWT RBAC, so set this: quarkus.smallrye-jwt.enabled=false
A broader FYI, you can find the JWT RBAC properties here, in the context of all available properties too.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | J.GarcĂa |
| Solution 2 | Timi Ruprecht |
| Solution 3 | John Clingan |