Quarkus Securityの概要
Quarkus Security is a framework that provides the architecture, multiple authentication and authorization mechanisms, and other tools to build secure and production-quality Java applications.
Before building security into your Quarkus applications, learn about the Quarkus Security architecture and the different authentication mechanisms and features you can use.
Quarkus Securityの主な機能
Quarkusセキュリティフレームワークには、Basic認証、フォームベース認証、相互TLS(mTLS)認証の組み込み認証メカニズムが用意されています。OpenID Connect(OIDC)やWebAuthnなど、その他のよく知られた 認証メカニズム を使用することもできます。
Authentication mechanisms depend on Identity providers to verify the authentication credentials and map them to a SecurityIdentity instance with the username, roles, original authentication credentials, and other attributes.
Quarkus also includes built-in security to allow for role-based access control (RBAC) based on the common security annotations @RolesAllowed, @DenyAll, @PermitAll on REST endpoints, and Contexts and Dependency Injection (CDI) beans.
For more information, see the Quarkus Authorization of web endpoints guide.
Quarkus Securityは、以下の機能もサポートしています:
Quarkus Securityは、高度なカスタマイズも可能です。詳細については、Quarkus Securityの ヒントとトリック ガイドを参照してください。
Quarkus セキュリティー入門
Quarkusのセキュリティに入門するには、組込のQuarkus Basic認証 とJakarta Persistence IDプロバイダを使用してQuarkusアプリケーションのエンドポイントを保護し、ロールベースのアクセス制御を有効にすることを検討してください。
Complete the steps in the Getting started with Security by using Basic authentication and Jakarta Persistence tutorial.
After successfully securing your Quarkus application with Basic authentication, you can increase the security further by adding more advanced authentication mechanisms, for example, the Quarkus OpenID Connect (OIDC) authorization code flow mechanism guide.
Quarkus Securityのテスト
For guidance on testing Quarkus Security features and ensuring that your Quarkus applications are securely protected, see the Security testing guide.
Quarkusのセキュリティ機能についての詳細
クロスオリジンリソース共有
To make your Quarkus application accessible to another application running on a different domain, you need to configure cross-origin resource sharing (CORS). For more information about the CORS filter Quarkus provides, see the CORS filter section of the Quarkus "Cross-origin resource sharing" guide.
クロスサイト・リクエスト・フォージェリ(CSRF)対策
Quarkus Security provides a Quarkus REST (formerly RESTEasy Reactive) filter that can protect your applications against a Cross-Site Request Forgery attack. For more information, see the Quarkus Cross-Site Request Forgery Prevention guide.
SameSite クッキー
You can add a SameSite cookie property to any of the cookies set by a Quarkus endpoint. For more information, see the SameSite cookies section of the Quarkus "HTTP reference" guide.
シークレットエンジン
You can use secrets engines with Quarkus to store, generate, or encrypt data.
Quarkus provides additional extensions in Quarkiverse for securely storing credentials, for example, Quarkus and HashiCorp Vault.
環境プロパティへのシークレットの保存
Quarkus provides support to store secrets in environment properties. For more information, see the Quarkus store secrets in an environment properties file guide.
安全なシリアライゼーション
If your Quarkus Security architecture includes Quarkus REST (formerly RESTEasy Reactive) and Jackson, Quarkus can limit the fields included in JSON serialization based on the configured security. For more information, see the JSON serialization section of the Quarkus “Writing REST services with Quarkus REST (formerly RESTEasy Reactive)” guide.
自動生成されたリソースをREST Data with Panacheで保護
If you use the REST Data with Panache extension to auto-generate your resources, you can still use security annotations within the package jakarta.annotation.security.
For more information, see the Securing endpoints section of the Quarkus "Generating Jakarta REST resources with Panache" guide.
セキュリティ脆弱性の検出
ほとんどのQuarkusタグは、米国 国家脆弱性データベース(NVD )に報告されます。 セキュリティ脆弱性については、 Quarkusのセキュリティ脆弱性の検出と報告 に関するガイドを参照してください。
