Quarkus Securityの概要
Quarkus Securityは、セキュアでプロダクション品質のJavaアプリケーションを構築するためのアーキテクチャ、複数の認証および認可メカニズム、その他のツールを提供するフレームワークです。
Before building security into your Quarkus applications, learn about the Quarkus Security architecture and the different authentication mechanisms and features you can use.
Quarkus Securityの主な機能
The Quarkus Security framework provides built-in security authentication mechanisms for Basic, Form-based, and mutual TLS (mTLS) authentication.
You can also use other well-known authentication mechanisms, such as OpenID Connect (OIDC) and WebAuthn.
Authentication mechanisms depend on Identity providers to verify the authentication credentials and map them to a SecurityIdentity
instance with the username, roles, original authentication credentials, and other attributes.
Quarkus also includes built-in security to allow for role-based access control (RBAC) based on the common security annotations @RolesAllowed
, @DenyAll
, @PermitAll
on REST endpoints, and Contexts and Dependency Injection (CDI) beans.
For more information, see the Quarkus Authorization of web endpoints guide.
Quarkus Securityは、以下の機能もサポートしています:
Quarkus Securityは、高度なカスタマイズも可能です。詳細については、Quarkus Securityの ヒントとトリック ガイドを参照してください。
Quarkus セキュリティー入門
Quarkusのセキュリティに入門するには、組込のQuarkus Basic認証 とJakarta Persistence IDプロバイダを使用してQuarkusアプリケーションのエンドポイントを保護し、ロールベースのアクセス制御を有効にすることを検討してください。
Complete the steps in the Getting started with Security by using Basic authentication and Jakarta Persistence tutorial.
After successfully securing your Quarkus application with Basic authentication, you can increase the security further by adding more advanced authentication mechanisms, for example, the Quarkus OpenID Connect (OIDC) authorization code flow mechanism guide.
Quarkus Securityのテスト
For guidance on testing Quarkus Security features and ensuring that your Quarkus applications are securely protected, see the Security testing guide.
Quarkusのセキュリティ機能についての詳細
WebSockets Next security
The quarkus-websockets-next
extension provides a modern, efficient implementation of the WebSocket API.
It also provides an integration with Quarkus security.
For more information, see the Security section of the Quarkus "WebSockets Next reference" guide.
クロスオリジンリソース共有
To make your Quarkus application accessible to another application running on a different domain, you need to configure cross-origin resource sharing (CORS). For more information about the CORS filter Quarkus provides, see the CORS filter section of the Quarkus "Cross-origin resource sharing" guide.
クロスサイト・リクエスト・フォージェリ(CSRF)対策
Quarkus Security provides a Quarkus REST (formerly RESTEasy Reactive) filter that can protect your applications against a Cross-Site Request Forgery attack. For more information, see the Quarkus Cross-Site Request Forgery Prevention guide.
SameSite クッキー
You can add a SameSite cookie property to any of the cookies set by a Quarkus endpoint. For more information, see the SameSite cookies section of the Quarkus "HTTP reference" guide.
シークレットエンジン
You can use secrets engines with Quarkus to store, generate, or encrypt data.
Quarkus provides additional extensions in Quarkiverse for securely storing credentials, for example, Quarkus and HashiCorp Vault.
環境プロパティへのシークレットの保存
Quarkus provides support to store secrets in environment properties. For more information, see the Quarkus store secrets in an environment properties file guide.
安全なシリアライゼーション
If your Quarkus Security architecture includes Quarkus REST (formerly RESTEasy Reactive) and Jackson, Quarkus can limit the fields included in JSON serialization based on the configured security. For more information, see the JSON serialization section of the Quarkus “Writing REST services with Quarkus REST (formerly RESTEasy Reactive)” guide.
自動生成されたリソースをREST Data with Panacheで保護
If you use the REST Data with Panache extension to auto-generate your resources, you can still use security annotations within the package jakarta.annotation.security
.
For more information, see the Securing endpoints section of the Quarkus "Generating Jakarta REST resources with Panache" guide.
セキュリティ脆弱性の検出
ほとんどのQuarkusタグは、米国 国家脆弱性データベース(NVD )に報告されます。 セキュリティ脆弱性については、 Quarkusのセキュリティ脆弱性の検出と報告 に関するガイドを参照してください。