Authentication and Authorization using JWT Token and Roles-Based Access Control | Quarkus Tutorial
HTML-код
- Опубликовано: 12 сен 2024
- ✅ Authentication and Authorization using JWT Token and Roles-Based Access Control | Quarkus Tutoria | Quarkus Tutorial | QUARKUS | CloudNative | Java
⌚ Timestamps
00:00 Introduction | Quarkus Tutorial
I am Giuseppe Scaramuzzino and you can find me on Twitter @GiuseScara to provide feedback or discuss anything about this video 🙂
GitHub Repository:
github.com/Giu...
What is Quarkus?
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Quarkus is a MicroProfile implementation that focuses on efficiently running Java applications in containers in general and Kubernetes in particular. The MicroProfile project is aimed at
optimizing Enterprise Java for the microservices architecture.
quarkus.io/
What is JWT?
JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.
What is RBAC?
Role-Based Access Control (RBAC) attributes permissions to a user based on their business responsibilities. As the most common access control system, it determines access based on your role in the company-ensuring lower-level employees aren’t gaining access to high-level information.
📃 Leave me a comment
------------------------------------------------------------------------------------------------
Follow me here for more content:
🐦 TWITTER ‧ / giusescara
💻 GITHUB ‧ github.com/Giu...
🎬 RUclips: / giuseppescaramuzzino
🌐 LINKEDIN ‧ / giuseppe-scaramuzzino
🎬 Watch related playlists and videos
/ @giuseppescaramuzzino
Quarkus | JWT Token | RBAC | Roles-Based Access Control | Java | Cloud-Native | Authorization | Authentication
#Quarkus #CloudNative #Java
Thank you go your guide!
Just a friendly advice: At 18:23 you made a cut in the video in which you changed the jwt issuer value from amazon-cart to amazon-jwt and you didn't say anything about it. I spent hours trying to fix it because the program was not working and I got unauthorized post request until I manually went through each line of existing code and comparing it to mine. this field is new to me and I make mistakes easily. For experienced people I know this is not a problem but for new people it would really help a lot if you said it in the video. I hope you understand my point of view.
Everything else is spot on!
This guy makes hard things easy!!!!! I like the stepwise building of application.
Thank you
I came here just learn something about jwt with quarkus but this video contains lots of good practices. Thank you very much
Such a masterpiece. It's good to tell everyone that we don't need keycloak to secure our endpoint. Especially when we want to go live asap without burning a lot of money. Thank you
I'm glad you found the information valuable! If you have any other questions or need further clarification on this or any other topic, feel free to ask. Thank you for your kind words!
love you channel, thanks for exposing so many rich content like this
Glad you enjoy it!
thanks for this awesome tutorial, made it from start to finish.
Thank you for your message
Very helpful 👌👌✔✔
Thanks for the video 👍👍
Waiting for your next video about "Bcrypt in quarkus"
Great content👌👌
Video utilissimo, grandissimo Giuseppe.
Eccezionale Giuseppe!!!
Thank you so much!
GitHub Repository:
github.com/GiuseppeScaramuzzino/quarkus-jwt-auth
Love quarkus
Nicely and clearly explained, thanks for such clear ideas and demos.
Thank you
Brilliant!!! you just gave me a head-start on my new Job
That's fantastic to hear! Congratulations on your new job, and I'm glad I could assist. If you have any more questions or need further information as you continue your journey, don't hesitate to ask. Best of luck and success in your new role! 🌟🚀
@@GiuseppeScaramuzzino Thank you
Thanks again @GiuseppeScaramuzzino . I need some information on how to verify that the JWT being added to the Bearer is the actual token, from what I have built ones I add the Bearer token to the header it grants access whether correct or not.
Very helpful buddy.
Thank you
Grand merci for the video. Seems interesting to investigate Keycloak integration with external services such as Google, Facebook & etc sign in :)
Yes, it is in my To Do list video!
you saved my day! thank you
Glad to hear that!
Excellent video
Thank you very much!
Hi, great tutorial, thank you! I am actually working on some other case. I am trying authorize some resource using Quarkus. I am passing the access token in headers, but when I am using quarkus-smallrye-jwt library it actually checks/validates the OpenId token/JWT token. The access token that I have is not a JWT token. How to force Quarkus when using @Authenticated annotation to use/validate access tokens. Maybe different lib is needed for that. SO to summ up how to validate access token on backend using quarkus with adnotation @Authenticated ?
How can I delete a token after logout?
you can't delete a jwt token, just let it expire
I get an exception that my ssh key is only 2047 bits instead of 2048 and therefore is not accepted the JWT generation. Like wtf?
please note that System.currentTimeMillis() + 3600 most probably is not the expireAt that you actually wanted to set, should be more st like System.currentTimeMillis()/1000 + 3600