Authorization of web endpoints
Red Hat build of Quarkus 3.8
Abstract
This guide explores authorization mechanisms for web endpoints, focusing on both configuration-based and annotation-based methods. It examines configuring authorization, including the use of built-in and custom policies, path and method matching, and handling complex path scenarios. It then delves into the nuances of role-based access control and permission management, covering properties for access denial, disabling permissions, and mapping roles to SecurityIdentity. It concludes with a discussion on using annotations for securing RESTful services, highlighting standard security annotations and their application.