Implement an alternate JWT security filter.

Change-Id: Ie46b6efc24d045f90f45f7b16f17e4b84ae886c5

1 files changed, 23 insertions, 0 deletions

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 994d3b0..833aa45 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -34,6 +34,20 @@ quarkus.security.users.embedded.enabled = false
 %dev.quarkus.security.users.embedded.users.mulk = mulk
 %dev.quarkus.security.users.embedded.roles.mulk = Admin
 
+# Session cookies
+quarkus.smallrye-jwt.enabled = false
+mp.jwt.verify.publickey.location = META-INF/resources/jwt-signing-public-key.pem
+mp.jwt.verify.issuer = https://matthias.benkard.de
+smallrye.jwt.token.header = Cookie
+smallrye.jwt.token.cookie = Bearer
+smallrye.jwt.require.named-principal = true
+%dev.mulkcms.jwt.keystore.file = example-keys.p12
+%prod.mulkcms.jwt.keystore.file = /secrets/keys.p12
+mulkcms.jwt.keystore.passphrase = 123456
+mulkcms.jwt.signing-key = MulkCMS-IdP
+mulkcms.jwt.issuer = https://matthias.benkard.de
+mulkcms.jwt.validity = P1D
+
 # Deployment
 docker.registry = docker.benkard.de
 
@@ -48,3 +62,12 @@ kubernetes.service-account = default
 kubernetes.env-vars[0].name = QUARKUS_DATASOURCE_PASSWORD
 kubernetes.env-vars[0].secret = mulkcms2-secrets
 kubernetes.env-vars[0].value = database-password
+kubernetes.env-vars[1].name = QUARKUS_OIDC_CREDENTIALS_SECRET
+kubernetes.env-vars[1].secret = mulkcms2-secrets
+kubernetes.env-vars[1].value = keycloak-secret
+kubernetes.secret-volumes[0].volume-name = secrets
+kubernetes.secret-volumes[0].secret-name = mulkcms2-secrets
+kubernetes.secret-volumes[0].default-mode = 0444
+kubernetes.mounts[0].name = secrets
+kubernetes.mounts[0].path = /secrets
+kubernetes.mounts[0].read-only = true