diff options
author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2020-02-01 23:53:17 +0100 |
---|---|---|
committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2020-02-01 23:53:17 +0100 |
commit | 2a1383f2865dff780d435e9d2a897e57879748df (patch) | |
tree | 09716bfe1759082f88dc6df79f01b7794fb6ec3a /src/main/resources | |
parent | 1f79d1db101b706649aed93ed36092477db7d357 (diff) |
Implement an alternate JWT security filter.
Change-Id: Ie46b6efc24d045f90f45f7b16f17e4b84ae886c5
Diffstat (limited to 'src/main/resources')
-rw-r--r-- | src/main/resources/application.properties | 23 | ||||
-rw-r--r-- | src/main/resources/example-keys.p12 | bin | 0 -> 1070 bytes |
2 files changed, 23 insertions, 0 deletions
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 994d3b0..833aa45 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -34,6 +34,20 @@ quarkus.security.users.embedded.enabled = false %dev.quarkus.security.users.embedded.users.mulk = mulk %dev.quarkus.security.users.embedded.roles.mulk = Admin +# Session cookies +quarkus.smallrye-jwt.enabled = false +mp.jwt.verify.publickey.location = META-INF/resources/jwt-signing-public-key.pem +mp.jwt.verify.issuer = https://matthias.benkard.de +smallrye.jwt.token.header = Cookie +smallrye.jwt.token.cookie = Bearer +smallrye.jwt.require.named-principal = true +%dev.mulkcms.jwt.keystore.file = example-keys.p12 +%prod.mulkcms.jwt.keystore.file = /secrets/keys.p12 +mulkcms.jwt.keystore.passphrase = 123456 +mulkcms.jwt.signing-key = MulkCMS-IdP +mulkcms.jwt.issuer = https://matthias.benkard.de +mulkcms.jwt.validity = P1D + # Deployment docker.registry = docker.benkard.de @@ -48,3 +62,12 @@ kubernetes.service-account = default kubernetes.env-vars[0].name = QUARKUS_DATASOURCE_PASSWORD kubernetes.env-vars[0].secret = mulkcms2-secrets kubernetes.env-vars[0].value = database-password +kubernetes.env-vars[1].name = QUARKUS_OIDC_CREDENTIALS_SECRET +kubernetes.env-vars[1].secret = mulkcms2-secrets +kubernetes.env-vars[1].value = keycloak-secret +kubernetes.secret-volumes[0].volume-name = secrets +kubernetes.secret-volumes[0].secret-name = mulkcms2-secrets +kubernetes.secret-volumes[0].default-mode = 0444 +kubernetes.mounts[0].name = secrets +kubernetes.mounts[0].path = /secrets +kubernetes.mounts[0].read-only = true diff --git a/src/main/resources/example-keys.p12 b/src/main/resources/example-keys.p12 Binary files differnew file mode 100644 index 0000000..d3a7acb --- /dev/null +++ b/src/main/resources/example-keys.p12 |