summaryrefslogtreecommitdiff
path: root/src/main/resources
diff options
context:
space:
mode:
authorMatthias Andreas Benkard <code@mail.matthias.benkard.de>2020-02-01 23:53:17 +0100
committerMatthias Andreas Benkard <code@mail.matthias.benkard.de>2020-02-01 23:53:17 +0100
commit2a1383f2865dff780d435e9d2a897e57879748df (patch)
tree09716bfe1759082f88dc6df79f01b7794fb6ec3a /src/main/resources
parent1f79d1db101b706649aed93ed36092477db7d357 (diff)
Implement an alternate JWT security filter.
Change-Id: Ie46b6efc24d045f90f45f7b16f17e4b84ae886c5
Diffstat (limited to 'src/main/resources')
-rw-r--r--src/main/resources/application.properties23
-rw-r--r--src/main/resources/example-keys.p12bin0 -> 1070 bytes
2 files changed, 23 insertions, 0 deletions
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 994d3b0..833aa45 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -34,6 +34,20 @@ quarkus.security.users.embedded.enabled = false
%dev.quarkus.security.users.embedded.users.mulk = mulk
%dev.quarkus.security.users.embedded.roles.mulk = Admin
+# Session cookies
+quarkus.smallrye-jwt.enabled = false
+mp.jwt.verify.publickey.location = META-INF/resources/jwt-signing-public-key.pem
+mp.jwt.verify.issuer = https://matthias.benkard.de
+smallrye.jwt.token.header = Cookie
+smallrye.jwt.token.cookie = Bearer
+smallrye.jwt.require.named-principal = true
+%dev.mulkcms.jwt.keystore.file = example-keys.p12
+%prod.mulkcms.jwt.keystore.file = /secrets/keys.p12
+mulkcms.jwt.keystore.passphrase = 123456
+mulkcms.jwt.signing-key = MulkCMS-IdP
+mulkcms.jwt.issuer = https://matthias.benkard.de
+mulkcms.jwt.validity = P1D
+
# Deployment
docker.registry = docker.benkard.de
@@ -48,3 +62,12 @@ kubernetes.service-account = default
kubernetes.env-vars[0].name = QUARKUS_DATASOURCE_PASSWORD
kubernetes.env-vars[0].secret = mulkcms2-secrets
kubernetes.env-vars[0].value = database-password
+kubernetes.env-vars[1].name = QUARKUS_OIDC_CREDENTIALS_SECRET
+kubernetes.env-vars[1].secret = mulkcms2-secrets
+kubernetes.env-vars[1].value = keycloak-secret
+kubernetes.secret-volumes[0].volume-name = secrets
+kubernetes.secret-volumes[0].secret-name = mulkcms2-secrets
+kubernetes.secret-volumes[0].default-mode = 0444
+kubernetes.mounts[0].name = secrets
+kubernetes.mounts[0].path = /secrets
+kubernetes.mounts[0].read-only = true
diff --git a/src/main/resources/example-keys.p12 b/src/main/resources/example-keys.p12
new file mode 100644
index 0000000..d3a7acb
--- /dev/null
+++ b/src/main/resources/example-keys.p12
Binary files differ