From 2a1383f2865dff780d435e9d2a897e57879748df Mon Sep 17 00:00:00 2001
From: Matthias Andreas Benkard <code@mail.matthias.benkard.de>
Date: Sat, 1 Feb 2020 23:53:17 +0100
Subject: Implement an alternate JWT security filter.

Change-Id: Ie46b6efc24d045f90f45f7b16f17e4b84ae886c5
---
 src/main/resources/application.properties | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'src/main/resources/application.properties')

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 994d3b0..833aa45 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -34,6 +34,20 @@ quarkus.security.users.embedded.enabled = false
 %dev.quarkus.security.users.embedded.users.mulk = mulk
 %dev.quarkus.security.users.embedded.roles.mulk = Admin
 
+# Session cookies
+quarkus.smallrye-jwt.enabled = false
+mp.jwt.verify.publickey.location = META-INF/resources/jwt-signing-public-key.pem
+mp.jwt.verify.issuer = https://matthias.benkard.de
+smallrye.jwt.token.header = Cookie
+smallrye.jwt.token.cookie = Bearer
+smallrye.jwt.require.named-principal = true
+%dev.mulkcms.jwt.keystore.file = example-keys.p12
+%prod.mulkcms.jwt.keystore.file = /secrets/keys.p12
+mulkcms.jwt.keystore.passphrase = 123456
+mulkcms.jwt.signing-key = MulkCMS-IdP
+mulkcms.jwt.issuer = https://matthias.benkard.de
+mulkcms.jwt.validity = P1D
+
 # Deployment
 docker.registry = docker.benkard.de
 
@@ -48,3 +62,12 @@ kubernetes.service-account = default
 kubernetes.env-vars[0].name = QUARKUS_DATASOURCE_PASSWORD
 kubernetes.env-vars[0].secret = mulkcms2-secrets
 kubernetes.env-vars[0].value = database-password
+kubernetes.env-vars[1].name = QUARKUS_OIDC_CREDENTIALS_SECRET
+kubernetes.env-vars[1].secret = mulkcms2-secrets
+kubernetes.env-vars[1].value = keycloak-secret
+kubernetes.secret-volumes[0].volume-name = secrets
+kubernetes.secret-volumes[0].secret-name = mulkcms2-secrets
+kubernetes.secret-volumes[0].default-mode = 0444
+kubernetes.mounts[0].name = secrets
+kubernetes.mounts[0].path = /secrets
+kubernetes.mounts[0].read-only = true
-- 
cgit v1.2.3