Replies: 2 comments 3 replies
-
|
The code you've posted looks like a JAX-RS filter. You're dealing with GraphQL, not JAX-RS here, that's why it's not called. If you're using Quarkus, you can use Quarkus's standard declarative security mechanisms, like it's described for example here: https://quarkus.io/guides/security-authorize-web-endpoints-reference - if you apply it on the |
Beta Was this translation helpful? Give feedback.
-
|
@jmartisk |
Beta Was this translation helpful? Give feedback.
-
|
I'm not sure how exactly I'd implement Api-key based security, but I assume it should be possible somehow, probably with Keycloak involved for managing the users and keys. Please ask at https://quarkusio.zulipchat.com/, there are people more knowledgeable in Quarkus security mechanisms and willing to help |
Beta Was this translation helpful? Give feedback.
-
|
I will give it a try there. Thanks a lot! |
Beta Was this translation helpful? Give feedback.
-
|
I came up with this solution: @ApplicationScoped
public class GraphQLKeyFilter {
private final String graphqlPath;
@Inject
public GraphQLKeyFilter(@ConfigProperty(name = "quarkus.smallrye-graphql.root-path") String graphqlPath) {
this.graphqlPath = graphqlPath;
}
public void init(@Observes Router router, Vertx vertx) {
router.route("/" + this.graphqlPath)
.order(-900)
.handler(routingContext -> {
String apiKey = routingContext.request()
.getHeader("X-API-Key");
boolean isValid = apiKey == null
if (!isValid) {
routingContext.response()
.setStatusCode(Response.Status.UNAUTHORIZED.getStatusCode())
.end();
return;
}
routingContext.next();
});
}
} |
Beta Was this translation helpful? Give feedback.
-
I want to secure the server with http headers. So i created a RequestFilter:
But this isn't called. How to secure the server?
Beta Was this translation helpful? Give feedback.
All reactions