Introduction to Quarkus Security by Sergey Beryozkin

Learn how Quarkus Security simplifies authentication with OpenID Connect, JWT tokens, and role-based access control while providing seamless integration with cloud platforms.

Key takeaways
  • OpenID Connect is the most mainstream authentication mechanism, offering single sign-on capabilities and wide provider support (Google, Twitter, etc.)

  • Quarkus Security provides zero-code configuration for multiple authentication providers through simple properties, with built-in dev services and reasonable defaults

  • Token-based authentication supports both JWT and OAuth2/OpenID Connect tokens, with automatic validation, signature verification, and claims processing

  • Multi-tenant support allows applications to work with multiple identity providers simultaneously through tenant configuration and resolution

  • Role-based access control is implemented through annotations (@RolesAllowed, @SecurityIdentity) and can be customized with fine-grained permissions

  • Token propagation enables seamless forwarding of authentication between services without manual token handling

  • Dev services automatically configure security properties and mock providers for development and testing

  • Support for both traditional authentication (Basic, Form) and modern approaches (OAuth2, OpenID Connect)

  • Integration with Kubernetes and cloud-native environments is built-in

  • Security customization is possible through security providers, authentication mechanisms, and policy configurations while maintaining simplicity by default

This is a relatively new pillar, full stack development so we’re not only about backend but also frontend security integration.