Quarkus REST API secured with custom ContainerRequestFilters that request authorization decisions to OPA.

It also includes a way to query data from ORY Keto in order to create a bundle for OPA to decide internally to avoid roundtrips.

You can run your application in dev mode that enables live coding using:

./mvnw compile quarkus:dev

NOTE: Quarkus now ships with a Dev UI, which is available in dev mode only at http://localhost:8080/q/dev/.

This application uses basic auth configured in src/main/resources/application.properties

It comes with a pre-configured user: demouser with password 123123.

New users can be added with the following format:

quarkus.security.users.embedded.users.<add_user_here>=123123
quarkus.security.users.embedded.roles.<add_user_here>=user

The application can be packaged using Docker:

docker build -f src/main/docker/Dockerfile.multistage -t quarkus/auth_poc_api_native

This will create a Docker image with a native executable of the application.

The application is now runnable using docker run -p 8081:8081 -e KETO_URL=keto:4466 -e OPA_URL=opa:8181 docker.io/quarkus/auth_poc_api_native.