The Quarkus security infrastructure derives from the standard Java Enterprise Edition (Java EE) specification, which is based on a simple role-based security model. By using that, you can specify your security constraints through annotations and configuration files.
In terms of Java annotations, the following ones can be used to specify security constraints that can be applied either on a single method or on a class:
- @javax.annotation.security.RolesAllowed: This is the most common annotation as it specifies one or more roles that have been authorized to invoke a certain method or class.
- @javax.annotation.security.RunAs: This annotation assigns a role dynamically during the invocation of a method or class. It can be a handy option if we need to temporarily allow the execution of some methods.
- @javax.annotation.security.PermitAll: This annotation allows...