I´ve implemented JWT RBAC in my Quarkus application, but I don´t want to provide tokens whenever I´m testing my application locally.
EDIT:
What I´ve tried so far are setting these properties to "false" without any effect.
quarkus.oauth2.enabled=false
quarkus.security.enabled=false
quarkus.smallrye-jwt.enabled=false
Currently I´ve commented out all of
//@RolesAllowed({"user"})
to "disable" auth locally.
Is there any property to disable security / enable endpoints for any given role?
You can implement an AuthorizationController (io.quarkus.security.spi.runtime.AuthorizationController)
public class DisabledAuthController extends AuthorizationController {
@ConfigProperty(name = "disable.authorization")
boolean disableAuthorization;
@Override
public boolean isAuthorizationEnabled() {
return disableAuthorization;
}
}
In Quarkus guides, you can find more information
https://quarkus.io/guides/security-customization#disabling-authorization