Learn QUARKUS-SECURITY with Real Code Examples

Updated Nov 27, 2025

Introduction & Fundamentals Setup & Configuration Architecture & Deep Internals Performance & Security Development Workflow Learning & Career Growth Business & Strategy Examples

Installation Setup

Add Quarkus Security extensions via Maven or Gradle

Configure security properties in `application.properties` or `application.yaml`

Integrate identity provider (Keycloak, LDAP, etc.)

Secure endpoints using annotations

Test authentication and authorization flows

Environment Setup

Install Java 17+ and Quarkus CLI

Create new Quarkus project

Add security extensions

Configure authentication mechanisms

Run locally and test secured endpoints

Config Files

application.properties - security configuration

pom.xml or build.gradle - dependencies

src/main/java - secured endpoints

src/test/java - security tests

Optional extensions folder for custom identity providers

Cli Commands

mvn quarkus:add-extension -Dextensions='quarkus-security'

mvn compile quarkus:dev - run app locally

mvn package - build deployable JAR

mvn test - run unit and integration tests

mvn quarkus:build - build native image

Internationalization

Error messages can be localized

JWT claims and messages can include language data

Custom security messages configurable per locale

Integrates with Java i18n libraries

Identity providers may support multi-language UIs

Accessibility

Secured endpoints accessible via HTTP clients

OAuth2 flows compatible with web/mobile clients

Support for roles and claims in token-based access

Endpoints configurable for cross-origin requests

Ensure proper error codes (401/403) returned

Ui Styling

Mostly backend security; front-end optional

Can secure endpoints for web front-ends

Integrates with any UI consuming REST APIs

Admin UIs provided by identity providers like Keycloak

Minimal styling required for security-only services

State Management

Security context holds current identity and roles

Reactive security context propagates across async flows

Sessions can be handled externally via tokens

Middleware/interceptors enforce access policies

Custom identity providers manage credentials

Data Management

User data typically in identity providers (Keycloak, LDAP)

Roles and permissions defined in identity provider or code

JWT tokens hold claims and expiry

Audit logs for authentication/authorization events

External storage for refresh tokens if needed