I'm using Keycloak OIDC to secure my REST application running on Quarkus (lets name it repository). I have another app that has to be protected with mutual TLS (lets call it api-service). Api-service is a client of repository. How to authorize api-service call to repository when I have prinicipal obtained from mTLS? I was playing a little bit with Keycloak mTLS but it doesn't seem to be an option because it will require changes to clients of api-service and it's not possible.
Asked
Active
Viewed 147 times
0
-
Please provide enough code so others can better understand or reproduce the problem. – Community Jun 03 '22 at 05:17
1 Answers
0
I think what you need may be implementing interceptor with ContainerRequestFilter
Override the filter method so that it checks the principal information sent with each request for api-service call. Filtering out unauthorized access like:
@Override
public void filter( ContainerRequestContext context ) {
// Check if any authentication is provided for obtained principal
// Abort with unauthorized response if not
context.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build() );
}
Kerim Oguzcan Yenidunya
- 934
- 7
- 17