Enable Basic authentication
为你的 Quarkus 项目启用 Basic authentication,允许用户使用用户名和密码进行身份验证。
Enable Basic authentication for your Quarkus project and allow users to authenticate with a username and password.
Prerequisites
-
You have installed at least one extension that provides an
IdentityProviderbased on username and password. For example:
以下过程概述了你可以如何使用 `elytron-security-properties-file`扩展为你的应用程序启用基本身份验证。
The following procedure outlines how you can enable Basic authentication for your application by using the elytron-security-properties-file extension.
Procedure
-
In the
application.propertiesfile, set thequarkus.http.auth.basicproperty totrue.[source, properties]
quarkus.http.auth.basic=true
-
Optional: In a non-production environment only and purely for testing Quarkus Security in your applications:[style="loweralpha"]
-
To enable authentication for the embedded realm, set the
quarkus.security.users.embedded.enabledproperty totrue.[source, properties]
-
security.users.embedded.enabled=true
-
You can also configure the required user credentials, user name, secret, and roles. For example:[source, properties]
quarkus.http.auth.basic=true quarkus.security.users.embedded.enabled=true quarkus.security.users.embedded.plain-text=true quarkus.security.users.embedded.users.alice=alice 1 quarkus.security.users.embedded.users.bob=bob 2 quarkus.security.users.embedded.roles.alice=admin 1 quarkus.security.users.embedded.roles.bob=user 2
| 1 | The user, alice, has alice as their password and admin as their role. |
| 2 | The user, bob, has bob as their password and user as their role. |
有关可用于配置所需用户凭据的其他方法的信息,请参见 Quarkus “Security Testing”(安全测试)指南的 Configuring User Information 部分。
For information about other methods that you can use to configure the required user credentials, see the Configuring User Information section of the Quarkus "Security Testing" guide.
仅当进行测试时才适合在 application.properties 文件中配置用户名称、密钥和角色。为了保护生产应用程序,必须使用数据库存储此信息。
Configuring user names, secrets, and roles in the application.properties file is appropriate only for testing scenarios.
For securing a production application, it is crucial to use a database to store this information.
Next steps
有关更详细的演示,了解如何将基本认证与 Jakarta Persistence 一起配置以将用户凭据存储在数据库中,请参见 Getting started with Security by using Basic authentication and Jakarta Persistence 指南。
For a more detailed walk-through that shows you how to configure Basic authentication together with Jakarta Persistence for storing user credentials in a database, see the Getting started with Security by using Basic authentication and Jakarta Persistence guide.