Using Security with .properties File
Quarkus 提供对基于属性文件进行身份验证的支持,该身份验证适用于开发和测试目的。不建议在生产环境中使用此身份验证,因为目前仅使用纯文本和 MD5 哈希密码,并且属性文件通常过于有限。
Quarkus provides support for properties file-based authentication intended for development and testing purposes. It is not recommended to use this authentication in production as, at present, only plain-text and MD5 hashed passwords are used, and properties files are generally too limited.
将以下内容添加到您的构建文件中:
Add the following to your build file:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-elytron-security-properties-file</artifactId>
</dependency>implementation("io.quarkus:quarkus-elytron-security-properties-file")Configuration
elytron-security-properties-file 扩展目前支持两个用于存储身份验证和授权信息的不同领域。这两者都支持在属性文件中存储此信息。
The elytron-security-properties-file extension currently supports two different realms for storing authentication and authorization information. Both support storage of this information in properties files.
以下部分详细介绍特定配置属性。
The following sections detail the specific configuration properties.
Unresolved directive in security-properties.adoc - include::{generated-dir}/config/quarkus-elytron-security-properties-file.adoc[]
Properties Files Realm Configuration
属性文件领域支持使用一些属性文件将用户映射到密码,将用户映射到角色。从`quarkus.security.users.file`开头的属性中设置。
The properties files realm supports the mapping of users to passwords and users to roles with a combination of properties files.
They are configured with properties starting with
quarkus.security.users.file.
application.properties file section for property files realmquarkus.security.users.file.enabled=true
quarkus.security.users.file.users=test-users.properties
quarkus.security.users.file.roles=test-roles.properties
quarkus.security.users.file.realm-name=MyRealm
quarkus.security.users.file.plain-text=trueUsers.properties
`quarkus.security.users.file.users`配置属性指定了一个类路径资源,它是一个属性文件,文件中包含用户到密码的映射,每行一个。
The quarkus.security.users.file.users configuration property specifies a classpath resource which is a properties file with a user-to-password mapping, one per line.
以下[test-users-example]说明了格式:
The following [test-users-example] illustrates the format:
test-users.propertiesscott=jb0ss 1
jdoe=p4ssw0rd 2
stuart=test
noadmin=n0Adm1n| 1 | User scott has password defined as jb0ss |
| 2 | User jdoe has password defined as p4ssw0rd |
此文件中以纯文本形式存储了用户名和密码,不建议这样做。如果在配置中将纯文本设置为 false(或忽略),则必须以 `MD5 ( username : realm : password )`的形式存储密码。通过从命令行运行命令 `echo -n scott:MyRealm:jb0ss | md5`可以为以上的第一个示例生成密码。
This file has usernames and passwords stored in plain text, which is not recommended. If plain text is set to false (or omitted) in the config, then passwords must be stored in the form MD5 ( username : realm : password ).
This can be generated for the first example above by running the command echo -n scott:MyRealm:jb0ss | md5 from the command line.
Roles.properties
test-roles.propertiesscott=Admin,admin,Tester,user 1
jdoe=NoRolesUser 2
stuart=admin,user 3
noadmin=user| 1 | User scott has been assigned the roles Admin, admin, Tester and user |
| 2 | User jdoe has been assigned the role NoRolesUser |
| 3 | User stuart has been assigned the roles admin and user. |
Embedded Realm Configuration
嵌入式领域还支持将用户映射到密码,将用户映射到角色。它使用主 `application.properties`Quarkus 配置文件嵌入此信息。从`quarkus.security.users.embedded`开头的属性中设置。
The embedded realm also supports the mapping of users to passwords and users to roles. It uses the main application.properties Quarkus configuration file to embed this information.
They are configured with properties starting with quarkus.security.users.embedded.
以下是一个示例 application.properties 文件,来说明嵌入式领域配置:
The following is an example application.properties file section illustrating the embedded realm configuration:
application.properties file section for embedded realmquarkus.security.users.embedded.enabled=true
quarkus.security.users.embedded.plain-text=true
quarkus.security.users.embedded.users.scott=jb0ss
quarkus.security.users.embedded.users.stuart=test
quarkus.security.users.embedded.users.jdoe=p4ssw0rd
quarkus.security.users.embedded.users.noadmin=n0Adm1n
quarkus.security.users.embedded.roles.scott=Admin,admin,Tester,user
quarkus.security.users.embedded.roles.stuart=admin,user
quarkus.security.users.embedded.roles.jdoe=NoRolesUser
quarkus.security.users.embedded.roles.noadmin=user与此第一个示例类似,此文件中以纯文本形式存储了用户名和密码,不建议这样做。如果在配置中将纯文本设置为 false(或忽略),则必须以 `MD5 ( username : realm : password )`的形式存储密码。通过从命令行运行命令 `echo -n scott:MyRealm:jb0ss | md5`可以为以上的第一个示例生成密码。
As with the first example, this file has usernames and passwords stored in plain text, which is not recommended. If plain text is set to false (or omitted) in the config, then passwords must be stored in the form MD5 ( username : realm : password ).
This can be generated for the first example above by running the command echo -n scott:MyRealm:jb0ss | md5 from the command line.
Embedded Users
用户到密码映射是通过以下形式的属性键在 application.properties`文件中指定的: `quarkus.security.users.embedded.users.<user>=<password>. 以下 [password-example]以四种用户到密码映射来说明语法:
The user to password mappings are specified in the application.properties file by properties keys of the form quarkus.security.users.embedded.users.<user>=<password>.
The following [password-example] illustrates the syntax with 4 user-to-password mappings:
quarkus.security.users.embedded.users.scott=jb0ss (1)
quarkus.security.users.embedded.users.stuart=test (2)
quarkus.security.users.embedded.users.jdoe=p4ssw0rd
quarkus.security.users.embedded.users.noadmin=n0Adm1n| 1 | User scott has password jb0ss |
| 2 | User stuart has password test |
Embedded Roles
用户到角色映射是通过以下形式的属性键在 application.properties`文件中指定的: `quarkus.security.users.embedded.roles.<user>=role1[,role2[,role3[,…]]]. 以下 [roles-example]以四种用户到角色映射來說明语法:
The user to role mappings are specified in the application.properties file by properties keys of the form quarkus.security.users.embedded.roles.<user>=role1[,role2[,role3[,…]]].
The following [roles-example] illustrates the syntax with 4 user-to-role mappings:
quarkus.security.users.embedded.roles.scott=Admin,admin,Tester,user (1)
quarkus.security.users.embedded.roles.stuart=admin,user (2)
quarkus.security.users.embedded.roles.jdoe=NoRolesUser
quarkus.security.users.embedded.roles.noadmin=user| 1 | User scott has roles Admin, admin, Tester, and user |
| 2 | User stuart has roles admin and user |