中文翻译站Quarkus - Using Security with .properties File
Quarkus provides support for properties file based authentication that is intended for development and testing purposes. It is not recommended that this be used in production as at present only plaintext and MD5 hashed passwords are used, and properties files are generally too limited to use in production.
Add the following to your pom.xml:
<dependencies>
<!-- Elytron Security extension -->
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-elytron-security-properties-file</artifactId>
</dependency>
</dependencies>Configuration
The elytron-security-properties-file extension currently supports two different realms for the storage of authentication and authorization information. Both support storage of this information in properties files. The following sections detail the specific configuration properties.
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Type |
Default |
|
|---|---|---|
The realm name. This is used when generating a hashed password |
string |
|
Determine whether security via the file realm is enabled. |
boolean |
|
If the properties are stored in plain text. If this is false (the default) then it is expected that the passwords are of the form HEX( MD5( username ":" realm ":" password ) ) |
boolean |
|
Classpath resource name of properties file containing user to password mappings. See Users.properties. |
string |
|
Classpath resource name of properties file containing user to role mappings. See Roles.properties. |
string |
|
Type |
Default |
|
The realm name. This is used when generating a hashed password |
string |
|
If the properties are stored in plain text. If this is false (the default) then it is expected that the passwords are of the form HEX( MD5( username ":" realm ":" password ) ) |
boolean |
|
Determine whether security via the embedded realm is enabled. |
boolean |
|
The realm users user1=password\nuser2=password2… mapping. See Embedded Users. |
|
|
The realm roles user1=role1,role2,…\nuser2=role1,role2,… mapping See Embedded Roles. |
|
|
Properties Files Realm Configuration
The properties files realm supports mapping of users to password and users to roles with a combination of properties files. They are configured with properties starting with quarkus.security.users.file.
quarkus.security.users.file.enabled=true
quarkus.security.users.file.users=test-users.properties
quarkus.security.users.file.roles=test-roles.properties
quarkus.security.users.file.realm-name=MyRealm
quarkus.security.users.file.plain-text=trueUsers.properties
The quarkus.security.users.file.users configuration property specifies a classpath resource which is a properties file with a user to password mapping, one per line. The following example test-users.properties file illustrates the format:
scott=jb0ss (1)
jdoe=p4ssw0rd (2)
stuart=test
noadmin=n0Adm1n| 1 | User scott has password defined as jb0ss |
| 2 | User jdoe has password defined as p4ssw0rd |
This file has the usernames and passwords stored in plain text, which is not recommended. If plain-text is set to false
(or omitted) in the config then passwords must be stored in the form MD5 ( username : realm : password ). This can
be generated for the first example above by running the command echo -n scott:MyRealm:jb0ss | md5 from the command line.
Roles.properties
scott=Admin,admin,Tester,user (1)
jdoe=NoRolesUser (2)
stuart=admin,user (3)
noadmin=user| 1 | User scott has been assigned the roles Admin, admin, Tester and user |
| 2 | User jdoe has been assigned the role NoRolesUser |
| 3 | User stuart has been assigned the roles admin and user. |
Embedded Realm Configuration
The embedded realm also supports mapping of users to password and users to roles. It uses the main application.properties Quarkus configuration file to embed this information. They are configured with properties starting with quarkus.security.users.embedded.
The following is an example application.properties file section illustrating the embedded realm configuration:
quarkus.security.users.embedded.enabled=true
quarkus.security.users.embedded.plain-text=true
quarkus.security.users.embedded.users.scott=jb0ss
quarkus.security.users.embedded.users.stuart=test
quarkus.security.users.embedded.users.jdoe=p4ssw0rd
quarkus.security.users.embedded.users.noadmin=n0Adm1n
quarkus.security.users.embedded.roles.scott=Admin,admin,Tester,user
quarkus.security.users.embedded.roles.stuart=admin,user
quarkus.security.users.embedded.roles.jdoe=NoRolesUser
quarkus.security.users.embedded.roles.noadmin=userAs with the first example this file has the usernames and passwords stored in plain text, which is not recommended. If plain-text is set to false
(or omitted) in the config then passwords must be stored in the form MD5 ( username : realm : password ). This can
be generated for the first example above by running the command echo -n scott:MyRealm:jb0ss | md5 from the command line.
Embedded Users
The user to password mappings are specified in the application.properties file by properties keys of the form quarkus.security.users.embedded.users.<user>=<password>. The following Example Passwords illustrates the syntax with 4 user to password mappings:
quarkus.security.users.embedded.users.scott=jb0ss (1)
quarkus.security.users.embedded.users.stuart=test (2)
quarkus.security.users.embedded.users.jdoe=p4ssw0rd
quarkus.security.users.embedded.users.noadmin=n0Adm1n| 1 | User scott has password jb0ss |
| 2 | User stuart has password test |
Embedded Roles
The user to role mappings are specified in the application.properties file by properties keys of the form quarkus.security.users.embedded.roles.<user>=role1[,role2[,role3[,…]]]. The following Example Roles illustrates the syntax with 4 user to role mappings:
quarkus.security.users.embedded.roles.scott=Admin,admin,Tester,user (1)
quarkus.security.users.embedded.roles.stuart=admin,user (2)
quarkus.security.users.embedded.roles.jdoe=NoRolesUser
quarkus.security.users.embedded.roles.noadmin=user| 1 | User scott has roles Admin, admin, Tester, and user |
| 2 | User stuart has roles admin and user |
