BAEL-6620: RBAC Quarkus (#16416)

* BAEL-6620: RBAC quarkus

* BAEL-6620: fix permissions

* Code fix

* Fix test name

Author: thiagohora

quarkus-modules/quarkus-rbac/README.md

@@ -0,0 +1,2 @@
+## Relevant Articles
+

quarkus-modules/quarkus-rbac/pom.xml

@@ -0,0 +1,177 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"
+    xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.baeldung.quarkus</groupId>
+    <artifactId>quarkus-rbac</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>quarkus-modules</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>${quarkus.platform.group-id}</groupId>
+                <artifactId>${quarkus.platform.artifact-id}</artifactId>
+                <version>${quarkus.platform.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-jdbc-h2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-hibernate-orm</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-hibernate-orm-panache</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-resteasy</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-smallrye-jwt-build</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-smallrye-jwt</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-resteasy-jackson</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-security-jpa</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-arc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit5</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-test-security</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-test-security-jwt</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>${quarkus.platform.group-id}</groupId>
+                <artifactId>quarkus-maven-plugin</artifactId>
+                <version>${quarkus.platform.version}</version>
+                <extensions>true</extensions>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>build</goal>
+                            <goal>generate-code</goal>
+                            <goal>generate-code-tests</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>${compiler-plugin.version}</version>
+                <configuration>
+                    <compilerArgs>
+                        <arg>-parameters</arg>
+                    </compilerArgs>
+                </configuration>
+            </plugin>
+            <plugin>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>${surefire-plugin.version}</version>
+                <configuration>
+                    <systemPropertyVariables>
+                        <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
+                        <maven.home>${maven.home}</maven.home>
+                    </systemPropertyVariables>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>native</id>
+            <activation>
+                <property>
+                    <name>native</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <artifactId>maven-failsafe-plugin</artifactId>
+                        <version>${surefire-plugin.version}</version>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>integration-test</goal>
+                                    <goal>verify</goal>
+                                </goals>
+                                <configuration>
+                                    <systemPropertyVariables>
+                                        <native.image.path>${project.build.directory}/${project.build.finalName}-runner</native.image.path>
+                                        <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
+                                        <maven.home>${maven.home}</maven.home>
+                                    </systemPropertyVariables>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+            <properties>
+                <quarkus.package.type>native</quarkus.package.type>
+            </properties>
+        </profile>
+    </profiles>
+
+    <properties>
+        <compiler-plugin.version>3.12.1</compiler-plugin.version>
+        <failsafe.useModulePath>false</failsafe.useModulePath>
+        <maven.compiler.release>17</maven.compiler.release>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+        <quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
+        <quarkus.platform.group-id>io.quarkus.platform</quarkus.platform.group-id>
+        <quarkus.platform.version>3.9.3</quarkus.platform.version>
+        <surefire-plugin.version>3.0.0-M7</surefire-plugin.version>
+    </properties>
+
+</project>

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/ApiErrorHandler.java

@@ -0,0 +1,17 @@
+package com.baeldung.quarkus.rbac.api;
+
+import com.baeldung.quarkus.rbac.users.errors.DomainDataException;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.ext.ExceptionMapper;
+import jakarta.ws.rs.ext.Provider;
+
+@Provider
+public class ApiErrorHandler implements ExceptionMapper<DomainDataException> {
+
+    @Override
+    public Response toResponse(final DomainDataException exception) {
+        return Response.status(Response.Status.BAD_REQUEST)
+          .entity(exception.getEntity() == null? exception.getEntity() : new Message(exception.getMessage()))
+          .build();
+    }
+}

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/LoginDto.java

@@ -0,0 +1,14 @@
+package com.baeldung.quarkus.rbac.api;
+
+import jakarta.validation.constraints.NotNull;
+
+public record LoginDto(@NotNull String username, @NotNull String password) {
+
+    @Override
+    public String toString() {
+        return "LoginDto{" +
+                "username='" + username + '\'' +
+                ", password='*********'" +
+                '}';
+    }
+}

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/Message.java

@@ -0,0 +1,3 @@
+package com.baeldung.quarkus.rbac.api;
+
+public record Message(String message) { }

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/PermissionBasedController.java

@@ -0,0 +1,37 @@
+package com.baeldung.quarkus.rbac.api;
+
+import io.quarkus.security.PermissionsAllowed;
+import io.quarkus.security.identity.SecurityIdentity;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.MediaType;
+
+@Path("/permission-based")
+public class PermissionBasedController {
+
+    private final SecurityIdentity securityIdentity;
+
+    public PermissionBasedController(SecurityIdentity securityIdentity) {
+        this.securityIdentity = securityIdentity;
+    }
+
+    @GET
+    @Path("/resource/version")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @PermissionsAllowed("VIEW_ADMIN_DETAILS")
+    public String get() {
+        return "2.0.0";
+    }
+
+    @GET
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("/resource/message")
+    @PermissionsAllowed(value = {"SEND_MESSAGE", "OPERATOR"}, inclusive = true)
+    public Message message() {
+        return new Message("Hello "+securityIdentity.getPrincipal().getName()+"!");
+    }
+}

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/SecureResourceController.java

@@ -0,0 +1,85 @@
+package com.baeldung.quarkus.rbac.api;
+
+import com.baeldung.quarkus.rbac.users.Role;
+import com.baeldung.quarkus.rbac.users.UserService;
+import io.quarkus.security.identity.SecurityIdentity;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
+import jakarta.validation.Valid;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+
+import java.util.stream.Collectors;
+
+@Path("/secured")
+public class SecureResourceController {
+
+    private final UserService userService;
+    private final SecurityIdentity securityIdentity;
+
+    public SecureResourceController(UserService userService, SecurityIdentity securityIdentity) {
+        this.userService = userService;
+        this.securityIdentity = securityIdentity;
+    }
+
+    @GET
+    @Path("/resource")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed({"VIEW_ADMIN_DETAILS"})
+    public String get() {
+        return "Hello world, here are some details about the admin!";
+    }
+
+    @GET
+    @Path("/resource/user")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed({"VIEW_USER_DETAILS"})
+    public Message getUser() {
+        return new Message("Hello "+securityIdentity.getPrincipal().getName()+"!");
+    }
+
+    @POST
+    @Path("/resource")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed("${customer.send.message.permission:SEND_MESSAGE}")
+    public Response getUser(Message message) {
+        return Response.ok(message).build();
+    }
+
+    @POST
+    @Path("/user")
+    @RolesAllowed({"CREATE_USER"})
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response postUser(@Valid final UserDto userDto) {
+
+        final var user = userService.createUser(userDto);
+
+        final var roles = user.getRoles().stream().map(Role::getName).collect(Collectors.toSet());
+
+        return Response.ok(new UserResponse(user.getUsername(), roles)).build();
+    }
+
+    @POST
+    @Path("/login")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @PermitAll
+    public Response login(@Valid final LoginDto loginDto) {
+        if (userService.checkUserCredentials(loginDto.username(), loginDto.password())) {
+            final var user = userService.findByUsername(loginDto.username());
+            final var token = userService.generateJwtToken(user);
+            return Response.ok().entity(new TokenResponse("Bearer " + token,"3600")).build();
+        } else {
+            return Response.status(Response.Status.UNAUTHORIZED).entity(new Message("Invalid credentials")).build();
+        }
+    }
+}

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/TokenResponse.java

@@ -0,0 +1,4 @@
+package com.baeldung.quarkus.rbac.api;
+
+public record TokenResponse(String token, String expiresIn){
+}

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/UserDto.java

@@ -0,0 +1,9 @@
+package com.baeldung.quarkus.rbac.api;
+
+import io.smallrye.common.constraint.NotNull;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.Size;
+
+import java.util.Set;
+
+public record UserDto(@NotNull String username, @NotNull String password, @Size(min = 1) Set<String> roles, @Email String email) { }

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/api/UserResponse.java

@@ -0,0 +1,6 @@
+package com.baeldung.quarkus.rbac.api;
+
+import java.util.Set;
+
+public record UserResponse(String username, Set<String> roles) { }
+

quarkus-modules/quarkus-rbac/src/main/java/com/baeldung/quarkus/rbac/users/Permission.java

@@ -0,0 +1,10 @@
+package com.baeldung.quarkus.rbac.users;
+
+public enum Permission {
+
+    VIEW_ADMIN_DETAILS,
+    VIEW_USER_DETAILS,
+    SEND_MESSAGE,
+    CREATE_USER
+
+}