Michal Vavřík
Michal has joined Red Hat after he saw Burr Sutter presentation about Quarkus and decided - I need to be part of it. Now he is part of a team of Quality engineers working on Quarkus. Michal contributes to Quarkus as an open source contributor in his spare time, mainly in a Security area.
Red Hat
Job title –Senior Software Quality Engineer
Sessions
In this session, I'll introduce Quarkus Security architecture from a Spring developer perspective. I'll show how to configure, develop and test Quarkus application secured with OpenId Connect. Quarkus Security team is focused on a Developer Joy, and I'll show how the latest features like Dev Services for OIDC allow users to start right way, with zero configuration and literally no waiting for OIDC server to start. Then we will take existing Spring Boot application and migrate it to Quarkus in 20 minutes, with focus on security aspects. This way, you will learn how Spring and Quarkus security concepts compare next to each other.
Have you built your Quarkus application and would like to learn how to secure it ? Do you have questions about your existing Quarkus Security solution ? Join Quarkus Security contributor Michal Vavrik to learn about Quarkus security architecture and how to apply its key features. During this lab, Michal will work with you to build a secure Quarkus application, answer your questions and help with:
Configuring, applying, and combining authentication mechanisms. We will use OpenId Connect (OIDC) authorization code flow and Basic authentication during the lab.
Combining two or more well-known OIDC or OAuth2 providers and using one of many available Quarkus OIDC tenant resolution options to choose the right provider for verifying the current request.
Customizing the current security identity before the authorization constraints are applied to it.
Enforcing Role-based access control with a @RolesAllowed annotation.
Enforcing Permission-based access control with @PermissionAllowed and @PermissionChecker annotations.
Learning about HTTP security policies.
Implementing OIDC access token propagation with a single @AccessToken annotation.
Using Quarkus TLS registry to support HTTPS.
You will be well informed about and better prepared to work with Quarkus Security after the lab. Not a Quarkus user ? No problems, come along and see how it compares to other framework security implementations you are familiar with.