Authentication and authorization

The sample code snippets shown in this section come from the Client and server integration test in the source tree of Quarkus CXF. You may want to use it as a runnable example.

Client HTTP basic authentication

Use the following client configuration options provided by quarkus-cxf extension to pass the username and password for HTTP basic authentication:

Here is an example:
quarkus.cxf.client.basicAuth.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl
quarkus.cxf.client.basicAuth.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuth
quarkus.cxf.client.basicAuth.username = bob
quarkus.cxf.client.basicAuth.password = bob234

Accessing WSDL protected by basic authentication

By default, the clients created by Quarkus CXF do not send the Authorization header, unless you set the quarkus.cxf.client."client-name".secure-wsdl-access to true:
quarkus.cxf.client.basicAuthSecureWsdl.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl
quarkus.cxf.client.basicAuthSecureWsdl.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuthSecureWsdl
quarkus.cxf.client.basicAuthSecureWsdl.username = bob
quarkus.cxf.client.basicAuthSecureWsdl.password = ${client-server.bob.password} = true

Mutual TLS (mTLS) authentication

See the Mutual TLS (mTLS) authentication section in SSL, TLS and HTTPS guide.

Securing service endpoints

The server-side authentication and authorization is driven by Quarkus Security, especially when it comes to

There is a basic example in our Client and server integration test. Its key parts are:

  • io.quarkus:quarkus-elytron-security-properties-file dependency as an Identity provider

  • Basic authentication enabled and users with their roles configured in
    quarkus.http.auth.basic = true = true = true = alice123 = admin = bob234 = app-user
  • Role-based access control enfoced via @RolesAllowed annotation:

import jakarta.jws.WebService;


@WebService(serviceName = "HelloService", targetNamespace = HelloService.NS)
public class BasicAuthHelloServiceImpl implements HelloService {
    public String hello(String person) {
        return "Hello " + person + "!";