Unprotected resource - Githubissues

sczyh30 / vertx-blueprint-microservice

Vert.x Blueprint Project - Micro-Shop microservice application

Apache License 2.0

772 stars 301 forks source link

Open mavencode01 opened 7 years ago

mavencode01 commented 7 years ago

Looks like the /api/* resources are not protected by keycloak

 router.route("/api/*").handler(this::dispatchRequests);

sczyh30 commented 7 years ago

Yes we don't protect all of the /api/* resources(e.g. retrieve actions). We only protect some actions requiring authentication. Here we protect resource by using a wrapped callback requireLogin in RestAPIVerticle. You may also refer to authentication management section in the blueprint documentation.