Quarkus use the /metrics endpoint to provide metrics data, the /health endpoint to provide the application status (UP or DOWN) and the /openapi endpoint to provide information about the available endpoints. This endpoints are defined by the Eclipse Microprofile Specifications.
By default this endpoints are public. I want protect this endpoints to only authenticated and authorized users can access.
How to protect this endpoints using Quarkus?
I want that the applications returns 403 for unauthorized users.
To authenticate I want use a basic authentication or a JWT token.
Is possible create a filter to this endpoints?
This configuration should help:
quarkus.http.auth.permission.public.paths=/health/*,/metrics/*,/openapi/*
quarkus.http.auth.permission.public.policy=authenticated
You can start from the basic authentication as recommended here.
HTH