Quarkus endpoint does not require Authorization header

[rafareyes7]

I want my endpoint to require a valid JWT token to be accessed. The token must be signed using JWK that is in a remote location. I set the following config to application.yml:

smallrye:
  jwt:
    verify:
      key:
        location: https://oauthservice/.well-known/jwks.json
    require:
      named-principal: true

Heres is my endpoint:

@Path("/v1/clients/auth")
class AuthResource(@Inject val jwt: JsonWebToken) {

    @GET
    @Path("/identifier")
    @Produces(MediaType.APPLICATION_JSON)
    fun getIdentifier(): Response {
        return Response.ok(IdentifierResponseDTO("dumm11d3nt1f!3r")).build()
    }
}

When sending the Authorization header with a Bearer token, it checks whether the token is valid or not as expected, but when a request is sent without an Authorization header the endpoint can be accessed.

Desired Behaviour

When a request without Authorization header is sent, the endpoint returns an HTTP 401

Any help?

[sberyozkin]

@rafareyes7 Please add @io.quarkus.security.Authenticated to the endpoint class

[rafareyes7]

Thanks. it works.