This walks you through the practical side of locking down Quarkus apps: JWT and OIDC authentication, role-based access with @RolesAllowed, Bean Validation for input sanitization, and proper secrets management with Vault or environment variables. It covers the stuff you'll actually hit when building a production service: preventing SQL injection with Panache's parameterized queries, hashing passwords with Bcrypt, configuring CORS properly, and doing ownership checks beyond simple role checking. The examples are straightforward and show both the wrong way and the right way, which honestly saves time when you're trying to remember whether you need to validate at the DTO level or the entity level. Good reference when you're adding auth to existing endpoints or reviewing security before a release.
npx -y skills add affaan-m/ecc --skill quarkus-security --agent claude-codeInstalls into .claude/skills of the current project.
Select a file.
giuseppe-trisciuoglio/developer-kit