solution added

hello/pom.xml

@@ -35,6 +35,10 @@
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-arc</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-oidc</artifactId>
+    </dependency>
   </dependencies>
   <build>
     <plugins>

hello/src/main/java/com/redhat/training/GreetingResource.java

@@ -1,16 +1,37 @@
 package com.redhat.training;
 
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.inject.Inject;
 import javax.ws.rs.GET;
 import javax.ws.rs.HeaderParam;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import io.quarkus.security.Authenticated;
+import io.quarkus.security.identity.SecurityIdentity;
+
 @Path("/hello")
+@Authenticated
 public class GreetingResource {
+    @Inject
+    SecurityIdentity securityIdentity;
+
+    @Inject
+    JsonWebToken accessToken;
+
     @GET
     @Produces(MediaType.TEXT_PLAIN)
+    @PermitAll
     public String hello(@HeaderParam("Accept-Language") String language) {
+        if (this.securityIdentity == null ||
+            this.securityIdentity.getPrincipal() == null ||
+            this.securityIdentity.getPrincipal().getName() == "") {
+            return "unauthorised";
+        }
         if (language == null || language == "") {
             language = "en";
         }
@@ -29,6 +50,7 @@ public class GreetingResource {
     @GET
     @Path("/fr")
     @Produces(MediaType.TEXT_PLAIN)
+    @RolesAllowed("french")
     public String helloFrench() {
         return "Bonjour!";
     }
@@ -36,6 +58,7 @@ public class GreetingResource {
     @GET
     @Path("/es")
     @Produces(MediaType.TEXT_PLAIN)
+    @RolesAllowed("spanish")
     public String helloSpanish() {
         return "¡Hola!";
     }
@@ -43,7 +66,21 @@ public class GreetingResource {
     @GET
     @Path("/en")
     @Produces(MediaType.TEXT_PLAIN)
+    @RolesAllowed("english")
     public String helloEnglish() {
         return "Hello!";
     }
+
+    @GET
+    @Path("/whoami")
+    @Produces(MediaType.TEXT_PLAIN)
+    @PermitAll
+    public String whoAmI() {
+        return this.securityIdentity.getPrincipal().getName() + " " +
+                this.securityIdentity.getRoles().toString() + ": " +
+                (accessToken != null ?
+                    "token issued by " + accessToken.getIssuer() + " on " + accessToken.getIssuedAtTime() + " " +
+                    "for " + accessToken.getSubject() + " until " + accessToken.getExpirationTime() + " " +
+                    "with claims " + accessToken.getClaimNames() : "no JWT");
+    }
 }

hello/src/main/resources/application.properties

@@ -0,0 +1,22 @@
+%dev.quarkus.http.port=9080
+%dev.quarkus.oidc.auth-server-url=https://localhost:8443/auth/realms/sample
+quarkus.oidc.auth-server-url=https://keycloak-rhsso.apps.ocp4.example.com/auth/realms/sample
+quarkus.oidc.tls.verification=none
+quarkus.oidc.client-id=sample-client
+%dev.quarkus.oidc.credentials.secret=CHANGEME
+quarkus.oidc.credentials.secret=CHANGEME
+# Can be service, web-app, or hybrid
+quarkus.oidc.application-type=web-app
+quarkus.http.auth.permission.authenticated.paths=/*
+quarkus.http.auth.permission.authenticated.policy=authenticated
+# May help with realmRoles mapper configuration
+#quarkus.oidc.roles.source=[idtoken,accesstoken,userinfo]
+# Calls UserInfo endpoint and adds "userinfo" attribute to SecurityIdentity
+#quarkus.oidc.authentication.user-info-required=true
+# Access token verification
+#quarkus.oidc.token.issuer=???
+#quarkus.oidc.token.audience=??? (String or String[])
+#quarkus.oidc.token.type=???
+# Back-channel logout settings
+#quarkus.oidc.logout.path=???
+#quarkus.oidc.logout.backchannel.path=???