difficult to require authentication for all requests by default #52453
Description
if
quarkus.http.auth.permission.default.paths=/*
quarkus.http.auth.permission.default.policy=authenticated
All security annotations (like jakarta.annotation.security.PermitAll) become meaningless.
I only have two options:
- I don't write anything security-related in the configuration file.
- I write hundreds of extremely long paths in quarkus.http.auth.permission.public.paths that cannot be shortened using wildcards.