This folder contains JetBrains HTTP Client .http files for exploring the API. They also work with the REST Client extension for VS Code.
-
Start the app (see the main README):
mvn clean compile quarkus:dev -Pquarkus
-
Generate JWT tokens and paste them into
http-client.env.json:./generate-jwt.sh ORGANIZER # → jwt_organizer ./generate-jwt.sh SPEAKER # → jwt_speaker ./generate-jwt.sh ATTENDEE # → jwt_attendee
-
(Optional) Start Jaeger for tracing demos:
docker compose up -d # Jaeger UI → http://localhost:16686
In your HTTP client, select the dev environment from http-client.env.json so {{jwt_organizer}} etc. resolve.
| File | Use it when… |
|---|---|
demos.http |
You're giving the talk. Chronological walkthrough of every demo from every chapter, in slide order, with section headers tied to slide numbers. Run top-to-bottom on stage. |
Use these for ad-hoc exploration or when you want all calls for one resource in one place.
| File | Covers | Endpoints |
|---|---|---|
sessions.http |
Session CRUD (V1) | GET/POST/PUT/DELETE /api/v1/sessions |
speakers.http |
Speaker CRUD | GET/POST/PUT/DELETE /api/v1/speakers |
rooms.http |
Room reads (read-only domain) | GET /api/v1/rooms |
versioning.http |
URI vs. header-based versioning | /api/v1/..., /api/v2/..., X-API-Version, Accept; version= |
security.http |
JWT + RBAC (401 / 403 / 201 flow) | POST /api/v1/sessions with various tokens |
signatures.http |
HMAC-SHA256 request signature filter. |
POST /api/v1/sessions with X-Signature |
health.http |
MicroProfile Health probes | GET /health, /health/live, /health/ready |
errors.http |
RFC 9457 Problem Details responses | 404, 400 (validation + profanity), sanitization, OpenAPI |
| File | Purpose |
|---|---|
http-client.env.json |
Environment variables: host, jwt_organizer, jwt_speaker, jwt_attendee, session_id, speaker_id. Edit before first use. |
If you're looking for the HTTP calls that back a specific chapter of the talk:
| Chapter / Slide | Primary file | Also see |
|---|---|---|
| Ch1 — The Gatekeepers (sanitization, validation, audit) | demos.http § Ch1 |
errors.http, sessions.http |
| Ch2 — The Security Shield (JWT, RBAC, signatures) | demos.http § Ch2 |
security.http, signatures.http |
| Ch3 — The Lens (health, correlation, tracing) | demos.http § Ch3 |
health.http |
| Ch4 — The Living Contract (OpenAPI) | demos.http § Ch4 |
errors.http (OpenAPI section) |
| Ch5 — The Evolution (versioning) | demos.http § Ch5 |
versioning.http |
| Ch6 — Sane Error Handling (RFC 9457) | demos.http § Ch6 |
errors.http |
- JetBrains IDEs: click the green ▶︎ in the gutter next to any
###block to fire that request. - VS Code: install REST Client, then click
Send Requestabove each block. - CLI alternative: every request can be translated to
curl— but the env-file token substitution is the main reason to prefer.httpfiles during a live demo. - Body sanitization demos (
<script>payloads) are intentional — the server should respond2xxwith the dangerous content stripped, never5xx. That's the whole point.