Skip to content

Commit

Permalink
Tweak auth content based on QE feedback in rhbq docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@rolfedh
rolfedh committed Apr 17, 2024
1 parent 8fd116d commit 259a9e6
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -446,7 +446,7 @@ quarkus.http.auth.policy.role-policy3.roles-allowed=admin
quarkus.http.auth.permission.roles3.paths=/secured/admin/*
quarkus.http.auth.permission.roles3.policy=role-policy3
----
<1> Role `root` will be able to access `/secured/user/*` and `/secured/admin/*` paths.
<1> Role `root` will be able to access `/secured/user/\*` and `/secured/admin/*` paths.
<2> The `/secured/*` path can only be accessed by authenticated users. This way, you have secured the `/secured/all` path and so on.

Check warning on line 450 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsSuggestions] Depending on the context, consider using 'appropriate descriptive wording, unless you list a clear sequence of elements' rather than 'and so on'.

Raw Output:
{"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'appropriate descriptive wording, unless you list a clear sequence of elements' rather than 'and so on'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 450, "column": 123}}}, "severity": "INFO"}
<3> Shared permissions are always applied before unshared ones, therefore a `SecurityIdentity` with the `root` role will have the `user` role as well.

Check warning on line 451 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.

Raw Output:
{"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 451, "column": 143}}}, "severity": "INFO"}

Expand All @@ -460,11 +460,11 @@ based on the common security annotations `@RolesAllowed`, `@DenyAll`, `@PermitAl
[options="header"]
|===
s| Annotation type s| Description
s| @DenyAll | Specifies that no security roles are allowed to invoke the specified methods.
s| @PermitAll | Specifies that all security roles are allowed to invoke the specified methods.
s| `@DenyAll` | Specifies that no security roles are allowed to invoke the specified methods.
s| `@PermitAll` | Specifies that all security roles are allowed to invoke the specified methods.

`@PermitAll` lets everybody in, even without authentication.
s| @RolesAllowed | Specifies the list of security roles allowed to access methods in an application.
s| `@RolesAllowed` | Specifies the list of security roles allowed to access methods in an application.

As an equivalent to `@RolesAllowed("**")`, {project-name} also provides the `io.quarkus.security.Authenticated` annotation that permits any authenticated user to access the resource.
|===
Expand Down Expand Up @@ -540,7 +540,6 @@ However, if that property is not specified, a role named `User` is required as a
|===

.Example of a property expressions usage in the `@RolesAllowed` annotation

[source,properties]
----
admin=Administrator
Expand All @@ -551,6 +550,8 @@ tester.role=Tester
all-roles=Administrator,Software,Tester,User
----

[[subject-access-control-example]]
.Subject access control example
[source,java]
----
import java.security.Principal;
Expand Down

0 comments on commit 259a9e6

Please sign in to comment.