Skip to content

Commit

Permalink
Merge pull request #36925 from gsmet/3.5.1-backports-3
Browse files Browse the repository at this point in the history
3.5.1 backports 3
  • Loading branch information
gsmet authored Nov 8, 2023
2 parents 6968eff + 5305d5b commit 8e87ba9
Show file tree
Hide file tree
Showing 12 changed files with 115 additions and 67 deletions.
2 changes: 1 addition & 1 deletion bom/application/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
<parsson.version>1.1.4</parsson.version>
<resteasy-microprofile.version>2.1.4.Final</resteasy-microprofile.version>
<resteasy-spring-web.version>3.0.2.Final</resteasy-spring-web.version>
<resteasy.version>6.2.5.Final</resteasy.version>
<resteasy.version>6.2.6.Final</resteasy.version>
<opentracing.version>0.33.0</opentracing.version>
<opentracing-jdbc.version>0.2.4</opentracing-jdbc.version>
<opentracing-kafka.version>0.1.15</opentracing-kafka.version>
Expand Down
4 changes: 2 additions & 2 deletions docs/src/main/asciidoc/datasource.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -412,15 +412,15 @@ AgroalDataSource inventoryDataSource;
If you use the link:https://quarkus.io/extensions/io.quarkus/quarkus-smallrye-health[`quarkus-smallrye-health`] extension, the `quarkus-agroal` and reactive client extensions automatically add a readiness health check to validate the datasource.

When you access your application’s health readiness endpoint, `/q/health/ready` by default, you receive information about the datasource validation status.
If you have multiple datasources, all datasources are checked, and if a single datasource validation failure occurs, the status changes to`DOWN`.
If you have multiple datasources, all datasources are checked, and if a single datasource validation failure occurs, the status changes to `DOWN`.

This behavior can be disabled by using the `quarkus.datasource.health.enabled` property.

To exclude only a particular datasource from the health check, use:

[source,properties]
----
`quarkus.datasource."datasource-name".health-exclude=true`
quarkus.datasource."datasource-name".health-exclude=true
----

=== Datasource metrics
Expand Down
2 changes: 1 addition & 1 deletion docs/src/main/asciidoc/infinispan-client-reference.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ You need at least one running instance of the Infinispan Server.

.Development mode

If you are running a Docker instance, you can use link:infinispan-dev-services.adoc[Infinispan Dev Services]
If you are running a Docker instance, you can use xref:infinispan-dev-services.adoc[Infinispan Dev Services]
and connect without configuration.

If you want to run the server yourself using Docker, check out the 5-minute https://infinispan.org/get-started/[Getting stated with Infinispan]
Expand Down
2 changes: 1 addition & 1 deletion docs/src/main/asciidoc/reactive-sql-clients.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -731,7 +731,7 @@ It is the maximum time a connection remains in the pool before it is closed and
The `max-lifetime` allows ensuring the pool has fresh connections with up-to-date configuration.

NOTE: The `max-lifetime` is disabled by default but is an important configuration when using a credentials
provider that provides time limited credentials, like the link:credentials-provider.adoc[Vault credentials provider].
provider that provides time limited credentials, like the xref:credentials-provider.adoc[Vault credentials provider].

For example, you could ensure connections are recycled after 60 minutes:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,7 @@ quarkus.http.auth.permission.permit1.methods=GET,HEAD
The request is rejected if it matches one or more permission sets based on the path but none of the required methods.

TIP: Given the preceding permission set, `GET /public/foo` would match both the path and method and therefore be allowed.
In contrast, `POST /public/foo` would match the path but not the method.
It would therefore be rejected.
In contrast, `POST /public/foo` would match the path but not the method, and, therefore, be rejected.

[[matching-multiple-paths]]
=== Matching multiple paths: longest path wins
Expand Down Expand Up @@ -237,7 +236,7 @@ For more information, see link:https://quarkus.io/blog/path-resolution-in-quarku
[[standard-security-annotations]]
== Authorization using annotations

{project-name} includes built-in security to allow for link:https://en.wikipedia.org/wiki/Role-based_access_control[Role-Based Access Control (RBAC)]
{project-name} includes built-in security to allow for link:https://en.wikipedia.org/wiki/Role-based_access_control[Role-Based Access Control (RBAC)]
based on the common security annotations `@RolesAllowed`, `@DenyAll`, `@PermitAll` on REST endpoints and CDI beans.

.{project-name} annotation types summary
Expand Down Expand Up @@ -492,7 +491,7 @@ NOTE: `@PermissionsAllowed` is not repeatable on the class level due to a limita
For more information, see the xref:cdi-reference.adoc#repeatable-interceptor-bindings[Repeatable interceptor bindings] section of the Quarkus "CDI reference" guide.

The easiest way to add permissions to a role-enabled `SecurityIdentity` instance is to map roles to permissions.
Use <<authorization-using-configuration>> to grant the required `SecurityIdentity` permissions for `CRUDResource` endpoints to authenticated requests, as outlined in the following example:
Use <<authorization-using-configuration>> to grant the required `SecurityIdentity` permissions for `CRUDResource` endpoints to authenticated requests, as outlined in the following example:

[source,properties]
----
Expand Down Expand Up @@ -607,8 +606,8 @@ public class LibraryService {
----
<1> The formal parameter `update` is identified as the first `Library` parameter and gets passed to the `LibraryPermission` class.
However, the `LibraryPermission` must be instantiated each time the `updateLibrary` method is invoked.
<2> Here, the first `Library` parameter is `migrate`, therefore the `library` parameter gets marked explicitly through `PermissionsAllowed#params`.
The permission constructor and the annotated method must have the parameter `library` set, otherwise, validation fails.
<2> Here, the first `Library` parameter is `migrate`; therefore, the `library` parameter gets marked explicitly through `PermissionsAllowed#params`.
The permission constructor and the annotated method must have the parameter `library` set; otherwise, validation fails.

.Example of a resource secured with the `LibraryPermission`

Expand Down Expand Up @@ -722,7 +721,7 @@ public class PermissionsIdentityAugmentor implements SecurityIdentityAugmentor {
Because `MediaLibrary` is the `TvLibrary` class parent, a user with the `admin` role is also permitted to modify `TvLibrary`.
<2> You can add a permission checker through `io.quarkus.security.runtime.QuarkusSecurityIdentity.Builder#addPermissionChecker`.

CAUTION: Annotation permissions do not work with the custom xref:security-customization.adoc#jaxrs-security-context[Custom Jakarta REST SecurityContext] because there are no permissions in `jakarta.ws.rs.core.SecurityContext`.
CAUTION: Annotation-based permissions do not work with custom xref:security-customization.adoc#jaxrs-security-context[Jakarta REST SecurityContexts] because there are no permissions in `jakarta.ws.rs.core.SecurityContext`.

== References

Expand Down
Loading

0 comments on commit 8e87ba9

Please sign in to comment.