Skip to content

Commit

Permalink
Tweak auth content based on QE feedback in rhbq docs
Browse files Browse the repository at this point in the history
  • Loading branch information
rolfedh committed Jun 7, 2024
1 parent b6b00e9 commit 9fd8dd7
Showing 1 changed file with 6 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -410,7 +410,7 @@ quarkus.http.auth.policy.role-policy3.roles-allowed=admin
quarkus.http.auth.permission.roles3.paths=/secured/admin/*
quarkus.http.auth.permission.roles3.policy=role-policy3
----
<1> Role `root` will be able to access `/secured/user/*` and `/secured/admin/*` paths.
<1> Role `root` will be able to access `/secured/user/\*` and `/secured/admin/*` paths.
<2> The `/secured/*` path can only be accessed by authenticated users. This way, you have secured the `/secured/all` path and so on.

Check warning on line 414 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.TermsSuggestions] Depending on the context, consider using 'appropriate descriptive wording, unless you list a clear sequence of elements' rather than 'and so on'. Raw Output: {"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'appropriate descriptive wording, unless you list a clear sequence of elements' rather than 'and so on'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 414, "column": 123}}}, "severity": "INFO"}
<3> Shared permissions are always applied before unshared ones, therefore a `SecurityIdentity` with the `root` role will have the `user` role as well.

Check warning on line 415 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'. Raw Output: {"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 415, "column": 143}}}, "severity": "INFO"}

Expand All @@ -424,11 +424,11 @@ based on the common security annotations `@RolesAllowed`, `@DenyAll`, `@PermitAl
[options="header"]
|===
s| Annotation type s| Description
s| @DenyAll | Specifies that no security roles are allowed to invoke the specified methods.
s| @PermitAll | Specifies that all security roles are allowed to invoke the specified methods.
s| `@DenyAll` | Specifies that no security roles are allowed to invoke the specified methods.
s| `@PermitAll` | Specifies that all security roles are allowed to invoke the specified methods.

`@PermitAll` lets everybody in, even without authentication.
s| @RolesAllowed | Specifies the list of security roles allowed to access methods in an application.
s| `@RolesAllowed` | Specifies the list of security roles allowed to access methods in an application.

As an equivalent to `@RolesAllowed("**")`, {project-name} also provides the `io.quarkus.security.Authenticated` annotation that permits any authenticated user to access the resource.
|===
Expand Down Expand Up @@ -504,7 +504,6 @@ However, if that property is not specified, a role named `User` is required as a
|===

.Example of a property expressions usage in the `@RolesAllowed` annotation

[source,properties]
----
admin=Administrator
Expand All @@ -515,6 +514,8 @@ tester.role=Tester
all-roles=Administrator,Software,Tester,User
----

[[subject-access-control-example]]
.Subject access control example
[source,java]
----
import java.security.Principal;
Expand Down

0 comments on commit 9fd8dd7

Please sign in to comment.