Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support passing method args of RESTEasy Reactive endpoints secured with @PermissionsAllowed to permission constructor #32030

Closed
michalvavrik opened this issue Mar 22, 2023 · 2 comments · Fixed by #32534
Closed

Support passing method args of RESTEasy Reactive endpoints secured with @PermissionsAllowed to permission constructor #32030

michalvavrik opened this issue Mar 22, 2023 · 2 comments · Fixed by #32534
Assignees
@michalvavrik
Labels
area/rest area/security kind/enhancement New feature or request
Milestone
3.1.0.CR1

Comments

@michalvavrik
Copy link
Member

michalvavrik commented Mar 22, 2023
edited
Loading

Description

Currently passing arguments of method secured with @PermissionsAllowed only works on security checks performed by CDI interceptors as documented here https://github.com/quarkusio/quarkus/blob/main/docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc#permission-annotation.

As mentioned by Stuart Douglas here https://groups.google.com/g/quarkus-dev/c/ADY6k-Kwv-Y/m/83K2mCDzBwAJ, we can make it work for RESTEasy Reactive endpoints too.

Implementation ideas

  • make sure there is eager authentication security check performed in EagerSecurityHandler so that only authenticated requests are handled by this "postponed" security check done after argument serialization
@michalvavrik michalvavrik self-assigned this Mar 22, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Mar 22, 2023

/cc @FroMage (resteasy-reactive), @Sgitario (resteasy-reactive), @geoand (resteasy-reactive), @stuartwdouglas (resteasy-reactive)

@michalvavrik
Copy link
Member Author

I opened this issue so that I don't forget to do that. No actions needed from /cc, thank you.

@michalvavrik michalvavrik mentioned this issue Apr 3, 2023
Closed
michalvavrik added a commit to michalvavrik/quarkus that referenced this issue Apr 11, 2023
@michalvavrik
Pass method arguments to permissions on RESTEasy Reactive endpoints
eba4e98 
closes: quarkusio#32030
michalvavrik added a commit to michalvavrik/quarkus that referenced this issue Apr 11, 2023
@michalvavrik
Pass method arguments to permissions on RESTEasy Reactive endpoints
e22b3e6 
closes: quarkusio#32030
@michalvavrik michalvavrik mentioned this issue Apr 11, 2023
Merged
@quarkus-bot quarkus-bot bot added this to the 3.1 - main milestone Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michalvavrik michalvavrik

Labels
area/rest area/security kind/enhancement New feature or request
Projects
None yet
Milestone
3.1.0.CR1
Development

Successfully merging a pull request may close this issue.

Pass method arguments to permissions on RESTEasy Reactive endpoints michalvavrik/quarkus
1 participant
@michalvavrik