Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure HTTP Permission exact paths both with/without ending path separator so that Jakarta REST endpoint paths are secured by default #39012

Merged
merged 1 commit into from
Feb 28, 2024
Merged

Secure HTTP Permission exact paths both with/without ending path separator so that Jakarta REST endpoint paths are secured by default #39012

merged 1 commit into from
Feb 28, 2024

Conversation

michalvavrik
Copy link
Member

@michalvavrik michalvavrik commented Feb 26, 2024
edited
Loading

closes: #37285

I think dichotomy between Jakarta REST endpoint paths and HTTP permission exact path is not intuitive. We warn users to secure both paths, but who can honesty say that they read all the reference and remembers it when coding. IMO it is easy to forget.

@michalvavrik michalvavrik changed the title Secure HTTP perms exact paths to match Jakarta endpoints Secure HTTP Permission exact paths so that Jakarta REST endpoint paths are secured by default Feb 26, 2024
@michalvavrik michalvavrik changed the title Secure HTTP Permission exact paths so that Jakarta REST endpoint paths are secured by default Secure HTTP Permission exact paths both with/without ending path separator so that Jakarta REST endpoint paths are secured by default Feb 26, 2024
@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 26, 2024
edited
Loading

🙈 The PR is closed and the preview is expired.

@sberyozkin
Copy link
Member

I agree, will comment more later, thanks

@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@michalvavrik
Copy link
Member Author

I agree, will comment more later, thanks

Thanks, I won't do anything about CI as it will have to re-run (possibly) couple of times after your review, so I'll ignore these weird failures.

@michalvavrik michalvavrik force-pushed the feature/secure-both-http-perms-exact-paths branch from 696e088 to 8fe4233 Compare February 27, 2024 19:24
@michalvavrik michalvavrik force-pushed the feature/secure-both-http-perms-exact-paths branch from 8fe4233 to ab2cd5b Compare February 27, 2024 19:29
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Feb 27, 2024

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit ab2cd5b.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

⚠️ There are other workflow runs running, you probably need to wait for their status before merging.

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Feb 27, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit ab2cd5b.

⚠️ Unable to include the stracktraces as the report was too long. See annotations below for the details.
⚠️ Unable to include the failure links as the report was too long. See annotations below for the details.

Failing Jobs

Status Name Step Failures Logs Raw logs Build scan
JVM Tests - JDK 17 Build Failures Logs Raw logs 🚧
JVM Tests - JDK 21 Build Failures Logs Raw logs 🚧
MicroProfile TCKs Tests Verify Failures Logs Raw logs 🚧

Full information is available in the Build summary check run.

Failures

⚙️ JVM Tests - JDK 17 #

- Failing: integration-tests/narayana-lra

📦 integration-tests/narayana-lra

org.acme.quickstart.lra.LRAParticipantTest.testLRA line 63 - History

org.acme.quickstart.lra.LRAParticipantTest.testLRAStartEnd line 44 - History

⚙️ JVM Tests - JDK 21 #

- Failing: integration-tests/narayana-lra

📦 integration-tests/narayana-lra

org.acme.quickstart.lra.LRAParticipantTest.testLRA line 63 - History

org.acme.quickstart.lra.LRAParticipantTest.testLRAStartEnd line 44 - History

⚙️ MicroProfile TCKs Tests #

- Failing: tcks/microprofile-lra

📦 tcks/microprofile-lra

org.eclipse.microprofile.lra.tck.TckCancelOnTests.cancelFromRemoteCall line 160 - History

org.eclipse.microprofile.lra.tck.TckCancelOnTests.cancelOn301 line 120 - History

org.eclipse.microprofile.lra.tck.TckCancelOnTests.cancelOnFamily3xx line 100 - History

org.eclipse.microprofile.lra.tck.TckCancelOnTests.cancelOnFamilyDefault4xx line 68 - History

org.eclipse.microprofile.lra.tck.TckCancelOnTests.cancelOnFamilyDefault5xx line 84 - History

org.eclipse.microprofile.lra.tck.TckCancelOnTests.notCancelOnFamily5xx line 140 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testAfterLRAEnlistmentDuringClosingPhase line 297 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testAsync1Support line 263 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testAsync2Support line 272 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testAsync3Support line 282 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testBasicContextPropagation line 101 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testContextAfterRemoteCalls line 258 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testForget line 156 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testForgetCalledForNestedParticipantsWhenParentIsClosed line 220 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testLeave line 135 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testParentContextAvailable line 190 - History

org.eclipse.microprofile.lra.tck.TckContextTests.testStatus line 112 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.mandatoryEndWithLRA line 195 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.mandatoryEndWithLRAAtInterface line 346 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.mandatoryEndWithLRAAtSuperclass line 497 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.mandatoryWithLRA line 118 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.mandatoryWithLRAAtInterface line 269 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.mandatoryWithLRAAtSuperclass line 420 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithEndLRA line 231 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithEndLRAAtInterface line 382 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithEndLRAAtSuperclass line 533 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithInvalidLRA line 160 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithInvalidLRAAtInterface line 311 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithInvalidLRAAtSuperclass line 462 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithLRA line 154 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithLRAAtInterface line 305 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.neverWithLRAAtSuperclass line 456 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.notSupportedEndWithRA line 219 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.notSupportedEndWithRAAtInterface line 370 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.notSupportedEndWithRAAtSuperclass line 521 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.notSupportedWithRA line 142 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.notSupportedWithRAAtInterface line 293 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.notSupportedWithRAAtSuperclass line 444 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredEndWithLRA line 171 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredEndWithLRAAtInterface line 322 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredEndWithLRAAtSuperclass line 473 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredEndWithoutLRA line 177 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredEndWithoutLRAAtInterface line 328 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredEndWithoutLRAAtSuperclass line 479 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredWithLRA line 94 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredWithLRAAtInterface line 245 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredWithLRAAtSuperclass line 396 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredWithoutLRA line 100 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredWithoutLRAAtInterface line 251 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiredWithoutLRAAtSuperclass line 402 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresEndNewWithLRA line 183 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresEndNewWithLRAAtInterface line 334 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresEndNewWithLRAAtSuperclass line 485 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresEndNewWithoutLRA line 189 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresEndNewWithoutLRAAtInterface line 340 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresEndNewWithoutLRAAtSuperclass line 491 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresNewWithLRA line 106 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresNewWithLRAAtInterface line 257 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresNewWithLRAAtSuperclass line 408 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresNewWithoutLRA line 112 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresNewWithoutLRAAtInterface line 263 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.requiresNewWithoutLRAAtSuperclass line 414 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.supportsEndWithLRA line 207 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.supportsEndWithLRAAtInterface line 358 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.supportsEndWithLRAAtSuperclass line 509 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.supportsWithLRA line 130 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.supportsWithLRAAtInterface line 281 - History

org.eclipse.microprofile.lra.tck.TckLRATypeTests.supportsWithLRAAtSuperclass line 432 - History

org.eclipse.microprofile.lra.tck.TckParticipantTests.cancelLraDuringBusinessMethod line 189 - History

org.eclipse.microprofile.lra.tck.TckParticipantTests.testNonJaxRsCompletionStageResponseAndParticipantStatus line 169 - History

org.eclipse.microprofile.lra.tck.TckParticipantTests.testNonJaxRsCompletionStageVoid line 143 - History

org.eclipse.microprofile.lra.tck.TckParticipantTests.validSignaturesChainTest line 115 - History

org.eclipse.microprofile.lra.tck.TckParticipantTests.validWebApplicationExceptionReturnedTest line 81 - History

org.eclipse.microprofile.lra.tck.TckRecoveryTests.testCancelWhenParticipantIsRestarted line 128 - History

org.eclipse.microprofile.lra.tck.TckRecoveryTests.testCancelWhenParticipantIsUnavailable line 168 - History

org.eclipse.microprofile.lra.tck.TckTests.acceptCancelTest line 375 - History

org.eclipse.microprofile.lra.tck.TckTests.acceptCloseTest line 370 - History

org.eclipse.microprofile.lra.tck.TckTests.cancelLRA line 98 - History

org.eclipse.microprofile.lra.tck.TckTests.closeLRA line 118 - History

org.eclipse.microprofile.lra.tck.TckTests.compensateMultiLevelNestedActivity line 173 - History

org.eclipse.microprofile.lra.tck.TckTests.completeMultiLevelNestedActivity line 168 - History

org.eclipse.microprofile.lra.tck.TckTests.dependentLRA line 302 - History

org.eclipse.microprofile.lra.tck.TckTests.join line 211 - History

org.eclipse.microprofile.lra.tck.TckTests.joinLRAViaHeader line 183 - History

org.eclipse.microprofile.lra.tck.TckTests.joinWithOneResourceDifferentMethodTwiceWithCancel line 462 - History

org.eclipse.microprofile.lra.tck.TckTests.joinWithOneResourceDifferentMethodTwiceWithClose line 482 - History

org.eclipse.microprofile.lra.tck.TckTests.joinWithOneResourceSameMethodTwiceWithCancel line 452 - History

org.eclipse.microprofile.lra.tck.TckTests.joinWithOneResourceSameMethodTwiceWithClose line 472 - History

org.eclipse.microprofile.lra.tck.TckTests.joinWithTwoResourcesWithCancel line 501 - History

org.eclipse.microprofile.lra.tck.TckTests.joinWithTwoResourcesWithClose line 492 - History

org.eclipse.microprofile.lra.tck.TckTests.leaveLRA line 268 - History

org.eclipse.microprofile.lra.tck.TckTests.mixedMultiLevelNestedActivity line 178 - History

org.eclipse.microprofile.lra.tck.TckTests.nestedActivity line 128 - History

org.eclipse.microprofile.lra.tck.TckTests.noLRATest line 422 - History

org.eclipse.microprofile.lra.tck.TckTests.testAfterLRAListener line 250 - History

org.eclipse.microprofile.lra.tck.TckTests.testAfterLRAParticipant line 229 - History

org.eclipse.microprofile.lra.tck.TckTests.timeLimit line 322 - History

org.eclipse.microprofile.lra.tck.TckTests.timeLimitWithPreConditionFailed line 361 - History

org.eclipse.microprofile.lra.tck.TckUnknownStatusTests.compensate_retry line 65 - History

org.eclipse.microprofile.lra.tck.TckUnknownStatusTests.complete_retry line 79 - History

org.eclipse.microprofile.lra.tck.TckUnknownTests.compensate_immediate line 74 - History

org.eclipse.microprofile.lra.tck.TckUnknownTests.compensate_retry line 86 - History

org.eclipse.microprofile.lra.tck.TckUnknownTests.complete_immediate line 99 - History

org.eclipse.microprofile.lra.tck.TckUnknownTests.complete_retry line 111 - History

Flaky tests - Develocity

⚙️ Maven Tests - JDK 17 Windows

📦 integration-tests/maven

io.quarkus.maven.it.TestMojoIT.testThatTheTestsAreReRunMultiModule - History

  • Condition with io.quarkus.maven.it.continuoustesting.TestModeContinuousTestingMavenTestUtils was not fulfilled within 3 minutes. - org.awaitility.core.ConditionTimeoutException

@sberyozkin
Copy link
Member

Failing tests are not related

@sberyozkin sberyozkin merged commit 38bae4b into quarkusio:main Feb 28, 2024
50 of 53 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.9 - main milestone Feb 28, 2024
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Feb 28, 2024
@michalvavrik michalvavrik deleted the feature/secure-both-http-perms-exact-paths branch February 28, 2024 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin sberyozkin approved these changes

Assignees
No one assigned
Labels
area/docstyle issues related for manual docstyle review area/documentation area/rest area/resteasy-classic area/vertx kind/enhancement New feature or request triage/flaky-test
Projects
Quarkus Documentation
Status: Done
Milestone
3.9.0.CR1
2 participants
@michalvavrik @sberyozkin