-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix mixing of the @TestSecurity annotation with HTTP request credentials inside one test method #41174
Fix mixing of the @TestSecurity annotation with HTTP request credentials inside one test method #41174
Conversation
f81a1ee
to
49c1663
Compare
This comment has been minimized.
This comment has been minimized.
🙈 The PR is closed and the preview is expired. |
This comment has been minimized.
This comment has been minimized.
...security/src/main/java/io/quarkus/test/security/AbstractTestHttpAuthenticationMechanism.java
Outdated
Show resolved
Hide resolved
Thanks @michalvavrik. Did you have a chance to check why it worked before, was it by pure luck ? I'm just wondering since the updates in the PR are quite involved, so I'd like to understand better what exactly we are fixing here. Thanks |
There is this small section that probably describes it is supposed to work https://quarkus.io/guides/security-testing#mixing-security-tests. It could also mean that you are supposed to test basic in a test method not annotated with
I tried to explain it in Javadoc, but I can improve that if it is not clear. Let me try here as well. Consider test scenario:
Please ask more question if it is unclear. |
I think it makes sense, I was just curious why it worked before, thanks @michalvavrik, I'll suggest a few minor doc updates a bit later, otherwise looks good. |
Let's merge once a couple of minor suggestions are done |
49c1663
to
5164af2
Compare
3.12 was branched just yesterday, so I'll add a backport label as it is a bug fix; we can probably stay conservative and do not backport it to 3.11 as 3.12 is out soon... |
Status for workflow
|
Status for workflow
|
fixes: #41125
Before #40059 it was possible to mix the
@TestSecurity
with actual credentials. We didn't have it well tested because #40059 didn't fail any tests. With this PR, it is possible again and there are tests and additional documentation.