-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new AuthorizationPolicy annotation to bind named HttpSecurityPolicy to a Jakarta REST endpoints #42749
Add new AuthorizationPolicy annotation to bind named HttpSecurityPolicy to a Jakarta REST endpoints #42749
Conversation
🙈 The PR is closed and the preview is expired. |
cee0a89
to
a2ef0ca
Compare
This comment has been minimized.
This comment has been minimized.
a2ef0ca
to
ce3a5a5
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
While CI looks ugly, I can see in the Develocity this |
Hi @michalvavrik I think this is exactly what we'd like to do at the moment, have a super easy way to bind custom policies to specific JAX-RS classes or methods, and we can evolve A question that I have so far is this one. Let's say we have a named Please clarify it. |
Yes. We don't care whether it is named bean or not, as long as there is CDI HTTPSecurityPolicy bean without
In
|
Hi Michal, thanks, but I'm still not getting something. I'm totally fine with not using So let's say, even without this PR, I have
You say we don't really mind if it returns See what I mean when I asked what happens if we refer to this policy from |
Let me try to put it differently:
while
is always called. I believe it is rather well documented both in Javadoc https://github.com/quarkusio/quarkus/blob/main/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityPolicy.java#L26 and https://github.com/quarkusio/quarkus/blob/main/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityPolicy.java#L14 and in Quarkus documentation https://quarkus.io/guides/security-authorize-web-endpoints-reference#custom-http-security-policy (end of that section) Which reminds me I should add note about
with
I am really sorry for being slow, but I am yet to understand. There is no duplicate call because your |
9ed305e
to
0a40903
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
0a40903
to
31474b8
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
heck, I've already run formatting twice. I'll try again. |
31474b8
to
624195b
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
624195b
to
fcb8abb
Compare
Status for workflow
|
Status for workflow
|
Status | Name | Step | Failures | Logs | Raw logs | Build scan |
---|---|---|---|---|---|---|
✖ | Native Tests - Virtual Thread - Messaging | Build |
Logs | Raw logs | 🔍 |
You can consult the Develocity build scans.
The Kafka virtual thread failure doesn't seem related. @sberyozkin CI looks good now, please have a look. |
Thanks @michalvavrik |
New annotation
@AuthorizationPolicy
allows to selectHttpSecurityPolicy
on endpoints via annotations as alternative to path-matching rules. This allows for general authorization check without augmentation of aSecurityIdentity
.