Support Quarkus REST endpoint security annotations placed on endpoint implementations #41784
Conversation
michalvavrik
force-pushed
the
feature/latest-secure-impl-method-quarkus-rest
branch
from
887ea99
to
d31ccbe
Compare
This comment has been minimized.
This comment has been minimized.
...ver/runtime/src/main/java/org/jboss/resteasy/reactive/server/model/ServerResourceMethod.java
Outdated
Show resolved
Hide resolved
michalvavrik
force-pushed
the
feature/latest-secure-impl-method-quarkus-rest
branch
from
d31ccbe
to
d30e0e6
Compare
This comment has been minimized.
This comment has been minimized.
I have only renamed one property and added Javadoc, before this change it worked so I think it's flaky. Anyway |
|
|
|
Almost certainly unrelated, but I relaunched that job anyway |
...va/io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityInterceptorHandler.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Everything is done very precisely with a great test coverage, minor question about the exception message, up to Michal what to do with it...
Thanks @michalvavrik
Status for workflow
|
| Status | Name | Step | Failures | Logs | Raw logs | Build scan |
|---|---|---|---|---|---|---|
| ✔️ | Native Tests - HTTP | Failures | Logs | Raw logs | 🚧 |
Failures
⚙️ Native Tests - HTTP #
- Failing: integration-tests/rest-client
📦 integration-tests/rest-client
✖ Failed to execute goal uk.co.automatictester:truststore-maven-plugin:3.0.0:generate-truststore (wrong-host-truststore) on project quarkus-integration-test-rest-client: Execution wrong-host-truststore of goal uk.co.automatictester:truststore-maven-plugin:3.0.0:generate-truststore failed: Unable to establish TLS connection with: wrong.host.badssl.com:443
|
I've just merged and noticed the test failure, but it does not look related at all |
I think @geoand re-run the test failure and it was fixed. So the CI was green. |
follow-up for the #41564
This PR aims to assure that when a security annotation is placed on a method that is actually invoked (returns endpoint response), than security is applied. Also, that when the security is applied, then default JAX-RS security is not applied as requested in the #39964. Extra tests comparing to #41564 are to assert endpoint implementation is identified for supported scenarios (tested scenarios). CDI interceptors that are backup for eager checks here are untouched by this PR, as well as all existing tests.