quarkiverse / quarkus-zanzibar Goto Github PK
View Code? Open in Web Editor NEWZanzibar style fine grained authorization
Home Page: https://zanzibar.academy
License: Apache License 2.0
Zanzibar style fine grained authorization
Home Page: https://zanzibar.academy
License: Apache License 2.0
I have a service with some methods that are protected by openfga annotations and some that are not. I'm getting 403 on a non protected method. That should not be possible.
Here is my method:
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("specialQuery")
public String listSpecialquery() {
String[] returnedItems = new String[]{"item:item1","item:item2","item:item3","item:item4"};
List<String> filteredItems=Multi.createFrom().items(returnedItems).filter(new Predicate<String>() {
@Override
public boolean test(String t) {
System.out.println("before: "+t);
boolean result=authModelClient.check(new TupleKey(t, "view", securityContext.getUserPrincipal().getName()),null).await().atMost(Duration.ofSeconds(1));
System.out.println("after: "+t);
return result;
}
}).collect().asList().await().atMost(Duration.ofSeconds(5));
return "Access granted to items: "+filteredItems;
currently the permission related annotations acts on https request. It would be nice if there was a way to have the same or similar annotations working on grpc methods.
hello, I'm getting the following unsastified depdencies when starting a quaksu app suing this extension:
java.lang.RuntimeException: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
[error]: Build step io.quarkus.arc.deployment.ArcProcessor#validate threw an exception: javax.enterprise.inject.spi.DeploymentException: Found 4 deployment problems:
[1] Unsatisfied dependency for type java.util.Optional<java.lang.String> and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():unauthenticatedUser
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
The following beans match by type, but none have matching qualifiers:
- Bean [class=java.util.Optional, qualifiers=[@ConfigProperty, @Any]]
[2] Unsatisfied dependency for type java.time.Duration and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():timeout
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
[3] Unsatisfied dependency for type boolean and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():denyUnannotated
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
The following beans match by type, but none have matching qualifiers:
- Bean [class=java.lang.Boolean, qualifiers=[@ConfigProperty, @Any]]
[4] Unsatisfied dependency for type io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature$FilterFactory and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():filterFactory
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
I'm probably not using it right but I think I followed the instructions, here is the relevant part of my class:
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("{itemid}")
@FGAPathObject(param = "itemid", type = "item")
@FGARelation("view")
public String hello(String itemid) {
return "Access granted to itemid"+itemid;
}
this is a very useful extension and I'd like to help developing/improving it.
Hello !
Thanks for your work !
I am trying to use your extension but I encountered some issues, with your example I have an error:
Caused by: io.quarkiverse.openfga.client.model.FGAValidationException: Invalid tuple 'thing:1#owner@1'. Reason: the 'user' field must be an object (e.g. document:1) or an 'object#relation' or a typed wildcard (e.g. group:*)
by chaning this line and after reading the documentation and replacing principal.getName()
with "user:"+principal.getName()
It works.
Is there something I'm missing ?
If we don't wan to use the principal.getName()
as the user identifier, we could provide a class like ?
@ApplicationScoped
public class CustomZanzibarPrincipalExtractor implements ZanzibarPrincipalExtractor {
public String extract(...) {
}
}
Hello,
I wanted to use this extension in my project to work with an openFGA server but the only properties I found are these one:
And I can't find how to setup the url and secrets for the openFGA server
Can you help me ? or point me to the correct item of documentation
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.