quarkiverse / quarkus-zanzibar Goto Github PK
View Code? Open in Web Editor NEWZanzibar style fine grained authorization
Home Page: https://zanzibar.academy
License: Apache License 2.0
quarkus-zanzibar's Issues
403 on a non protected method
I have a service with some methods that are protected by openfga annotations and some that are not. I'm getting 403 on a non protected method. That should not be possible.
Here is my method:
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("specialQuery")
public String listSpecialquery() {
String[] returnedItems = new String[]{"item:item1","item:item2","item:item3","item:item4"};
List<String> filteredItems=Multi.createFrom().items(returnedItems).filter(new Predicate<String>() {
@Override
public boolean test(String t) {
System.out.println("before: "+t);
boolean result=authModelClient.check(new TupleKey(t, "view", securityContext.getUserPrincipal().getName()),null).await().atMost(Duration.ofSeconds(1));
System.out.println("after: "+t);
return result;
}
}).collect().asList().await().atMost(Duration.ofSeconds(5));
return "Access granted to items: "+filteredItems;[feature request] add support for grpc
currently the permission related annotations acts on https request. It would be nice if there was a way to have the same or similar annotations working on grpc methods.
unsatisfied dependencies when starting the application
hello, I'm getting the following unsastified depdencies when starting a quaksu app suing this extension:
java.lang.RuntimeException: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
[error]: Build step io.quarkus.arc.deployment.ArcProcessor#validate threw an exception: javax.enterprise.inject.spi.DeploymentException: Found 4 deployment problems:
[1] Unsatisfied dependency for type java.util.Optional<java.lang.String> and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():unauthenticatedUser
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
The following beans match by type, but none have matching qualifiers:
- Bean [class=java.util.Optional, qualifiers=[@ConfigProperty, @Any]]
[2] Unsatisfied dependency for type java.time.Duration and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():timeout
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
[3] Unsatisfied dependency for type boolean and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():denyUnannotated
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
The following beans match by type, but none have matching qualifiers:
- Bean [class=java.lang.Boolean, qualifiers=[@ConfigProperty, @Any]]
[4] Unsatisfied dependency for type io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature$FilterFactory and qualifiers [@Default]
- java member: io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature():filterFactory
- declared on CLASS bean [types=[io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature, javax.ws.rs.container.DynamicFeature, java.lang.Object], qualifiers=[@Default, @Any], target=io.quarkiverse.zanzibar.jaxrs.ZanzibarDynamicFeature]
I'm probably not using it right but I think I followed the instructions, here is the relevant part of my class:
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("{itemid}")
@FGAPathObject(param = "itemid", type = "item")
@FGARelation("view")
public String hello(String itemid) {
return "Access granted to itemid"+itemid;
}this is a very useful extension and I'd like to help developing/improving it.
Incorrect example ?
Hello !
Thanks for your work !
I am trying to use your extension but I encountered some issues, with your example I have an error:
Caused by: io.quarkiverse.openfga.client.model.FGAValidationException: Invalid tuple 'thing:1#owner@1'. Reason: the 'user' field must be an object (e.g. document:1) or an 'object#relation' or a typed wildcard (e.g. group:*)
by chaning this line and after reading the documentation and replacing principal.getName() with "user:"+principal.getName() It works.
Is there something I'm missing ?
Provide an option to have a custom principal.getName() extractor
If we don't wan to use the principal.getName() as the user identifier, we could provide a class like ?
@ApplicationScoped
public class CustomZanzibarPrincipalExtractor implements ZanzibarPrincipalExtractor {
public String extract(...) {
}
}How to configure the credentials for the openFGA server
Hello,
I wanted to use this extension in my project to work with an openFGA server but the only properties I found are these one:
- quarkus.zanzibar.filter.enabled
- quarkus.zanzibar.filter.deny-unannotated-resource-methods
- quarkus.zanzibar.filter.unauthenticated-user
- quarkus.zanzibar.filter.timeout
And I can't find how to setup the url and secrets for the openFGA server
Can you help me ? or point me to the correct item of documentation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.