Comments (8)
I understand it now, alright, let me update the description.
from quarkus.
/cc @sberyozkin (security)
from quarkus.
Thanks @michalvavrik Sure, the quarkus.security
namespace is good for this. But we have to align it with the HTTP policy way too, what happens if both quarkus.security.root.roles
and quarkus.http.auth.permission.roles1.shared=true
is set...
Probably, since HTTO policy is more specific - every shared policy should accumulate root roles set in quarkus.security.root.roles
In general it is not only about making a few properties to set for the @RolesAllowed
case, but also avoiding having to set the path twice, once with @Path
and then also with HTTP Security policy
By the way, there was another issue related to optimizing things for the @RolesAllowed
case, was it for roles to group mapping ?
from quarkus.
I see, you've created the issue for optimizing the mapping of the roles but linked to sharing the policies :-), if I'm not confused, maybe both cases can be covered with this issue
from quarkus.
But we have to align it with the HTTP policy way too, what happens if both quarkus.security.root.roles and quarkus.http.auth.permission.roles1.shared=true is set...
Yeah, I definitely didn't plan to align anything. I thought the idea was to define roles that are always mapped, regardless of path and policies. That was your suggestion I remembered, hope I'm not confusing it...
Probably, since HTTO policy is more specific - every shared policy should accumulate root roles set in quarkus.security.root.roles
+1
In general it is not only about making a few properties to set for the @RolesAllowed case, but also avoiding having to set the path twice, once with @path and then also with HTTP Security policy
Hmm, I think there was some suggestion for @RolesAllowed
attribute role mapping, but we can't use it as we don't own the annotation. Also TBH, annotation values are not as flexible and configurable as SR Configuration source like application.properties
. It allows greater variability.
I don't remember details.
By the way, there was another issue related to optimizing things for the @RolesAllowed case, was it for roles to group mapping ?
No idea, sorry. Please give me some hint.
I see, you've created the issue for optimizing the mapping of the roles but linked to sharing the policies :-), if I'm not confused, maybe both cases can be covered with this issue
I couldn't really remember where and what we agreed on, so I took a guess, linked shared policies and made some rationale from your reminder :-)
from quarkus.
Sergey, thinking of it, if you suggest something else than in the issue description, you will have to adjust the description or create new issue because I'm bit lost. Sorry. This was the only thing I had in a memory.
from quarkus.
@michalvavrik OK, lets try to figure out what we'd like to optimize.
What I thought you'd look at is at optimizing the mapping as suggested at the end of https://github.com/quarkusio/quarkus/issues/37989 , you were ok with that suggestion.
And you name this issue accordingly, but you refer to the different situation, where roles can be shared with other policies which is not related to the problem of mapping. See what I mean ?
So may be you can rename this issue to deal with optimizing the sharing of roles for the @RolesAllowed
case and I can create an issue to optimize the mapping ?
from quarkus.
This is on hold till #39236 is in because it requires touching same lines of code and I want to avoid conflicts. Will have a look after that.
from quarkus.
Related Issues (20)
- Enforce OIDC UserInfo acquisition if `UserInfo` is injected HOT 1
- Build time and runtime fixed @ConfigMapping has values inside buildstep but nulls inside recorded method HOT 7
- dev mode reload - rabbitmq - multiple rabbitmq connections HOT 5
- Add a property for the version when creating a project with a non-platform extension HOT 2
- graal-sdk in 23.1.x brings in `org.graalvm.polyglot` which causes a couple of issues (wrap up) HOT 5
- RESTEasy Reactive dependency added to deployment classpath of nearly all Quarkus apps HOT 11
- WebSockets Next: add endpoints to the DevUI's 404 page HOT 3
- OpenTelemetry and smallrye reactive kafka HOT 11
- Quarkus gradle plugin classpath exclude problem? [QUESTION] HOT 2
- Quarkus OpenTelemetry Rest Client Span Name with Route (URL Path Template) HOT 4
- Allow @OIDCClientFilter at field level HOT 13
- WebSockets Next: add basic Dev UI HOT 1
- WebSockets Next: add convenient way to handle the subprotocol header HOT 5
- ChainBuildException - Cycle detected after #39352 PR HOT 6
- [GraalVM 24.1] Integration Tests - Locales - Some fails with: Error occurred during initialization of boot layer HOT 7
- 3.9.0.CR2: NoClassDefFoundError: io/quarkus/security/spi/runtime/SecurityEvent HOT 10
- No way to configure publickey algorithm in quarkus-oidc HOT 7
- Ambiguity in the WebAuthN docs when writing custom login/registration and getting dual write errors on database HOT 7
- Swagger UI unresponsive with big data model in native build HOT 8
- Gradle build cache prevents source packages to be installed to local Maven repository HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quarkus.