Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@TestSecurity with @PermissionsAllowed annotated endpoint #42603

Closed
sberyozkin opened this issue Aug 16, 2024 Discussed in #42499 · 1 comment · Fixed by #42809
Closed

@TestSecurity with @PermissionsAllowed annotated endpoint #42603

sberyozkin opened this issue Aug 16, 2024 Discussed in #42499 · 1 comment · Fixed by #42809
Assignees
@michalvavrik
Labels
area/security kind/enhancement New feature or request
Milestone
3.16.0.CR1

Comments

@sberyozkin
Copy link
Member

Discussed in #42499

Originally posted by ralph089 August 13, 2024
I've been trying to use the @TestSecurity and @PermissionsAllowed annotations in my Quarkus application, but I'm facing some issues.

An endpoint has been annotated with @PermissionsAllowed:

@Path("/my-endpoint")
public class MyEndpointResource {

    @GET
    @PermissionsAllowed("endpoint:read")
    public Response getMyData() {
        return Response.ok("My data").build();
    }
}

When using @TestSecurity in my test class I can only specify roles. I tried it using @OidcSecurity and specifiying the scopes claim, but this also has no effect. The tests are failing due to unauthorized access.

I've got a use case, where I fetch the permissions of a user using a SecurityIdentityAugmentor and a DB call (this SecurityIdentityAugmentor is not being used when using @TestSecurity). Creating all the possible combinations through a quarkus.http.auth.policy upfront and relate the permission combinations to "test roles" that I use in my tests would probably be possible, but a lot of overhead.

Is there any other way on how to specify the permissions for a test case for a given user?
@sberyozkin sberyozkin added the kind/enhancement New feature or request label Aug 16, 2024
@michalvavrik michalvavrik self-assigned this Aug 26, 2024
@michalvavrik
Copy link
Member

I'll take care of it in upcoming days.

@michalvavrik michalvavrik mentioned this issue Aug 27, 2024
Merged
@quarkus-bot quarkus-bot bot added this to the 3.16 - main milestone Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michalvavrik michalvavrik

Labels
area/security kind/enhancement New feature or request
Projects
None yet
Milestone
3.16.0.CR1
Development

Successfully merging a pull request may close this issue.

Add support for string permissions to @TestSecurity annotation michalvavrik/quarkus
2 participants
@sberyozkin @michalvavrik