Skip to content

Commit

Permalink
Authorization-of-web-endpoints ValeTweaks
Browse files Browse the repository at this point in the history 
Signed-off-by: Michal Maléř <mmaler@redhat.com>
  • Loading branch information
@MichalMaler
MichalMaler committed Nov 7, 2023
1 parent 778123a commit 6b36a8f
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ The request is rejected if it matches one or more permission sets based on the p

TIP: Given the preceding permission set, `GET /public/foo` would match both the path and method and therefore be allowed.
In contrast, `POST /public/foo` would match the path but not the method.
It would therefore be rejected.
It would, therefore, be rejected.

[[matching-multiple-paths]]
=== Matching multiple paths: longest path wins
Expand Down Expand Up @@ -237,7 +237,7 @@ For more information, see link:https://quarkus.io/blog/path-resolution-in-quarku
[[standard-security-annotations]]
== Authorization using annotations

Check warning on line 238 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsSuggestions] Depending on the context, consider using 'by using' or 'that uses' rather than 'using'.

Raw Output:
{"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'by using' or 'that uses' rather than 'using'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 238, "column": 17}}}, "severity": "INFO"}

{project-name} includes built-in security to allow for link:https://en.wikipedia.org/wiki/Role-based_access_control[Role-Based Access Control (RBAC)]
{project-name} includes built-in security to allow for link:https://en.wikipedia.org/wiki/Role-based_access_control[Role-Based Access Control (RBAC)]
based on the common security annotations `@RolesAllowed`, `@DenyAll`, `@PermitAll` on REST endpoints and CDI beans.

.{project-name} annotation types summary
Expand Down Expand Up @@ -492,7 +492,7 @@ NOTE: `@PermissionsAllowed` is not repeatable on the class level due to a limita
For more information, see the xref:cdi-reference.adoc#repeatable-interceptor-bindings[Repeatable interceptor bindings] section of the Quarkus "CDI reference" guide.

The easiest way to add permissions to a role-enabled `SecurityIdentity` instance is to map roles to permissions.
Use <<authorization-using-configuration>> to grant the required `SecurityIdentity` permissions for `CRUDResource` endpoints to authenticated requests, as outlined in the following example:
Use <<authorization-using-configuration>> to grant the required `SecurityIdentity` permissions for `CRUDResource` endpoints to authenticated requests, as outlined in the following example:

Check warning on line 495 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.

Raw Output:
{"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 495, "column": 152}}}, "severity": "INFO"}

[source,properties]
----
Expand Down Expand Up @@ -607,8 +607,8 @@ public class LibraryService {
----
<1> The formal parameter `update` is identified as the first `Library` parameter and gets passed to the `LibraryPermission` class.

Check warning on line 608 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.

Raw Output:
{"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 608, "column": 49}}}, "severity": "INFO"}
However, the `LibraryPermission` must be instantiated each time the `updateLibrary` method is invoked.
<2> Here, the first `Library` parameter is `migrate`, therefore the `library` parameter gets marked explicitly through `PermissionsAllowed#params`.
The permission constructor and the annotated method must have the parameter `library` set, otherwise, validation fails.
<2> Here, the first `Library` parameter is `migrate`; therefore, the `library` parameter gets marked explicitly through `PermissionsAllowed#params`.
The permission constructor and the annotated method must have the parameter `library` set; otherwise, validation fails.

.Example of a resource secured with the `LibraryPermission`

Expand Down Expand Up @@ -722,7 +722,7 @@ public class PermissionsIdentityAugmentor implements SecurityIdentityAugmentor {
Because `MediaLibrary` is the `TvLibrary` class parent, a user with the `admin` role is also permitted to modify `TvLibrary`.
<2> You can add a permission checker through `io.quarkus.security.runtime.QuarkusSecurityIdentity.Builder#addPermissionChecker`.

CAUTION: Annotation permissions do not work with the custom xref:security-customization.adoc#jaxrs-security-context[Custom Jakarta REST SecurityContext] because there are no permissions in `jakarta.ws.rs.core.SecurityContext`.
CAUTION: Annotation permissions do not work with the custom xref:security-customization.adoc#jaxrs-security-context[Jakarta REST SecurityContext] because there are no permissions in `jakarta.ws.rs.core.SecurityContext`.

== References

Expand Down

0 comments on commit 6b36a8f

Please sign in to comment.