-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Quarkus Security issue in the Native Executable #12594
Comments
@sberyozkin I've just tested my setup from above, but this time setting |
I guess @sberyozkin wanted to tag @gsmet :) |
@gsmet is there a chance that issue gets a little attention? |
These configuration properties are fixed at build time so changing the profile won't change anything. |
(I'm not saying it's a good thing they are but that's a fact :)) |
@gsmet what is the workaround to change the profile then? Do you plan to make some fix on that? |
Quarkus version: 1.8.1
I have two quarkus profile configurations for our security. One for the
prod
and another for theinsecure
profile:So what happens:
QUARKUS_PROFILE="insecure"
QUARKUS_PROFILE="prod"
Result:
My endpoints are not secured
Expected result:
Security setting much change depending on the runtime profile
So my security setting for the "prod" profile is not applied and all the endpoints are not secured. It seems that when building the native executable the settings from the "build profile" (the profile that is set during build time "insecure") are recorded and there is not way to change them during runtime with a different profile.
If I'm not building a native executable and I'm running Quarkus in JVM mode, everything works as expected and when I change the runtime profile, security is applied.
We need to have different security settings (for each quarkus profile) for our different envirouments.
How can I do that?
The text was updated successfully, but these errors were encountered: