@SecureField add expression support #36804

Serkan80 · 2023-10-31T15:56:41Z

Description

Currenty @SecureField only supports hardcoded roles and it would be nice if this could be aligned with how @RolesAllowed works, namely with expressions support.

This also causes problems in combination with @RolesAllowed when the latter uses expressions and when the app is deployed on certain environments then the dynamic role is not available in SecureField.

If implemented, then please make this also available on the LTS version.

Implementation ideas

This should be possible:

@SecureField(roles=‘${maintainer.role}’, ‘roleA’)

The text was updated successfully, but these errors were encountered:

quarkus-bot · 2023-10-31T16:12:19Z

/cc @pedroigor (bearer-token)

michalvavrik · 2023-11-19T16:08:01Z

If implemented, then please make this also available on the LTS version.

Sorry, probably not possible. I think new feature like this does not qualify for backports.

geoand · 2023-11-20T09:32:41Z

I think new feature like this does not qualify for backports.

I definitely agree

Serkan80 · 2023-11-20T19:24:10Z

If implemented, then please make this also available on the LTS version.

Sorry, probably not possible. I think new feature like this does not qualify for backports.

I thought that security fixes & enhancements would also be backported to the LTS version ?

Anyways, thx for the effort for implementing this feature! Very appreciated !

geoand · 2023-11-21T03:48:45Z

This is a new feature, not a fix for a security issue

This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [flow-bin](https://github.com/flowtype/flow-bin) ([changelog](https://github.com/facebook/flow/blob/master/Changelog.md)) | devDependencies | minor | [`^0.222.0` -> `^0.223.0`](https://renovatebot.com/diffs/npm/flow-bin/0.222.0/0.223.2) | | [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.5.3` -> `3.6.0` | | [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | minor | `3.5.3` -> `3.6.0` | --- ### Release Notes <details> <summary>flowtype/flow-bin</summary> ### [`v0.223.2`](flow/flow-bin@5bb7bcf...6e1e3f7) [Compare Source](flow/flow-bin@5bb7bcf...6e1e3f7) ### [`v0.223.0`](flow/flow-bin@84a68f1...5bb7bcf) [Compare Source](flow/flow-bin@84a68f1...5bb7bcf) </details> <details> <summary>quarkusio/quarkus</summary> ### [`v3.6.0`](https://github.com/quarkusio/quarkus/releases/tag/3.6.0) [Compare Source](quarkusio/quarkus@3.5.3...3.6.0) ##### Major changes - [#37241](quarkusio/quarkus#37241) - Make improvements to REST Client SSE handling ##### Complete changelog - [#37242](quarkusio/quarkus#37242) - Support Docker Desktop for building native executables - [#37241](quarkusio/quarkus#37241) - Make improvements to REST Client SSE handling - [#37240](quarkusio/quarkus#37240) - Updates Infinispan to 14.0.21.Final - [#37238](quarkusio/quarkus#37238) - Build cache - Only store if the access key is around - [#37236](quarkusio/quarkus#37236) - Api to read minimum and recommended Java versions from catalog metadata - [#37221](quarkusio/quarkus#37221) - Image updates (including Java 21 base image) - [#37218](quarkusio/quarkus#37218) - Fix OpenTelemetry trace exclusion of endpoints served from the management interface - [#37213](quarkusio/quarkus#37213) - Add basic Range header support - [#37205](quarkusio/quarkus#37205) - Resteasy-reactive Partial Content support (Range: bytes http header) - [#37204](quarkusio/quarkus#37204) - Allow to define allowed roles as configuration expressions inside `@SecureField` annotation - [#37201](quarkusio/quarkus#37201) - Fixed sample code for KotlinModule initialization - [#37198](quarkusio/quarkus#37198) - Some minor refinements for build scans - [#37193](quarkusio/quarkus#37193) - AccessDeniedException error with build using native image on linux with Docker Desktop - [#37185](quarkusio/quarkus#37185) - Removed DependencyFlags.REMOVED - [#37170](quarkusio/quarkus#37170) - Fix snapshots following a collision of pull requests - [#37166](quarkusio/quarkus#37166) - Support custom Authorization schemes for OIDC bearer tokens - [#37162](quarkusio/quarkus#37162) - Bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 - [#37161](quarkusio/quarkus#37161) - Bump io.quarkus:quarkus-platform-bom-maven-plugin from 0.0.97 to 0.0.99 - [#37158](quarkusio/quarkus#37158) - Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 - [#37153](quarkusio/quarkus#37153) - Bump smallrye-jwt version to 4.4.0 - [#37149](quarkusio/quarkus#37149) - Bump com.squareup.okio:okio from 1.17.2 to 1.17.6 in /bom/application - [#37107](quarkusio/quarkus#37107) - Rest client able to get full SSE event - [#37101](quarkusio/quarkus#37101) - Remove `smallrye-opentracing` from native tests modules in CI - [#37094](quarkusio/quarkus#37094) - Bump jakarta.json:jakarta.json-api from 2.1.2 to 2.1.3 - [#37092](quarkusio/quarkus#37092) - Bump mongo-client.version from 4.11.0 to 4.11.1 - [#37067](quarkusio/quarkus#37067) - SmallRye GraphQL 2.6 + custom scalar registration - [#37053](quarkusio/quarkus#37053) - Clarify dynamic Environment Variables name conversion - [#37004](quarkusio/quarkus#37004) - Move failsafe config to the root instead of in an execution - [#36976](quarkusio/quarkus#36976) - Error in JBossLoggerFinder during integration test - [#36804](quarkusio/quarkus#36804) - `@SecureField` add expression support - [#36801](quarkusio/quarkus#36801) - Add note that endpointdisabled does not work native - [#36746](quarkusio/quarkus#36746) - Allow using a random test port within Google Cloud Function tests - [#35476](quarkusio/quarkus#35476) - Random test port does not work together with google-cloud-functions extensions </details> <details> <summary>quarkusio/quarkus-platform</summary> ### [`v3.6.0`](quarkusio/quarkus-platform@3.5.3...3.6.0) [Compare Source](quarkusio/quarkus-platform@3.5.3...3.6.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Serkan80 added the kind/enhancement New feature or request label Oct 31, 2023

quarkus-bot bot added the triage/needs-triage label Oct 31, 2023

sberyozkin added area/security and removed triage/needs-triage labels Oct 31, 2023

michalvavrik mentioned this issue Nov 19, 2023

Allow to define allowed roles as configuration expressions inside @SecureField annotation #37204

Merged

geoand closed this as completed in #37204 Nov 20, 2023

quarkus-bot bot added this to the 3.7 - main milestone Nov 20, 2023

gsmet modified the milestones: 3.7 - main, 3.6.0 Nov 21, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

@SecureField add expression support #36804

@SecureField add expression support #36804

Serkan80 commented Oct 31, 2023 •

edited

Loading

quarkus-bot bot commented Oct 31, 2023

michalvavrik commented Nov 19, 2023

geoand commented Nov 20, 2023

Serkan80 commented Nov 20, 2023

geoand commented Nov 21, 2023

@SecureField add expression support #36804

@SecureField add expression support #36804

Comments

Serkan80 commented Oct 31, 2023 • edited Loading

Description

Implementation ideas

quarkus-bot bot commented Oct 31, 2023

michalvavrik commented Nov 19, 2023

geoand commented Nov 20, 2023

Serkan80 commented Nov 20, 2023

geoand commented Nov 21, 2023

Serkan80 commented Oct 31, 2023 •

edited

Loading