Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add handling of the annotation @PermissionsAllowed on methods or class for OpenAPI #39259

Merged
merged 1 commit into from
Mar 7, 2024
Merged

Add handling of the annotation @PermissionsAllowed on methods or class for OpenAPI #39259

merged 1 commit into from
Mar 7, 2024

Conversation

PierreAdam
Copy link
Contributor

Closes #39227

Add support for annotation @PermissionsAllowed on the generated openapi file.

For a method declared as followed :

    @GET
    @Path("/test")
    @PermissionsAllowed("secure:read")
    public String endpoint() {
        return "secure";
    }

The result is

  /test:
    get:
      ...
      responses:
        "200":
          description: OK
          content:
            text/plain:
              schema:
                type: string
        "403":
          description: Not Allowed
        "401":
          description: Not Authorized
      security:
      - SecurityScheme: []

Please note that the content of SecurityScheme is empty. This is done on purpose to avoid mixing openapi scopes with the internal application permission.

If you desire the openapi file to reflect the proper scope, I would recommend doing the following.

@ApplicationScoped
@RolesAllowed("my-scope")
public class MyController {
    @GET
    @Path("/test")
    @PermissionsAllowed("secure:read")
    public String endpoint() {
        return "secure";
    }
}

Adding a @RoleAllowed on the class itself allows to set a scope in the openapi definition and the result is as follow

  /test:
    get:
      ...
      responses:
        "200":
          description: OK
          content:
            text/plain:
              schema:
                type: string
        "403":
          description: Not Allowed
        "401":
          description: Not Authorized
      security:
      - SecurityScheme:
        - my-scope

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Mar 7, 2024

Thanks for your pull request!

The title of your pull request does not follow our editorial rules. Could you have a look?

  • title should not end up with dot

This message is automatically generated by a bot.

@PierreAdam PierreAdam changed the title Add handling of the annotation @PermissionsAllowed on methods or class. Add handling of the annotation @PermissionsAllowed on methods or class Mar 7, 2024
@PierreAdam PierreAdam changed the title Add handling of the annotation @PermissionsAllowed on methods or class Add handling of the annotation @PermissionsAllowed on methods or class for OpenAPI Mar 7, 2024
@phillip-kruger
Copy link
Member

Please squash the commits into 1

@PierreAdam
Copy link
Contributor Author

PierreAdam commented Mar 7, 2024
edited
Loading

Please squash the commits into 1

Done 😃

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Mar 7, 2024
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit d7d2e08.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

phillip-kruger
phillip-kruger approved these changes Mar 7, 2024
View reviewed changes
Copy link
Member

@phillip-kruger phillip-kruger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@phillip-kruger phillip-kruger merged commit 8ae9c71 into quarkusio:main Mar 7, 2024
24 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.9 - main milestone Mar 7, 2024
@PierreAdam PierreAdam deleted the issue/39227 branch March 7, 2024 22:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phillip-kruger phillip-kruger phillip-kruger approved these changes

Assignees
No one assigned
Labels
area/openapi area/smallrye kind/bugfix
Projects
None yet
Milestone
3.9.0.CR1
Development

Successfully merging this pull request may close these issues.

No SecurityScheme on OpenAPI when using openIdConnect and @PermissionsAllowed
2 participants
@PierreAdam @phillip-kruger