Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.8] Tweak auth content based on QE feedback in rhbq docs #41069

Merged
merged 1 commit into from
Jun 10, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -410,9 +410,9 @@
quarkus.http.auth.permission.roles3.paths=/secured/admin/*
quarkus.http.auth.permission.roles3.policy=role-policy3
----
<1> Role `root` will be able to access `/secured/user/*` and `/secured/admin/*` paths.
<1> Role `root` will be able to access `/secured/user/\*` and `/secured/admin/*` paths.
<2> The `/secured/*` path can only be accessed by authenticated users. This way, you have secured the `/secured/all` path and so on.

Check warning on line 414 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.TermsSuggestions] Depending on the context, consider using 'appropriate descriptive wording, unless you list a clear sequence of elements' rather than 'and so on'. Raw Output: {"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'appropriate descriptive wording, unless you list a clear sequence of elements' rather than 'and so on'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 414, "column": 123}}}, "severity": "INFO"}
<3> Shared permissions are always applied before unshared ones, therefore a `SecurityIdentity` with the `root` role will have the `user` role as well.

Check warning on line 415 in docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'. Raw Output: {"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.", "location": {"path": "docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc", "range": {"start": {"line": 415, "column": 143}}}, "severity": "INFO"}

[[standard-security-annotations]]
== Authorization using annotations
Expand All @@ -424,11 +424,11 @@
[options="header"]
|===
s| Annotation type s| Description
s| @DenyAll | Specifies that no security roles are allowed to invoke the specified methods.
s| @PermitAll | Specifies that all security roles are allowed to invoke the specified methods.
s| `@DenyAll` | Specifies that no security roles are allowed to invoke the specified methods.
s| `@PermitAll` | Specifies that all security roles are allowed to invoke the specified methods.

`@PermitAll` lets everybody in, even without authentication.
s| @RolesAllowed | Specifies the list of security roles allowed to access methods in an application.
s| `@RolesAllowed` | Specifies the list of security roles allowed to access methods in an application.

As an equivalent to `@RolesAllowed("**")`, {project-name} also provides the `io.quarkus.security.Authenticated` annotation that permits any authenticated user to access the resource.
|===
Expand Down Expand Up @@ -504,7 +504,6 @@
|===

.Example of a property expressions usage in the `@RolesAllowed` annotation

[source,properties]
----
admin=Administrator
Expand All @@ -515,6 +514,8 @@
all-roles=Administrator,Software,Tester,User
----

[[subject-access-control-example]]
.Subject access control example
[source,java]
----
import java.security.Principal;
Expand Down
Loading