Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-1584

Make @TestSecurity work correctly with unannotated JAX-RS endpoints security feature

    XMLWordPrintable

Details

    Description

      The use of `quarkus.security.jaxrs.deny-unannotated-endpoints=true` essentially
      results in the addition of a `DenyAllInterceptor` to the invocation chain
      of a JAX-RS endpoint.
      Because this interceptor did not take into account the `AuthorizationController`
      (like the `RolesAllowedInterceptor` already does), it would result in endpoints
      being secured even though security was supposed to be disabled for the specific test.

      Fixes: #19896

      Attachments

        Activity

          People

            Unassigned Unassigned
            probinso_jira Quarkus JIRA Bot
            Josef Smrcka Josef Smrcka
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: