Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Security roles checked after constraints validation with quarkus-resteasy-reactive

See original GitHub issue

Describe the bug

I noticed something weird while migrating a project from quarkus-resteasy to quarkus-resteasy-reactive:

  • with quarkus-resteasy, security roles are checked before constraints validation when the request content type is JSON
  • with quarkus-resteasy-reactive, security roles are checked after constraints validation when the request content type is JSON

There’s no difference between the two extensions when the content type is text.

Expected behavior

I would expect the same behavior with both versions of quarkus-resteasy*.

Actual behavior

Different behavior.

To Reproduce

https://github.com/gwenneg/quarkus-resteasy-reactive-security

It contains two folders with the exact same code with one exception: the quarkus-resteasy* dependency.

Steps to reproduce the behavior:

  1. cd quarkus-resteasy
  2. ./mvnw clean test > BUILD SUCCESS
  3. cd quarkus-resteasy-reactive
  4. ./mvnw clean test > BUILD FAILURE

Environment (please complete the following information):

Output of java -version

openjdk version "11.0.9.1" 2020-11-04
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9.1+1)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9.1+1, mixed mode)

Quarkus version or git rev

1.13.3.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:18 (17 by maintainers)

github_iconTop GitHub Comments

1reaction
geoandcommented, Jun 4, 2021

I wonder if it makes sense to this sort of thing with other kinds of interceptors as well - like Caching for example

1reaction
sberyozkincommented, Apr 29, 2021

Hey @geoand Enjoy the long weekend, I thought it was a JAX-RS filter but it is a CDI interceptor

Read more comments on GitHub >

github_iconTop Results From Across the Web

Writing REST Services with RESTEasy Reactive - Quarkus
This is the reference guide for RESTEasy Reactive. For a more lightweight introduction, please refer to the Writing JSON REST services ...
Read more >
Validation with Hibernate Validator - Quarkus
Constraints are added on fields, and when an object is validated, the values are checked. The getter and setter methods are also used...
Read more >
All configuration options - Quarkus
AWS Lambda Type Default AWS Lambda Common Type Default AWS Lambda Gateway REST API Type Default Agroal ‑ Database connection pool Type Default
Read more >
Quarkus Security overview
The Quarkus quarkus-oidc extension provides a reactive, interoperable, multitenant-enabled OIDC adapter that supports Bearer Token and Authorization Code Flow ...
Read more >
Built-In Authentication Support - Quarkus
For example, one can add new roles after checking a client certificate ... By default, the authentication security constraints are enforced before the ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Devservices must disabled themself if docker is not installed

Next page

Add tip about quarkus.log.level on quarkus.hibernate-orm.log.bind-parameters property