Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@RolesAllowed doesn't respect comma escapes in property values #37390

Closed
coiouhkc opened this issue Nov 29, 2023 · 4 comments
Closed

@RolesAllowed doesn't respect comma escapes in property values #37390

coiouhkc opened this issue Nov 29, 2023 · 4 comments
Labels
area/security kind/bug Something isn't working

Comments

@coiouhkc
Copy link
Contributor

coiouhkc commented Nov 29, 2023
edited
Loading

Describe the bug

When using @RolesAllowed("${admin}") syntax, cannot use LDAP groups as roles, since comma escaping in property value (to prevent parsing it as list instead of single entry).

Also related (initial implementation?): #33982

See https://quarkusio.zulipchat.com/#narrow/stream/187030-users/topic/.E2.9C.94.20RolesAllowed.20annotation.20value.20containing.20comma

Expected behavior

Escape syntax of smallrye-config is respected

Actual behavior

Escape syntax of smallrye-config is respected

How to Reproduce?

See linked PR for additional test.

Output of uname -a or ver

No response

Output of java -version

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response
@coiouhkc coiouhkc added the kind/bug Something isn't working label Nov 29, 2023
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Nov 29, 2023

You added a link to a Zulip discussion, please make sure the description of the issue is comprehensive and doesn't require accessing Zulip

This message is automatically generated by a bot.

coiouhkc pushed a commit to coiouhkc/quarkus that referenced this issue Nov 29, 2023
quarkusio#37390 = respect comma in property value for @RolesAllowed u…
45ba2f9 
…sing double-escape
@coiouhkc coiouhkc mentioned this issue Nov 29, 2023
Closed
@coiouhkc
Copy link
Contributor Author

@sberyozkin @michalvavrik

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Nov 30, 2023

/cc @pedroigor (bearer-token), @sberyozkin (bearer-token,jwt,security)

coiouhkc pushed a commit to coiouhkc/quarkus that referenced this issue Nov 30, 2023
quarkusio#37390 = respect comma in property value for @RolesAllowed u…
58014b3 
…sing double-escape
coiouhkc pushed a commit to coiouhkc/quarkus that referenced this issue Nov 30, 2023
@coiouhkc
quarkusio#37390 = respect comma in property value for @RolesAllowed u…
b045e66 
…sing double-escape
@coiouhkc coiouhkc mentioned this issue Nov 30, 2023
Merged
@sberyozkin
Copy link
Member

Fixed by #37436

gsmet pushed a commit to gsmet/quarkus that referenced this issue Dec 1, 2023
@gsmet
quarkusio#37390 = respect comma in property value for @RolesAllowed u…
092fb9c 
…sing double-escape

(cherry picked from commit b045e66)
holly-cummins pushed a commit to holly-cummins/quarkus that referenced this issue Feb 8, 2024
@holly-cummins
quarkusio#37390 = respect comma in property value for @RolesAllowed u…
0b9f64f 
…sing double-escape
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sberyozkin @coiouhkc @geoand