quarkus: RolesAllowed annotations on interface are ignored
Describe the bug
The @RolesAllowed annotation on the interface method that describes the REST API is ignored. The only way to enable the role check is to add the annotation on the class method of the API implementation.
Expected behavior
Usually the description of the API (Swagger, input/output, queryparams and other API descriptions are placed on the interface method to make the implementation cleaner.
Actual behavior
Every call to an api annotated with @RolesAllowed on the interface method is managed as @PermitAll behavior
To Reproduce
security-openid-connect-quickstart.zip
Link to a small reproducer (preferably a Maven project if the issue is not Gradle-specific).
Or attach an archive containing the reproducer to the issue.
Steps to reproduce the behavior:
- Follow quarkus quickstart https://github.com/quarkusio/quarkus-quickstarts/tree/main/security-openid-connect-quickstart using the attached zip project
- See that /api/users/me is called without errors
Configuration
Screenshots
Environment (please complete the following information):
Output of uname -a or ver
Linux 2019-150507 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Output of java -version
OpenJDK 64-Bit Server VM (build 11.0.10+9-Ubuntu-0ubuntu1.20.04, mixed mode)
GraalVM version (if different from Java)
Quarkus version or git rev
1.13.2.Final
Build tool (ie. output of mvnw --version or gradlew --version)
OS name: “linux”, version: “5.4.72-microsoft-standard-wsl2”, arch: “amd64”, family: “unix”
Additional context
(Add any other context about the problem here.)
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 17 (14 by maintainers)
Hi @hellcats88 I’ve updated the subject to make it more specific as it does not only apply to OIDC but to the authorization layer in general