quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.76k stars 2.67k forks source link

@SecureField add expression support #36804

Closed Serkan80 closed 11 months ago

Serkan80 commented 1 year ago

Description

Currenty @SecureField only supports hardcoded roles and it would be nice if this could be aligned with how @RolesAllowed works, namely with expressions support.

This also causes problems in combination with @RolesAllowed when the latter uses expressions and when the app is deployed on certain environments then the dynamic role is not available in SecureField.

If implemented, then please make this also available on the LTS version.

Implementation ideas

This should be possible:

@SecureField(roles=‘${maintainer.role}’, ‘roleA’)

quarkus-bot[bot] commented 1 year ago

/cc @pedroigor (bearer-token)

michalvavrik commented 11 months ago

If implemented, then please make this also available on the LTS version.

Sorry, probably not possible. I think new feature like this does not qualify for backports.

geoand commented 11 months ago

I think new feature like this does not qualify for backports.

I definitely agree

Serkan80 commented 11 months ago

If implemented, then please make this also available on the LTS version.

Sorry, probably not possible. I think new feature like this does not qualify for backports.

I thought that security fixes & enhancements would also be backported to the LTS version ?

Anyways, thx for the effort for implementing this feature! Very appreciated !

geoand commented 11 months ago

This is a new feature, not a fix for a security issue