micronaut-graphql
micronaut-graphql copied to clipboard
micronaut-projects
Secured Annotation is not fired on @GraphQLQuery and @GraphQLMutation
Thanks for reporting an issue, please review the task list below before submitting the issue. Your issue report will be closed if the issue is incomplete and the below tasks not completed.
NOTE: If you are unsure about something and the issue is more of a question a better place to ask questions is on Stack Overflow (https://stackoverflow.com/tags/micronaut) or Gitter (https://gitter.im/micronautfw/). DO NOT use the issue tracker to ask questions.
Task List
- [x] Steps to reproduce provided
- [x] Stacktrace (if present) provided
- [x] Example that reproduces the problem uploaded to Github
- [x] Full description of the issue provided (see below)
Steps to Reproduce
- Launch the app : https://github.com/fabienmifsud/micronaut-crud
- Execute a graphQL query : POST : http://localhost:8080/graphql
query readClients {
clients{
id,
name,
email,
dateOfBirth
}
}
With Basic Authent standardUser/standardUser 3. The query response is a 403 forbidden because all @Secured annotations are not triggered (only the path /graphql is triggered when debugging SecuredAnnotationRule class)
Expected Behaviour
The secured & RolesAllowed annotations on ClientService should be interpreted.
Actual Behaviour
The secured & RolesAllowed annotations on ClientService are not interpreted and since graphql use the same url for all the queries, it is not possible to secured specificaly some queries or mutations.
Environment Information
- Operating System: Linux
- Micronaut Version: 2.3.4
- JDK Version: OpenJDK 8
Example Application
- https://github.com/fabienmifsud/micronaut-crud
