[3.8] Perform security checks on inherited endpoints before payload deserialization in the RESTEasy Reactive

Open michalvavrik opened this issue 1 year ago • 3 comments

backports https://github.com/quarkusio/quarkus/pull/38832 with resolved conflicts (only difference is lazyMethod.getActualDeclaringClassName() moved to the EagerSecurityHandler).

It is desirable to backport this to 3.7 as well.

Feb 19 '24 09:02 michalvavrik

Thanks for your pull request!

The title of your pull request does not follow our editorial rules. Could you have a look?

title should preferably start with an uppercase character (if it makes sense!)

_{This message is automatically generated by a bot.}

Feb 19 '24 09:02 quarkus-bot[bot]

backport to 3.2 can't be done without conflicts, so I'll create a separate PR.

Feb 19 '24 09:02 michalvavrik

Status for workflow `Quarkus CI`

This is the status report for running Quarkus CI on commit 37834cb44a0bc5101cdf60922c8dd0301efac822.

:white_check_mark: The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

Feb 19 '24 12:02 quarkus-bot[bot]

FYI @gsmet I have created dedicated PR because original commit could not be backported without conflicts. Same goes for 3.2 branch.

Feb 19 '24 15:02 michalvavrik

quarkus quarkus copied to clipboard

[3.8] Perform security checks on inherited endpoints before payload deserialization in the RESTEasy Reactive

Status for workflow Quarkus CI

quarkus
quarkus copied to clipboard

Status for workflow `Quarkus CI`