Failing to apply @SecureField to a generic with nested objects. #44646
Labels
Comments
|
/cc @FroMage (rest), @geoand (rest), @pedroigor (bearer-token), @sberyozkin (bearer-token,jwt,security), @stuartwdouglas (rest) |
|
Thanks @suchwerk . I know what you mean by the issue title and description, but in case someone else reads this - this is scenario with generics and nested objects. We do have plenty of tests for nested objects alone, though as we discussed, detection can get real tricky. |
suchwerk
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
In nested objects @SecureField has no effect. The price field is annotated with: @SecureField(rolesAllowed = "admin") but its still visible in the response also if the user has no admin role
Expected behavior
Expected Result: The test should pass with the following assertions:
With admin credentials (alice), the response should have a status code of 200 and the price field should be 1.0.
Without admin credentials (bob), the response should have a status code of 200 and the price field should be null.
Actual behavior
Actual Result: The test fails because the price field value does not match the expected values.
How to Reproduce?
https://github.com/suchwerk/secure-field-nested-issue
run the test
Output of
uname -aorverNo response
Output of
java -version21
Quarkus version or git rev
3.16.4
Build tool (ie. output of
mvnw --versionorgradlew --version)No response
Additional information
No response
The text was updated successfully, but these errors were encountered: