quarkus-security extension clarifications
28 views
Skip to first unread message
Emmanuel Bernard
Oct 30, 2019, 12:14:37 PM10/30/19
to Quarkus Development mailing list
Hey security guys,
What is quarkus-security extension supposed to do and be exposed to the
user?
Should quarkus-security be a unlisted extension? Or should it be
selectable in code.quarkus.io?
If it should be selectable, I found zero reference in our .adoc so we
need to fix that.
Also I see a
<quarkus-security.version>1.0.0.Beta1</quarkus-security.version> and
some ${quarkus-security.version} which are in a few places. Why is that?
Emmanuel
What is quarkus-security extension supposed to do and be exposed to the
user?
Should quarkus-security be a unlisted extension? Or should it be
selectable in code.quarkus.io?
If it should be selectable, I found zero reference in our .adoc so we
need to fix that.
Also I see a
<quarkus-security.version>1.0.0.Beta1</quarkus-security.version> and
some ${quarkus-security.version} which are in a few places. Why is that?
Emmanuel
Sergey Beryozkin
Oct 30, 2019, 12:54:42 PM10/30/19
to Emmanuel Bernard, Quarkus Development mailing list
I was going to say it was a base extension for a number of other security related extensions, but noticed it had CDI interceptors in it. Still it should likely not be selectable on its own, as without any of the elytron-security-* or oidc modules teher would be no roles to enforce, unless Michal or Stuart are aware of some independent use cases :-)
Thanks, Sergey
--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/E16A14EC-2893-4131-8CCE-4F81CC3981E8%40redhat.com.
Michal Szynkiewicz
Oct 30, 2019, 3:03:20 PM10/30/19
to Sergey Beryozkin, Emmanuel Bernard, Quarkus Development mailing list
On Wed, Oct 30, 2019 at 5:55 PM Sergey Beryozkin <sbia...@redhat.com> wrote:
I was going to say it was a base extension for a number of other security related extensions, but noticed it had CDI interceptors in it. Still it should likely not be selectable on its own, as without any of the elytron-security-* or oidc modules teher would be no roles to enforce, unless Michal or Stuart are aware of some independent use cases :-)
I'm not
Thanks, Sergey--On Wed, Oct 30, 2019 at 4:14 PM Emmanuel Bernard <eber...@redhat.com> wrote:Hey security guys,
What is quarkus-security extension supposed to do and be exposed to the
user?
Should quarkus-security be a unlisted extension? Or should it be
selectable in code.quarkus.io?
If it should be selectable, I found zero reference in our .adoc so we
need to fix that.
Also I see a
<quarkus-security.version>1.0.0.Beta1</quarkus-security.version> and
some ${quarkus-security.version} which are in a few places. Why is that?
Emmanuel
--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/E16A14EC-2893-4131-8CCE-4F81CC3981E8%40redhat.com.
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAMsYBfVt14RF56r1dKhm8j5dtWPiZ1M08x324K%2Bh90SGsJ4zgQ%40mail.gmail.com.
Sebastien Blanc
Oct 30, 2019, 3:14:25 PM10/30/19
to Siarhei Biarozkin, Emmanuel Bernard, Quarkus Development mailing list
It's just my opinion but I think quarkus-security should be part of core Quarkus (or at least appears as a core feature, even if it's an extension under the hood).
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAMsYBfVt14RF56r1dKhm8j5dtWPiZ1M08x324K%2Bh90SGsJ4zgQ%40mail.gmail.com.
Stuart Douglas
Oct 30, 2019, 7:30:36 PM10/30/19
to Quarkus Development mailing list
The security extension provides low level security support, it is not usable on its own. It should definitely not be listed as user selectable or show up in the reference guides.
Think of it as the plumbing that ties different aspects of security together, without actually providing any concrete features (e.g. it manages all the different identity stores, but does not provide any, it handles RBAC for CDI beans, it handles propagation of the SecurityIdentity).
Somewhat confusingly we also have https://github.com/quarkusio/quarkus-security which provides the user facing core API's. I intended to revisit the naming but basically just forgot about it n the rush to get everything done. Maybe we should just move this code directly into Quarkus for now?
Reply all
Reply to author
Forward
0 new messages