diff --git a/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java b/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java index 0b04ffdcffcad..cb16d7a104001 100644 --- a/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java +++ b/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java @@ -199,7 +199,7 @@ private ResultHandle paramTypes(MethodCreator ctor, List parameters) { ResultHandle result = ctor.newArray(String.class, ctor.load(parameters.size())); for (int i = 0; i < parameters.size(); i++) { - ctor.writeArrayValue(result, i, ctor.load(parameters.get(i).toString())); + ctor.writeArrayValue(result, i, ctor.load(parameters.get(i).name().toString())); } return result; diff --git a/integration-tests/main/src/main/java/io/quarkus/it/rest/RBACSecuredResource.java b/integration-tests/main/src/main/java/io/quarkus/it/rest/RBACSecuredResource.java index 7234d40d2f6f1..9352665271f15 100644 --- a/integration-tests/main/src/main/java/io/quarkus/it/rest/RBACSecuredResource.java +++ b/integration-tests/main/src/main/java/io/quarkus/it/rest/RBACSecuredResource.java @@ -4,8 +4,12 @@ import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.inject.Inject; +import javax.validation.Valid; import javax.ws.rs.GET; import javax.ws.rs.Path; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.SecurityContext; +import javax.ws.rs.core.UriInfo; import io.quarkus.security.Authenticated; @@ -25,6 +29,14 @@ public String forTesterOnly() { return "forTesterOnly"; } + @GET + @RolesAllowed("tester") + @Path("forTesterOnlyWithMethodParamAnnotations") + public String forTesterOnlyWithMethodParamAnnotations(@Context SecurityContext ctx, @Context UriInfo uriInfo, + @Valid String message) { + return "forTesterOnlyWithMethodParamAnnotations"; + } + @GET @DenyAll @Path("denied") diff --git a/integration-tests/main/src/test/java/io/quarkus/it/main/RBACAccessTest.java b/integration-tests/main/src/test/java/io/quarkus/it/main/RBACAccessTest.java index df8426145dba5..96b0ae4b58dd9 100644 --- a/integration-tests/main/src/test/java/io/quarkus/it/main/RBACAccessTest.java +++ b/integration-tests/main/src/test/java/io/quarkus/it/main/RBACAccessTest.java @@ -25,6 +25,15 @@ public void shouldRestrictAccessToSpecificRole() { Optional.of("forTesterOnly")); } + @Test + public void shouldRestrictAccessToSpecificRoleAndMethodParameterAnnotationsShouldntAffectAnything() { + String path = "/rbac-secured/forTesterOnlyWithMethodParamAnnotations"; + assertForAnonymous(path, 401, Optional.empty()); + assertStatusAndContent(RestAssured.given().auth().preemptive().basic("stuart", "test"), path, 403, Optional.empty()); + assertStatusAndContent(RestAssured.given().auth().preemptive().basic("scott", "jb0ss"), path, 200, + Optional.of("forTesterOnlyWithMethodParamAnnotations")); + } + @Test public void shouldFailToAccessForbidden() { assertForAnonymous("/rbac-secured/denied", 401, Optional.empty());