diff --git a/bom/runtime/pom.xml b/bom/runtime/pom.xml
index cb72b10fb197a..fec391821d546 100644
--- a/bom/runtime/pom.xml
+++ b/bom/runtime/pom.xml
@@ -164,7 +164,8 @@
3.0.0
5.3.1
4.7.2
- 1.0.0.Alpha1
+ 1.0.0.Alpha2
+ 1.2
@@ -1125,6 +1126,12 @@
validation-api
${validation-api.version}
+
+
+ javax.interceptor
+ javax.interceptor-api
+ ${javax.interceptor-api.version}
+
javax.ws.rs
javax.ws.rs-api
diff --git a/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesAllowedFilter.java b/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesAllowedFilter.java
index 44ed4f44bc1e6..627847f90f682 100644
--- a/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesAllowedFilter.java
+++ b/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesAllowedFilter.java
@@ -24,7 +24,7 @@ public class RolesAllowedFilter implements ContainerRequestFilter {
private final Set allowedRoles;
private final boolean allRolesAllowed;
- public RolesAllowedFilter(String[] allowedRoles) {
+ public RolesAllowedFilter(String... allowedRoles) {
this.allowedRoles = new HashSet<>(asList(allowedRoles));
this.allRolesAllowed = this.allowedRoles.stream().anyMatch("*"::equals);
}
diff --git a/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesFilterRegistrar.java b/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesFilterRegistrar.java
index 46568e5756d21..2ab5874a363d2 100644
--- a/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesFilterRegistrar.java
+++ b/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesFilterRegistrar.java
@@ -21,6 +21,8 @@
import javax.ws.rs.core.FeatureContext;
import javax.ws.rs.ext.Provider;
+import io.quarkus.security.Authenticated;
+
/**
* A JAXRS provider that installs security filters to support the RBAC access to endpoints based on the
* common security annotations.
@@ -30,7 +32,7 @@ public class RolesFilterRegistrar implements DynamicFeature {
private static final DenyAllFilter denyAllFilter = new DenyAllFilter();
private final Set> mpJwtAnnotations = new HashSet<>(
- asList(DenyAll.class, PermitAll.class, RolesAllowed.class));
+ asList(DenyAll.class, PermitAll.class, RolesAllowed.class, Authenticated.class));
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
@@ -40,6 +42,8 @@ public void configure(ResourceInfo resourceInfo, FeatureContext context) {
configureDenyAll(context);
} else if (mpJwtAnnotation instanceof RolesAllowed) {
configureRolesAllowed((RolesAllowed) mpJwtAnnotation, context);
+ } else if (mpJwtAnnotation instanceof Authenticated) {
+ configureAuthenticated(context);
}
} else {
// the resource method is not annotated and the class is not annotated either
@@ -54,6 +58,10 @@ private void configureRolesAllowed(RolesAllowed mpJwtAnnotation, FeatureContext
context.register(new RolesAllowedFilter(mpJwtAnnotation.value()));
}
+ private void configureAuthenticated(FeatureContext context) {
+ context.register(new RolesAllowedFilter("*"));
+ }
+
private void configureDenyAll(FeatureContext context) {
context.register(denyAllFilter);
}
diff --git a/extensions/security/runtime/pom.xml b/extensions/security/runtime/pom.xml
index e4e9e83c40098..eff2fd7584efe 100644
--- a/extensions/security/runtime/pom.xml
+++ b/extensions/security/runtime/pom.xml
@@ -18,6 +18,10 @@
io.quarkus
quarkus-arc
+
+ javax.interceptor
+ javax.interceptor-api
+
com.oracle.substratevm
svm
diff --git a/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java b/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java
index 4afb9d08098e1..bfb0c7300e750 100644
--- a/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java
+++ b/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java
@@ -53,6 +53,25 @@ public void callEchoNoAuth() {
.statusCode(HttpURLConnection.HTTP_UNAUTHORIZED);
}
+ @Test()
+ public void testAuthenticatedAnnotation() {
+ RestAssured.given()
+ .when()
+ .queryParam("input", "hello")
+ .get("/endp/authenticated")
+ .then()
+ .statusCode(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ io.restassured.response.Response response = RestAssured.given().auth()
+ .oauth2(token)
+ .when()
+ .get("/endp/authenticated").andReturn();
+
+ Assertions.assertEquals(HttpURLConnection.HTTP_OK, response.getStatusCode());
+ String replyString = response.body().asString();
+ Assertions.assertEquals("jdoe@example.com", replyString);
+ }
+
/**
* Validate a request without an MP-JWT to unsecured endpoint has HTTP_OK with expected response
*/
diff --git a/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesEndpoint.java b/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesEndpoint.java
index f4bfab980016b..949c5b468b1d0 100644
--- a/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesEndpoint.java
+++ b/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesEndpoint.java
@@ -20,6 +20,8 @@
import org.eclipse.microprofile.jwt.ClaimValue;
import org.eclipse.microprofile.jwt.JsonWebToken;
+import io.quarkus.security.Authenticated;
+
@Path("/endp")
@DenyAll
@RequestScoped
@@ -124,6 +126,16 @@ public String getReasonPhrase() {
return response;
}
+ @GET
+ @Path("/authenticated")
+ @Authenticated
+ public String checkAuthenticated(@Context SecurityContext sec) {
+ if (sec.getUserPrincipal() != null) {
+ return sec.getUserPrincipal().getName();
+ }
+ return "FAILED";
+ }
+
@GET
@Path("/getInjectedPrincipal")
@RolesAllowed("Tester")