Implementation of Rule to check for Authorization

RolesAllowed, PermitAll are not checked with the sonar.

Example from the page:

Run the sonarQube:

@Path("subject")
public class SubjectExposingResource {

    @GET
    @Path("secured")
    @RolesAllowed("Tester") 
    public String getSubjectSecured(@Context SecurityContext sec) {
        Principal user = sec.getUserPrincipal(); 
        String name = user != null ? user.getName() : "anonymous";
        return name;
    }

    @GET
    @Path("unsecured")
    @PermitAll 
    public String getSubjectUnsecured(@Context SecurityContext sec) {
        Principal user = sec.getUserPrincipal(); 
        String name = user != null ? user.getName() : "anonymous";
        return name;
    }

    @GET
    @Path("denied")
    @DenyAll 
    public String getSubjectDenied(@Context SecurityContext sec) {
        Principal user = sec.getUserPrincipal();
        String name = user != null ? user.getName() : "anonymous";
        return name;
    }
}

Expected:

Sonar checks tests for RolesAllowed

Actual:

Sonar doesn’t check Authentification tests

Hello @Tusenka,

Thanks for your feedback. We don’t support Quarkus yet but we have it on our radar for later like Micronaut or Eclipse Vert.x. It’s true that it’s not very visible in our SonarQube Portal so I’ll fix it to allow more users to vote to have it supported.

Alex

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.