The GitHub Actions job "Required Checks" on texera.git/fix/roles-allowed-redo has failed. Run started by GitHub user Yicong-Huang (triggered by Yicong-Huang).
Head commit for run: 28e29d4a0e0ee8637ae38c7540b6a0e3c18b4254 / Yicong Huang <[email protected]> fix(auth): pin JwtAuthFilter to Priorities.AUTHENTICATION so it runs before RolesAllowed enforcement Without an explicit @Priority, JwtAuthFilter defaulted to Priorities.USER (5000) while Jersey's RolesAllowedRequestFilter sits at AUTHORIZATION (2000), so the role check ran *before* the JWT was parsed. Result: every @RolesAllowed endpoint on config-service, computing-unit-managing-service, and workflow-compiling-service rejected even valid admin JWTs with 403 ("User not authorized.") instead of letting the request through. Tagging the filter with @Priority(Priorities.AUTHENTICATION) restores the standard auth → authz ordering that amber's toastshaman-based path gets implicitly via AuthFilter. ConfigResourceAuthSpec gains a positive-direction test that mints a valid admin token via JwtAuth.jwtToken and asserts 200 from an @RolesAllowed probe — without it, the no-auth-403 case still passes regardless of the priority bug, which is how the regression slipped through the original spec. Adds jakarta.annotation-api to common/auth deps for the @Priority symbol. Report URL: https://github.com/apache/texera/actions/runs/26726789671 With regards, GitHub Actions via GitBox
