Re: [PR] fix: enforce @RolesAllowed on microservice resources [texera]

via GitHub Sat, 23 May 2026 19:55:41 -0700


carloea2 commented on PR #5049:
URL: https://github.com/apache/texera/pull/5049#issuecomment-4527214062


   The frontend bootstrap calls ConfigService before login:
   
   ```text
   GET /api/config/gui
   GET /api/config/user-system
   ```
   
   After latest `upstream/main`, these endpoints may now require `REGULAR` / 
`ADMIN`, so they can return `403` when no token exists yet. The UI then shows 
the generic Configuration Error even though ConfigService is running.
   
   Small possible fix: allow only those bootstrap endpoints:
   
   ```scala
   import jakarta.annotation.security.PermitAll
   
   @PermitAll
   @Path("/gui")
   
   @PermitAll
   @Path("/user-system")
   ```
   
   Check:
   
   ```text
   /api/config/gui -> should return 200
   /api/config/user-system -> should return 200
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] fix: enforce @RolesAllowed on microservice resources [texera]

Reply via email to