Yicong-Huang opened a new issue, #5301: URL: https://github.com/apache/texera/issues/5301
### Task Summary Follow-up to #5199. The microservices now register `RolesAllowedDynamicFeature`, which enforces `@RolesAllowed` *when present* but does nothing for an endpoint that has no role annotation at all — that endpoint is silently public. The `*RunSpec` mock tests in #5199 only verify the feature is registered; they cannot catch a newly added method that forgot a role annotation. Add a startup-time check that scans every Jersey resource registered on `environment.jersey()` and asserts every HTTP-mapped method (`@GET` / `@POST` / `@PUT` / `@DELETE` / `@PATCH` / `@HEAD` / `@OPTIONS`) carries one of `@RolesAllowed`, `@PermitAll`, or `@DenyAll` (taking class-level annotations into account). Fail fast — log + throw — if any method is unannotated. This turns "I forgot to annotate" from a silent open hole into a startup error, which is the regression `ConfigResourceAuthSpec` partly guards against today but only for the endpoints it knows about. ### Task Type - [x] DevOps / Deployment / CI -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
