Ma77Ball opened a new issue, #5742: URL: https://github.com/apache/texera/issues/5742
### Task Summary Follow-up to #5199 / #5301. The microservices register `RolesAllowedDynamicFeature`, which enforces `@RolesAllowed` only when it is present; an HTTP-mapped resource method with no `@RolesAllowed`/`@PermitAll`/`@DenyAll` (and no class-level equivalent) is silently public, and the `*RunSpec` mock tests only verify the feature is registered, so a newly added method that forgot a role annotation passes CI unnoticed. Add a startup-time check that scans every Jersey resource registered on `environment.jersey()` and asserts every HTTP-mapped method (`@GET`/`@POST`/`@PUT`/`@DELETE`/`@PATCH`/`@HEAD`/`@OPTIONS`) carries one of `@RolesAllowed`/`@PermitAll`/`@DenyAll` (taking class-level annotations into account), failing fast (log + throw) if any method is unannotated. Scope is the five microservices from #5199 (config, access-control, computing-unit-managing, workflow-compiling, file); amber is out of scope because its pre-existing endpoints are not all annotated yet. ### Task Type - [x] DevOps / Deployment / CI -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
