Skip to content
This repository was archived by the owner on May 14, 2025. It is now read-only.

Commit 527c13c

Browse files
ilayaperumalgilayaperumalg
committed
Authenticate Skipper GET endpoints
 - Assign VIEW role for the Skipper GET REST endpoints under `/streams/deployments` - Update tests Resolves #1814
1 parent ec823c4 commit 527c13c

File tree

3 files changed

+13
-0
lines changed

3 files changed

+13
-0
lines changed

spring-cloud-dataflow-server-core/src/main/resources/META-INF/dataflow-server-defaults.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ spring:
8686
- DELETE /streams/deployments/* => hasRole('ROLE_CREATE')
8787
- DELETE /streams/deployments => hasRole('ROLE_CREATE')
8888
- POST /streams/deployments/** => hasRole('ROLE_CREATE')
89+
- GET /streams/deployments/** => hasRole('ROLE_VIEW')
8990

9091
# Task Definitions
9192

spring-cloud-starter-dataflow-server-local/src/test/java/org/springframework/cloud/dataflow/server/local/security/LocalServerSecurityWithSingleUserTests.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -308,6 +308,12 @@ public static Collection<Object[]> data() {
308308
{ HttpMethod.POST, HttpStatus.NOT_FOUND, "/streams/deployments/my-stream", singleUser, null },
309309
{ HttpMethod.POST, HttpStatus.UNAUTHORIZED, "/streams/deployments/my-stream", null, null },
310310

311+
{ HttpMethod.GET, HttpStatus.UNAUTHORIZED, "/streams/deployments/history/my-stream/2", null, null },
312+
313+
{ HttpMethod.GET, HttpStatus.UNAUTHORIZED, "/streams/deployments/manifest/my-stream/2", null, null },
314+
315+
{ HttpMethod.GET, HttpStatus.UNAUTHORIZED, "/streams/deployments/platform/list", null, null },
316+
311317
/* TaskDefinitionController */
312318

313319
{ HttpMethod.POST, HttpStatus.BAD_REQUEST, "/tasks/definitions", singleUser,

spring-cloud-starter-dataflow-server-local/src/test/java/org/springframework/cloud/dataflow/server/local/security/LocalServerSecurityWithUsersFileTests.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -448,6 +448,12 @@ public static Collection<Object[]> data() {
448448
{ HttpMethod.POST, HttpStatus.NOT_FOUND, "/streams/deployments/my-stream", createOnlyUser, null },
449449
{ HttpMethod.POST, HttpStatus.UNAUTHORIZED, "/streams/deployments/my-stream", null, null },
450450

451+
{ HttpMethod.GET, HttpStatus.UNAUTHORIZED, "/streams/deployments/history/my-stream/2", null, null },
452+
453+
{ HttpMethod.GET, HttpStatus.UNAUTHORIZED, "/streams/deployments/manifest/my-stream/2", null, null },
454+
455+
{ HttpMethod.GET, HttpStatus.UNAUTHORIZED, "/streams/deployments/platform/list", null, null },
456+
451457
/* TaskDefinitionController */
452458

453459
{ HttpMethod.POST, HttpStatus.FORBIDDEN, "/tasks/definitions", manageOnlyUser,

0 commit comments

Comments
 (0)