The GitHub Actions job "Required Checks" on texera.git/gh-readonly-queue/main/pr-5049-5e569568606a204070040b1521210cc9d853bc10 has succeeded. Run started by GitHub user Yicong-Huang (triggered by Yicong-Huang).
Head commit for run: d1cf4ebde7f49346533e3c9506013f97c7fef88f / Matthew B. <[email protected]> fix: enforce @RolesAllowed on microservice resources (#5049) ### What changes were proposed in this PR? `@RolesAllowed` annotations on `config-service`, `computing-unit-managing-service`, and `workflow-compiling-service` resources were decorative because none of these services registered Jersey's `RolesAllowedDynamicFeature`. This PR registers that feature in each service's `run(...)`. For `workflow-compiling-service`, which was not registering JWT auth at all, this PR also registers `AuthDynamicFeature(JwtAuthFilter)` and the `SessionUser` `AuthValueFactoryProvider.Binder`, and adds `Auth` as an sbt dependency for the module. `access-control-service` and `file-service` use no `@RolesAllowed` today and were intentionally left alone to keep the change minimal. ### Any related issues, documentation, or discussions? Closes: #4904 ### How was this PR tested? Added `ConfigServiceRunSpec` (mirrors `AccessControlServiceRunSpec`) that mocks the Jersey environment and verifies `RolesAllowedDynamicFeature` is registered when `ConfigService.run` runs. The same one-line registration applies to the other two services; tests there would require either refactoring `SqlServer.initConnection` out of `run` or static-mocking the Scala `SqlServer` object, both of which are larger than the fix itself, so they are out of scope. Manual verification via the reproduction in the issue (low-role JWT against an annotated endpoint should now return 403; unauthenticated request to `WorkflowCompilationResource` should now return 401). ### Was this PR authored or co-authored using generative AI tooling? Co-authored with Claude Opus 4.7 in compliance with ASF Report URL: https://github.com/apache/texera/actions/runs/26344920391 With regards, GitHub Actions via GitBox
