Skip to content

Qute: Option to disable auto generation of @Named bean ValueResolver #47116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gbourant opened this issue Apr 1, 2025 · 2 comments
Open

Qute: Option to disable auto generation of @Named bean ValueResolver #47116

gbourant opened this issue Apr 1, 2025 · 2 comments
Labels
area/qute The template engine kind/enhancement New feature or request

Comments

@gbourant
Copy link

gbourant commented Apr 1, 2025

Description

At the moment, Qute generates ValueResolver for all @Named beans. This could a bad thing for some cases in which it could potentially leak secrets to Qute templates.

Consider the following example:

public class SafeTokenProvider {
    @Produces
    @Named("safe-token-public-key")
    protected PublicKey initSafeTokenPublicKey() {
        return getPublicKey(Path.of(safeTokenPublicKeyLocation));
    }

    @Produces
    @Named("safe-token-private-key")
    protected PrivateKey initSafeTokenPrivateKey() {
        return getPrivateKey(Path.of(safeTokenPrivateKeyLocation));
    }
}

Now, we can inject the Public and Private keys in Qute templates.

Implementation ideas

No response
@gbourant gbourant added the kind/enhancement New feature or request label Apr 1, 2025
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Apr 1, 2025

/cc @mkouba (qute)

@quarkus-bot quarkus-bot bot added the area/qute The template engine label Apr 1, 2025
@mkouba
Copy link
Contributor

mkouba commented Apr 1, 2025

Well, the whole idea of bean names (and @Named) is to make CDI beans accessible in non-typesafe environments, such as templates and EL. So if you don't want to use the beans in such environments then do not use bean names/@Named 🤷.

In other words, I don't think this is a valid requirement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/qute The template engine kind/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkouba @gbourant