Skip to content

Commit

Permalink
Merge pull request #32505 from sberyozkin/oidc_reactive_filter_throw_…
Browse files Browse the repository at this point in the history
…exception

Throw the exception if OIDC client fails to acquire the token
  • Loading branch information
geoand authored Apr 11, 2023
2 parents 2dc821e + c3a9660 commit bab6ca8
Show file tree
Hide file tree
Showing 10 changed files with 119 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.client.ClientRequestFilter;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;

import org.jboss.logging.Logger;

Expand All @@ -26,10 +25,11 @@ public void filter(ClientRequestContext requestContext) throws IOException {
final String accessToken = getAccessToken();
requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, BEARER_SCHEME_WITH_SPACE + accessToken);
} catch (DisabledOidcClientException ex) {
requestContext.abortWith(Response.status(500).build());
LOG.debug("Client is disabled, aborting the request");
throw ex;
} catch (Exception ex) {
LOG.debugf("Access token is not available, aborting the request with HTTP 401 error: %s", ex.getMessage());
requestContext.abortWith(Response.status(401).build());
LOG.debugf("Access token is not available, cause: %s, aborting the request", ex.getMessage());
throw (ex instanceof RuntimeException) ? (RuntimeException) ex : new RuntimeException(ex);
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import java.util.function.Consumer;

import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;

import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.client.spi.ResteasyReactiveClientRequestContext;
Expand Down Expand Up @@ -40,13 +39,11 @@ public void accept(Tokens tokens) {
@Override
public void accept(Throwable t) {
if (t instanceof DisabledOidcClientException) {
LOG.debug("Client is disabled");
requestContext.abortWith(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
LOG.debug("Client is disabled, aborting the request");
} else {
LOG.debugf("Access token is not available, aborting the request with HTTP 401 error: %s", t.getMessage());
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
LOG.debugf("Access token is not available, cause: %s, aborting the request", t.getMessage());
}
requestContext.resume();
requestContext.resume((t instanceof RuntimeException) ? t : new RuntimeException(t));
}
});
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package io.quarkus.it.keycloak;

import java.util.function.Function;

import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
Expand All @@ -23,6 +25,10 @@ public class FrontendResource {
@RestClient
ProtectedResourceServiceNamedFilter protectedResourceServiceNamedFilter;

@Inject
@RestClient
MisconfiguredClientFilter misconfiguredClientFilter;

@GET
@Path("userNameCustomFilter")
@Produces("text/plain")
Expand All @@ -43,4 +49,19 @@ public Uni<String> userNameReactive() {
public Uni<String> userNameNamedFilter() {
return protectedResourceServiceNamedFilter.getUserName();
}

@GET
@Path("userNameMisconfiguredClientFilter")
@Produces("text/plain")
public Uni<String> userNameMisconfiguredClientFilter() {
return misconfiguredClientFilter.getUserName().onFailure(Throwable.class)
.recoverWithItem(new Function<Throwable, String>() {

@Override
public String apply(Throwable t) {
return t.getMessage();
}

});
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package io.quarkus.it.keycloak;

import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;

import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import io.quarkus.oidc.client.filter.OidcClientFilter;
import io.smallrye.mutiny.Uni;

@RegisterRestClient
@OidcClientFilter("misconfigured-client")
@Path("/")
public interface MisconfiguredClientFilter {

@GET
@Produces("text/plain")
@Path("userNameReactive")
Uni<String> getUserName();
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,17 @@ quarkus.oidc-client.named-client.grant.type=password
quarkus.oidc-client.named-client.grant-options.password.username=jdoe
quarkus.oidc-client.named-client.grant-options.password.password=jdoe

quarkus.oidc-client.misconfigured-client.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client.misconfigured-client.client-id=${quarkus.oidc.client-id}
quarkus.oidc-client.misconfigured-client.credentials.secret=${quarkus.oidc.credentials.secret}
quarkus.oidc-client.misconfigured-client.grant.type=password
quarkus.oidc-client.misconfigured-client.grant-options.password.username=jdoe
quarkus.oidc-client.misconfigured-client.grant-options.password.password=bob

io.quarkus.it.keycloak.ProtectedResourceServiceCustomFilter/mp-rest/url=http://localhost:8081/protected
io.quarkus.it.keycloak.ProtectedResourceServiceReactiveFilter/mp-rest/url=http://localhost:8081/protected
io.quarkus.it.keycloak.ProtectedResourceServiceNamedFilter/mp-rest/url=http://localhost:8081/protected
io.quarkus.it.keycloak.MisconfiguredClientFilter/mp-rest/url=http://localhost:8081/protected

quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientImpl".min-level=TRACE
quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientImpl".level=TRACE
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import static org.awaitility.Awaitility.await;
import static org.awaitility.Awaitility.given;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.junit.jupiter.api.Assertions.assertEquals;

Expand Down Expand Up @@ -44,6 +45,15 @@ public void testGetUserNameNamedFilter() {
.body(equalTo("jdoe"));
}

@Test
public void testGetUserNameMisconfiguredClientFilter() {
RestAssured.given().header("Accept", "text/plain")
.when().get("/frontend/userNameMisconfiguredClientFilter")
.then()
.statusCode(200)
.body(containsString("invalid_grant"));
}

@Test
public void testGetUserNameReactive() {
RestAssured.given().header("Accept", "text/plain")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;

import org.eclipse.microprofile.context.ManagedExecutor;
import org.eclipse.microprofile.rest.client.inject.RestClient;
Expand All @@ -29,6 +30,10 @@ public class FrontendResource {
@RestClient
ProtectedResourceServiceNonDefaultOidcClient protectedResourceServiceNonDefaultOidcClient;

@Inject
@RestClient
MisconfiguredClientFilter misconfiguredClientFilter;

@Inject
ManagedExecutor managedExecutor;

Expand All @@ -47,6 +52,17 @@ public String userNameNonDefaultOidcClient() {
return protectedResourceServiceNonDefaultOidcClient.getUserName();
}

@GET
@Path("userNameMisconfiguredClientFilter")
@Produces("text/plain")
public String userNameMisconfiguredClientFilter() {
try {
return misconfiguredClientFilter.getUserName();
} catch (Throwable t) {
return t.getMessage();
}
}

@GET
@Path("userOidcClientManagedExecutor")
public String userNameOidcClientManagedExecutor() throws Exception {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package io.quarkus.it.keycloak;

import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import io.quarkus.oidc.client.filter.OidcClientFilter;

@RegisterRestClient
@OidcClientFilter("misconfigured-client")
@Path("/")
public interface MisconfiguredClientFilter {

@GET
String getUserName();
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,14 @@ quarkus.oidc-client.named.grant.type=password
quarkus.oidc-client.named.grant-options.password.username=alice
quarkus.oidc-client.named.grant-options.password.password=alice

quarkus.oidc-client.misconfigured-client.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client.misconfigured-client.client-id=${quarkus.oidc.client-id}
quarkus.oidc-client.misconfigured-client.credentials.secret=${quarkus.oidc.credentials.secret}
quarkus.oidc-client.misconfigured-client.grant.type=password
quarkus.oidc-client.misconfigured-client.grant-options.password.username=jdoe
quarkus.oidc-client.misconfigured-client.grant-options.password.password=bob
quarkus.oidc-client.misconfigured-client.early-tokens-acquisition=false

quarkus.oidc-client.non-default-client.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client.non-default-client.client-id=${quarkus.oidc.client-id}
quarkus.oidc-client.non-default-client.credentials.secret=${quarkus.oidc.credentials.secret}
Expand All @@ -28,6 +36,7 @@ io.quarkus.it.keycloak.ProtectedResourceServiceOidcClient/mp-rest/url=http://loc
io.quarkus.it.keycloak.ProtectedResourceServiceNamedOidcClient/mp-rest/url=http://localhost:8081/protected
io.quarkus.it.keycloak.ProtectedResourceServiceNoOidcClient/mp-rest/url=http://localhost:8081/protected
io.quarkus.it.keycloak.ProtectedResourceServiceNonDefaultOidcClient/mp-rest/url=http://localhost:8081/protected
io.quarkus.it.keycloak.MisconfiguredClientFilter/mp-rest/url=http://localhost:8081/protected

quarkus.tls.trust-all=true
quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientImpl".min-level=TRACE
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import static org.awaitility.Awaitility.await;
import static org.awaitility.Awaitility.given;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.junit.jupiter.api.Assertions.assertEquals;

Expand Down Expand Up @@ -36,6 +37,15 @@ public void testGetUserNameOidcClient() {
.body(equalTo("alice"));
}

@Test
public void testGetUserNameMisconfiguredClientFilter() {
RestAssured.given().header("Accept", "text/plain")
.when().get("/frontend/userNameMisconfiguredClientFilter")
.then()
.statusCode(200)
.body(containsString("invalid_grant"));
}

@Test
public void testGetUserNameNonDefaultOidcClient() {
RestAssured.when().get("/frontend/userNonDefaultOidcClient")
Expand Down

0 comments on commit bab6ca8

Please sign in to comment.