Skip to content

Commit

Permalink
Merge pull request #36915 from sberyozkin/rename_oidc_client_request_…
Browse files Browse the repository at this point in the history
…filter_filter

Rename OidcClientRequestFilter filter to OidcRequestFilter
  • Loading branch information
sberyozkin authored Nov 7, 2023
2 parents dcf6eb4 + db5d540 commit ff281c8
Show file tree
Hide file tree
Showing 12 changed files with 72 additions and 51 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -280,9 +280,9 @@ quarkus.oidc.introspection-credentials.secret=introspection-user-secret
----

[[oidc-client-filters]]
==== OIDC client request customization
==== OIDC request customization

You can customize OIDC client requests by registering one or more `OidcClientRequestFiler` implementations which can update or add new request headers, please see xref:security-openid-connect-client-reference#oidc-client-filters[Client request customization] for more information.
You can customize OIDC requests made by Quarkus to the OIDC provider by registering one or more `OidcRequestFiler` implementations which can update or add new request headers, please see xref:security-openid-connect-client-reference#oidc-client-filters[Client request customization] for more information.

==== Redirecting to and from the OIDC provider

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -873,9 +873,9 @@ quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientRecorder".min-lev
----

[[oidc-client-filters]]
== Client request customization
== OIDC request customization

You can customize OIDC client requests by registering one or more `OidcClientRequestFiler` implementations which can update or add new request headers, for example, a filter can analyze the request body and add its digest as a new header value:
You can customize OIDC requests made by Quarkus to the OIDC provider by registering one or more `OidcRequestFiler` implementations which can update or add new request headers, for example, a filter can analyze the request body and add its digest as a new header value:

[source,java]
----
Expand All @@ -884,17 +884,18 @@ package io.quarkus.it.keycloak;
import jakarta.enterprise.context.ApplicationScoped;
import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestContextProperties;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.vertx.core.http.HttpMethod;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;
@ApplicationScoped
@Unremovable
public class OidcClientRequestCustomizer implements OidcClientRequestFilter {
public class OidcRequestCustomizer implements OidcRequestFilter {
@Override
public void filter(HttpRequest<Buffer> request, Buffer buffer) {
public void filter(HttpRequest<Buffer> request, Buffer buffer, OidcRequestContextProperties contextProperties) {
HttpMethod method = request.method();
String uri = request.uri();
if (method == HttpMethod.POST && uri.endsWith("/service") && buffer != null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
import io.quarkus.oidc.client.OidcClientConfig;
import io.quarkus.oidc.client.OidcClientException;
import io.quarkus.oidc.client.Tokens;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.oidc.common.runtime.OidcConstants;
import io.smallrye.mutiny.Uni;
Expand Down Expand Up @@ -46,12 +46,12 @@ public class OidcClientImpl implements OidcClient {
private final String clientSecretBasicAuthScheme;
private final Key clientJwtKey;
private final OidcClientConfig oidcConfig;
private final List<OidcClientRequestFilter> filters;
private final List<OidcRequestFilter> filters;
private volatile boolean closed;

public OidcClientImpl(WebClient client, String tokenRequestUri, String tokenRevokeUri, String grantType,
MultiMap tokenGrantParams, MultiMap commonRefreshGrantParams, OidcClientConfig oidcClientConfig,
List<OidcClientRequestFilter> filters) {
List<OidcRequestFilter> filters) {
this.client = client;
this.tokenRequestUri = tokenRequestUri;
this.tokenRevokeUri = tokenRevokeUri;
Expand Down Expand Up @@ -260,8 +260,8 @@ private void checkClosed() {
}

private HttpRequest<Buffer> filter(HttpRequest<Buffer> request, Buffer body) {
for (OidcClientRequestFilter filter : filters) {
filter.filter(request, body);
for (OidcRequestFilter filter : filters) {
filter.filter(request, body, null);
}
return request;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
import io.quarkus.oidc.client.OidcClientException;
import io.quarkus.oidc.client.OidcClients;
import io.quarkus.oidc.client.Tokens;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.oidc.common.runtime.OidcConstants;
import io.quarkus.runtime.TlsConfig;
Expand Down Expand Up @@ -122,7 +122,7 @@ protected static Uni<OidcClient> createOidcClientUni(OidcClientConfig oidcConfig

WebClient client = WebClient.create(new io.vertx.mutiny.core.Vertx(vertx.get()), options);

List<OidcClientRequestFilter> clientRequestFilters = OidcCommonUtils.getClientRequestCustomizer();
List<OidcRequestFilter> clientRequestFilters = OidcCommonUtils.getClientRequestCustomizer();

Uni<OidcConfigurationMetadata> tokenUrisUni = null;
if (OidcCommonUtils.isAbsoluteUrl(oidcConfig.tokenPath)) {
Expand Down Expand Up @@ -211,7 +211,7 @@ private static void setGrantClientParams(OidcClientConfig oidcConfig, MultiMap g
}

private static Uni<OidcConfigurationMetadata> discoverTokenUris(WebClient client,
List<OidcClientRequestFilter> clientRequestFilters,
List<OidcRequestFilter> clientRequestFilters,
String authServerUrl, OidcClientConfig oidcConfig) {
final long connectionDelayInMillisecs = OidcCommonUtils.getConnectionDelayInMillis(oidcConfig);
return OidcCommonUtils.discoverMetadata(client, clientRequestFilters, authServerUrl, connectionDelayInMillisecs)
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package io.quarkus.oidc.common;

import java.util.Map;

public class OidcRequestContextProperties {

private final Map<String, Object> properties;

public OidcRequestContextProperties(Map<String, Object> properties) {
this.properties = properties;
}

public Object getProperty(String name) {
return properties.get(name);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package io.quarkus.oidc.common;

import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;

/**
* Request filter which can be used to customize requests such as the verification JsonWebKey set and token grant requests
* which are made from the OIDC adapter to the OIDC provider
*/
public interface OidcRequestFilter {
/**
* Filter OIDC requests
*
* @param request HTTP request that can have its headers customized
* @param body request body, will be null for HTTP GET methods, may be null for other HTTP methods
* @param contextProperties context properties that can be available in context of some requests, can be null
*/
void filter(HttpRequest<Buffer> request, Buffer requestBody, OidcRequestContextProperties contextProperties);
}
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
import io.quarkus.arc.ArcContainer;
import io.quarkus.credentials.CredentialsProvider;
import io.quarkus.credentials.runtime.CredentialsProviderFinder;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials;
import io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Provider;
import io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Secret;
Expand Down Expand Up @@ -427,12 +427,12 @@ public static Predicate<? super Throwable> oidcEndpointNotAvailable() {
|| (t instanceof OidcEndpointAccessException && ((OidcEndpointAccessException) t).getErrorStatus() == 404));
}

public static Uni<JsonObject> discoverMetadata(WebClient client, List<OidcClientRequestFilter> filters,
public static Uni<JsonObject> discoverMetadata(WebClient client, List<OidcRequestFilter> filters,
String authServerUrl, long connectionDelayInMillisecs) {
final String discoveryUrl = authServerUrl + OidcConstants.WELL_KNOWN_CONFIGURATION;
HttpRequest<Buffer> request = client.getAbs(discoveryUrl);
for (OidcClientRequestFilter filter : filters) {
filter.filter(request, null);
for (OidcRequestFilter filter : filters) {
filter.filter(request, null, null);
}
return request.send().onItem().transform(resp -> {
if (resp.statusCode() == 200) {
Expand Down Expand Up @@ -478,10 +478,10 @@ private static byte[] doRead(InputStream is) throws IOException {
return out.toByteArray();
}

public static List<OidcClientRequestFilter> getClientRequestCustomizer() {
public static List<OidcRequestFilter> getClientRequestCustomizer() {
ArcContainer container = Arc.container();
if (container != null) {
return container.listAll(OidcClientRequestFilter.class).stream().map(handle -> handle.get())
return container.listAll(OidcRequestFilter.class).stream().map(handle -> handle.get())
.collect(Collectors.toList());
}
return List.of();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.TokenIntrospection;
import io.quarkus.oidc.UserInfo;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.oidc.common.runtime.OidcConstants;
import io.quarkus.oidc.common.runtime.OidcEndpointAccessException;
Expand Down Expand Up @@ -45,12 +45,12 @@ public class OidcProviderClient implements Closeable {
private final String clientSecretBasicAuthScheme;
private final String introspectionBasicAuthScheme;
private final Key clientJwtKey;
private final List<OidcClientRequestFilter> filters;
private final List<OidcRequestFilter> filters;

public OidcProviderClient(WebClient client,
OidcConfigurationMetadata metadata,
OidcTenantConfig oidcConfig,
List<OidcClientRequestFilter> filters) {
List<OidcRequestFilter> filters) {
this.client = client;
this.metadata = metadata;
this.oidcConfig = oidcConfig;
Expand Down Expand Up @@ -220,8 +220,8 @@ public Key getClientJwtKey() {
}

private HttpRequest<Buffer> filter(HttpRequest<Buffer> request, Buffer body) {
for (OidcClientRequestFilter filter : filters) {
filter.filter(request, body);
for (OidcRequestFilter filter : filters) {
filter.filter(request, body, null);
}
return request;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
import io.quarkus.oidc.OidcTenantConfig.TokenStateManager.Strategy;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.TenantIdentityProvider;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.runtime.OidcCommonConfig;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.runtime.LaunchMode;
Expand Down Expand Up @@ -434,7 +434,7 @@ protected static Uni<OidcProviderClient> createOidcClientUni(OidcTenantConfig oi

WebClient client = WebClient.create(new io.vertx.mutiny.core.Vertx(vertx), options);

List<OidcClientRequestFilter> clientRequestFilters = OidcCommonUtils.getClientRequestCustomizer();
List<OidcRequestFilter> clientRequestFilters = OidcCommonUtils.getClientRequestCustomizer();

Uni<OidcConfigurationMetadata> metadataUni = null;
if (!oidcConfig.discoveryEnabled.orElse(true)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,17 @@
import jakarta.enterprise.context.ApplicationScoped;

import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestContextProperties;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;

@ApplicationScoped
@Unremovable
public class OidcRequestCustomizer implements OidcClientRequestFilter {
public class OidcRequestCustomizer implements OidcRequestFilter {

@Override
public void filter(HttpRequest<Buffer> request, Buffer buffer) {
public void filter(HttpRequest<Buffer> request, Buffer buffer, OidcRequestContextProperties contextProps) {
String uri = request.uri();
if (uri.endsWith("/non-standard-tokens")) {
request.putHeader("GrantType", getGrantType(buffer.toString()));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,18 @@
import jakarta.enterprise.context.ApplicationScoped;

import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.common.OidcClientRequestFilter;
import io.quarkus.oidc.common.OidcRequestContextProperties;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.vertx.core.http.HttpMethod;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;

@ApplicationScoped
@Unremovable
public class OidcRequestCustomizer implements OidcClientRequestFilter {
public class OidcRequestCustomizer implements OidcRequestFilter {

@Override
public void filter(HttpRequest<Buffer> request, Buffer buffer) {
public void filter(HttpRequest<Buffer> request, Buffer buffer, OidcRequestContextProperties contextProps) {
HttpMethod method = request.method();
String uri = request.uri();
if (method == HttpMethod.GET && uri.endsWith("/auth/azure/jwk")) {
Expand Down

0 comments on commit ff281c8

Please sign in to comment.