From cf92218e162251b34d69b1aa03723682d8cb7ba4 Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Fri, 4 Jun 2021 09:29:12 +1000 Subject: [PATCH] SecurityContext override with no quarkus-security Fixes #17527 --- .../SecurityContextOverrideHandler.java | 140 +++++++++--------- 1 file changed, 67 insertions(+), 73 deletions(-) diff --git a/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java b/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java index f9e6b49835e49..d50d96a7a4051 100644 --- a/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java +++ b/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java @@ -8,7 +8,6 @@ import java.util.Set; import java.util.function.Function; -import javax.enterprise.inject.spi.CDI; import javax.ws.rs.core.SecurityContext; import org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext; @@ -16,6 +15,7 @@ import org.jboss.resteasy.reactive.server.spi.ServerRestHandler; import io.quarkus.arc.Arc; +import io.quarkus.arc.InjectableInstance; import io.quarkus.resteasy.reactive.server.runtime.ResteasyReactiveSecurityContext; import io.quarkus.security.credential.Credential; import io.quarkus.security.identity.CurrentIdentityAssociation; @@ -24,8 +24,7 @@ public class SecurityContextOverrideHandler implements ServerRestHandler { - private volatile SecurityIdentity securityIdentity; - private volatile CurrentIdentityAssociation currentIdentityAssociation; + private volatile InjectableInstance currentIdentityAssociation; @Override public void handle(ResteasyReactiveRequestContext requestContext) throws Exception { @@ -43,83 +42,78 @@ public void handle(ResteasyReactiveRequestContext requestContext) throws Excepti private void updateIdentity(ResteasyReactiveRequestContext requestContext, SecurityContext modified) { requestContext.requireCDIRequestScope(); - CurrentIdentityAssociation currentIdentityAssociation = Arc.container().select(CurrentIdentityAssociation.class).get(); - Uni oldIdentity = currentIdentityAssociation.getDeferredIdentity(); - currentIdentityAssociation.setIdentity(oldIdentity.map(new Function() { - @Override - public SecurityIdentity apply(SecurityIdentity old) { - Set oldCredentials = old.getCredentials(); - Map oldAttributes = old.getAttributes(); - return new SecurityIdentity() { - @Override - public Principal getPrincipal() { - return modified.getUserPrincipal(); - } - - @Override - public boolean isAnonymous() { - return modified.getUserPrincipal() == null; - } - - @Override - public Set getRoles() { - throw new UnsupportedOperationException( - "retrieving all roles not supported when JAX-RS security context has been replaced"); - } - - @Override - public boolean hasRole(String role) { - return modified.isUserInRole(role); - } - - @Override - public T getCredential(Class credentialType) { - for (Credential cred : getCredentials()) { - if (credentialType.isAssignableFrom(cred.getClass())) { - return (T) cred; + InjectableInstance instance = getCurrentIdentityAssociation(); + if (instance.isResolvable()) { + CurrentIdentityAssociation currentIdentityAssociation = instance.get(); + Uni oldIdentity = currentIdentityAssociation.getDeferredIdentity(); + currentIdentityAssociation.setIdentity(oldIdentity.map(new Function() { + @Override + public SecurityIdentity apply(SecurityIdentity old) { + Set oldCredentials = old.getCredentials(); + Map oldAttributes = old.getAttributes(); + return new SecurityIdentity() { + @Override + public Principal getPrincipal() { + return modified.getUserPrincipal(); + } + + @Override + public boolean isAnonymous() { + return modified.getUserPrincipal() == null; + } + + @Override + public Set getRoles() { + throw new UnsupportedOperationException( + "retrieving all roles not supported when JAX-RS security context has been replaced"); + } + + @Override + public boolean hasRole(String role) { + return modified.isUserInRole(role); + } + + @Override + public T getCredential(Class credentialType) { + for (Credential cred : getCredentials()) { + if (credentialType.isAssignableFrom(cred.getClass())) { + return (T) cred; + } } + return null; } - return null; - } - - @Override - public Set getCredentials() { - return oldCredentials; - } - - @Override - public T getAttribute(String name) { - return (T) oldAttributes.get(name); - } - - @Override - public Map getAttributes() { - return oldAttributes; - } - - @Override - public Uni checkPermission(Permission permission) { - return Uni.createFrom().nullItem(); - } - }; - } - })); - } - private CurrentIdentityAssociation getCurrentIdentityAssociation() { - CurrentIdentityAssociation identityAssociation = this.currentIdentityAssociation; - if (identityAssociation == null) { - return this.currentIdentityAssociation = CDI.current().select(CurrentIdentityAssociation.class).get(); + @Override + public Set getCredentials() { + return oldCredentials; + } + + @Override + public T getAttribute(String name) { + return (T) oldAttributes.get(name); + } + + @Override + public Map getAttributes() { + return oldAttributes; + } + + @Override + public Uni checkPermission(Permission permission) { + return Uni.createFrom().nullItem(); + } + }; + } + })); } - return identityAssociation; } - private SecurityIdentity getSecurityIdentity() { - SecurityIdentity identity = this.securityIdentity; - if (identity == null) { - return this.securityIdentity = CDI.current().select(SecurityIdentity.class).get(); + private InjectableInstance getCurrentIdentityAssociation() { + InjectableInstance identityAssociation = this.currentIdentityAssociation; + if (identityAssociation == null) { + return this.currentIdentityAssociation = Arc.container().select(CurrentIdentityAssociation.class); } - return identity; + return identityAssociation; } public static class Customizer implements HandlerChainCustomizer {