From 36bfe4cda3129e242f95d7e2b14703d531aa29e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= <mvavrik@redhat.com>
Date: Fri, 26 Jan 2024 18:22:49 +0100
Subject: [PATCH] Do not require RoutingContext outside or RESTEasy handler

---
 .../runtime/StandardSecurityCheckInterceptor.java      | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/extensions/resteasy-classic/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/StandardSecurityCheckInterceptor.java b/extensions/resteasy-classic/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/StandardSecurityCheckInterceptor.java
index 036ab8fcf3b74..10ad1effe0416 100644
--- a/extensions/resteasy-classic/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/StandardSecurityCheckInterceptor.java
+++ b/extensions/resteasy-classic/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/StandardSecurityCheckInterceptor.java
@@ -17,7 +17,7 @@
 import io.quarkus.security.Authenticated;
 import io.quarkus.security.PermissionsAllowed;
 import io.quarkus.security.spi.runtime.AuthorizationController;
-import io.vertx.ext.web.RoutingContext;
+import io.quarkus.vertx.http.runtime.CurrentVertxRequest;
 
 /**
  * Security checks for RBAC annotations on endpoints are done by the {@link EagerSecurityFilter}, this interceptor
@@ -30,12 +30,14 @@ public abstract class StandardSecurityCheckInterceptor {
     AuthorizationController controller;
 
     @Inject
-    RoutingContext routingContext;
+    CurrentVertxRequest currentVertxRequest;
 
     @AroundInvoke
     public Object intercept(InvocationContext ic) throws Exception {
-        if (controller.isAuthorizationEnabled()) {
-            Method method = routingContext.get(EagerSecurityFilter.class.getName());
+        // RoutingContext can be null if RESTEasy is used together with other stacks that do not rely on it (e.g. gRPC)
+        // and this is not invoked from RESTEasy route handler
+        if (controller.isAuthorizationEnabled() && currentVertxRequest.getCurrent() != null) {
+            Method method = currentVertxRequest.getCurrent().get(EagerSecurityFilter.class.getName());
             if (method != null && method.equals(ic.getMethod())) {
                 ic.getContextData().put(SECURITY_HANDLER, EXECUTED);
             }