Skip to content

Commit

Permalink
SecurityContext override with no quarkus-security
Browse files Browse the repository at this point in the history
Fixes quarkusio#17527

(cherry picked from commit cf92218)
  • Loading branch information
stuartwdouglas authored and gsmet committed Jun 10, 2021
1 parent 203ecbc commit ce0c1e6
Showing 1 changed file with 67 additions and 73 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@
import java.util.Set;
import java.util.function.Function;

import javax.enterprise.inject.spi.CDI;
import javax.ws.rs.core.SecurityContext;

import org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext;
import org.jboss.resteasy.reactive.server.model.HandlerChainCustomizer;
import org.jboss.resteasy.reactive.server.spi.ServerRestHandler;

import io.quarkus.arc.Arc;
import io.quarkus.arc.InjectableInstance;
import io.quarkus.resteasy.reactive.server.runtime.ResteasyReactiveSecurityContext;
import io.quarkus.security.credential.Credential;
import io.quarkus.security.identity.CurrentIdentityAssociation;
Expand All @@ -24,8 +24,7 @@

public class SecurityContextOverrideHandler implements ServerRestHandler {

private volatile SecurityIdentity securityIdentity;
private volatile CurrentIdentityAssociation currentIdentityAssociation;
private volatile InjectableInstance<CurrentIdentityAssociation> currentIdentityAssociation;

@Override
public void handle(ResteasyReactiveRequestContext requestContext) throws Exception {
Expand All @@ -43,83 +42,78 @@ public void handle(ResteasyReactiveRequestContext requestContext) throws Excepti

private void updateIdentity(ResteasyReactiveRequestContext requestContext, SecurityContext modified) {
requestContext.requireCDIRequestScope();
CurrentIdentityAssociation currentIdentityAssociation = Arc.container().select(CurrentIdentityAssociation.class).get();
Uni<SecurityIdentity> oldIdentity = currentIdentityAssociation.getDeferredIdentity();
currentIdentityAssociation.setIdentity(oldIdentity.map(new Function<SecurityIdentity, SecurityIdentity>() {
@Override
public SecurityIdentity apply(SecurityIdentity old) {
Set<Credential> oldCredentials = old.getCredentials();
Map<String, Object> oldAttributes = old.getAttributes();
return new SecurityIdentity() {
@Override
public Principal getPrincipal() {
return modified.getUserPrincipal();
}

@Override
public boolean isAnonymous() {
return modified.getUserPrincipal() == null;
}

@Override
public Set<String> getRoles() {
throw new UnsupportedOperationException(
"retrieving all roles not supported when JAX-RS security context has been replaced");
}

@Override
public boolean hasRole(String role) {
return modified.isUserInRole(role);
}

@Override
public <T extends Credential> T getCredential(Class<T> credentialType) {
for (Credential cred : getCredentials()) {
if (credentialType.isAssignableFrom(cred.getClass())) {
return (T) cred;
InjectableInstance<CurrentIdentityAssociation> instance = getCurrentIdentityAssociation();
if (instance.isResolvable()) {
CurrentIdentityAssociation currentIdentityAssociation = instance.get();
Uni<SecurityIdentity> oldIdentity = currentIdentityAssociation.getDeferredIdentity();
currentIdentityAssociation.setIdentity(oldIdentity.map(new Function<SecurityIdentity, SecurityIdentity>() {
@Override
public SecurityIdentity apply(SecurityIdentity old) {
Set<Credential> oldCredentials = old.getCredentials();
Map<String, Object> oldAttributes = old.getAttributes();
return new SecurityIdentity() {
@Override
public Principal getPrincipal() {
return modified.getUserPrincipal();
}

@Override
public boolean isAnonymous() {
return modified.getUserPrincipal() == null;
}

@Override
public Set<String> getRoles() {
throw new UnsupportedOperationException(
"retrieving all roles not supported when JAX-RS security context has been replaced");
}

@Override
public boolean hasRole(String role) {
return modified.isUserInRole(role);
}

@Override
public <T extends Credential> T getCredential(Class<T> credentialType) {
for (Credential cred : getCredentials()) {
if (credentialType.isAssignableFrom(cred.getClass())) {
return (T) cred;
}
}
return null;
}
return null;
}

@Override
public Set<Credential> getCredentials() {
return oldCredentials;
}

@Override
public <T> T getAttribute(String name) {
return (T) oldAttributes.get(name);
}

@Override
public Map<String, Object> getAttributes() {
return oldAttributes;
}

@Override
public Uni<Boolean> checkPermission(Permission permission) {
return Uni.createFrom().nullItem();
}
};
}
}));
}

private CurrentIdentityAssociation getCurrentIdentityAssociation() {
CurrentIdentityAssociation identityAssociation = this.currentIdentityAssociation;
if (identityAssociation == null) {
return this.currentIdentityAssociation = CDI.current().select(CurrentIdentityAssociation.class).get();
@Override
public Set<Credential> getCredentials() {
return oldCredentials;
}

@Override
public <T> T getAttribute(String name) {
return (T) oldAttributes.get(name);
}

@Override
public Map<String, Object> getAttributes() {
return oldAttributes;
}

@Override
public Uni<Boolean> checkPermission(Permission permission) {
return Uni.createFrom().nullItem();
}
};
}
}));
}
return identityAssociation;
}

private SecurityIdentity getSecurityIdentity() {
SecurityIdentity identity = this.securityIdentity;
if (identity == null) {
return this.securityIdentity = CDI.current().select(SecurityIdentity.class).get();
private InjectableInstance<CurrentIdentityAssociation> getCurrentIdentityAssociation() {
InjectableInstance<CurrentIdentityAssociation> identityAssociation = this.currentIdentityAssociation;
if (identityAssociation == null) {
return this.currentIdentityAssociation = Arc.container().select(CurrentIdentityAssociation.class);
}
return identity;
return identityAssociation;
}

public static class Customizer implements HandlerChainCustomizer {
Expand Down

0 comments on commit ce0c1e6

Please sign in to comment.