Rely on original security context even for profiles

When multiple security filters are used, a pac4j security context can rely on an already authenticated pac4j security context. In this case, it must delegate to the original if it doesn't itself have some profiles stored.
pac4j · Jun 16, 2018 · 57653c0 · 57653c0
1 parent af8c06f
commit 57653c0
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java b/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
@@ -58,6 +58,8 @@ public Pac4JSecurityContext(SecurityContext original, JaxRsContext context,
         public Optional<Collection<CommonProfile>> getProfiles() {
             if (principal != null) {
                 return profiles.map(ps -> Collections.unmodifiableCollection(ps));
+            } else if (original instanceof Pac4JSecurityContext) {
+                return ((Pac4JSecurityContext) original).getProfiles();
             } else {
                 return Optional.empty();
             }