From 57653c0fd1e33eefb98536be2e28a702d82c0e4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Victor=20No=C3=ABl?= <victor.noel@crazydwarves.org>
Date: Sat, 16 Jun 2018 14:57:22 +0200
Subject: [PATCH] Rely on original security context even for profiles

When multiple security filters are used, a pac4j security context
can rely on an already authenticated pac4j security context.
In this case, it must delegate to the original if it doesn't itself
have some profiles stored.
---
 .../main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java b/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
index 418b51f..de91702 100644
--- a/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
+++ b/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
@@ -58,6 +58,8 @@ public Pac4JSecurityContext(SecurityContext original, JaxRsContext context,
         public Optional<Collection<CommonProfile>> getProfiles() {
             if (principal != null) {
                 return profiles.map(ps -> Collections.unmodifiableCollection(ps));
+            } else if (original instanceof Pac4JSecurityContext) {
+                return ((Pac4JSecurityContext) original).getProfiles();
             } else {
                 return Optional.empty();
             }