From 158dda7a1cbfa01521dd532be87a9d63eca4d589 Mon Sep 17 00:00:00 2001
From: Knut Wannheden <knut.wannheden@mobi.ch>
Date: Mon, 4 Jul 2022 14:42:59 +0200
Subject: [PATCH] RestEasy Reactive: Keep target when handling failed
 authorization check

So that exception mappers can access the target-specific `ResourceInfo` properties, the handling of the exceptions during the authorization checks must keep the target when switching to the abort chain.

(cherry picked from commit 67ba7f47cd1f43bafa0b2df22feacd15619c6c98)
---
 ...tyExceptionMapperWithResourceInfoTest.java | 57 +++++++++++++++++++
 .../security/EagerSecurityHandler.java        |  2 +-
 .../core/AbstractResteasyReactiveContext.java | 11 +---
 3 files changed, 60 insertions(+), 10 deletions(-)
 create mode 100644 extensions/resteasy-reactive/quarkus-resteasy-reactive/deployment/src/test/java/io/quarkus/resteasy/reactive/server/test/customexceptions/SecurityExceptionMapperWithResourceInfoTest.java

diff --git a/extensions/resteasy-reactive/quarkus-resteasy-reactive/deployment/src/test/java/io/quarkus/resteasy/reactive/server/test/customexceptions/SecurityExceptionMapperWithResourceInfoTest.java b/extensions/resteasy-reactive/quarkus-resteasy-reactive/deployment/src/test/java/io/quarkus/resteasy/reactive/server/test/customexceptions/SecurityExceptionMapperWithResourceInfoTest.java
new file mode 100644
index 0000000000000..0eb03f18d6ea0
--- /dev/null
+++ b/extensions/resteasy-reactive/quarkus-resteasy-reactive/deployment/src/test/java/io/quarkus/resteasy/reactive/server/test/customexceptions/SecurityExceptionMapperWithResourceInfoTest.java
@@ -0,0 +1,57 @@
+package io.quarkus.resteasy.reactive.server.test.customexceptions;
+
+import static org.hamcrest.Matchers.is;
+
+import java.util.function.Supplier;
+
+import javax.annotation.security.DenyAll;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.Response;
+
+import org.jboss.resteasy.reactive.server.ServerExceptionMapper;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.restassured.RestAssured;
+
+public class SecurityExceptionMapperWithResourceInfoTest {
+
+    @RegisterExtension
+    static QuarkusUnitTest test = new QuarkusUnitTest()
+            .setArchiveProducer(new Supplier<>() {
+                @Override
+                public JavaArchive get() {
+                    return ShrinkWrap.create(JavaArchive.class)
+                            .addClasses(Resource.class);
+                }
+            });
+
+    @Test
+    void test() {
+        RestAssured.get("/test/denied")
+                .then().statusCode(403).body(is(Resource.class.getName()));
+    }
+
+    @Path("test")
+    public static class Resource {
+        @GET
+        @Path("denied")
+        @Produces("text/plain")
+        @DenyAll
+        public String denied() {
+            return "denied";
+        }
+
+        @ServerExceptionMapper(SecurityException.class)
+        Response handle(SecurityException t, ResourceInfo resourceInfo) {
+            return Response.status(403).entity(resourceInfo.getResourceClass().getName()).build();
+        }
+    }
+
+}
diff --git a/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityHandler.java b/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityHandler.java
index 21078343d3390..17d9126e8a08a 100644
--- a/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityHandler.java
+++ b/extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityHandler.java
@@ -91,7 +91,7 @@ public void onItem(Object item) {
 
                         @Override
                         public void onFailure(Throwable failure) {
-                            requestContext.resume(failure);
+                            requestContext.resume(failure, true);
                         }
                     });
         }
diff --git a/independent-projects/resteasy-reactive/common/runtime/src/main/java/org/jboss/resteasy/reactive/common/core/AbstractResteasyReactiveContext.java b/independent-projects/resteasy-reactive/common/runtime/src/main/java/org/jboss/resteasy/reactive/common/core/AbstractResteasyReactiveContext.java
index a0529d63f83b9..29d5efa755abd 100644
--- a/independent-projects/resteasy-reactive/common/runtime/src/main/java/org/jboss/resteasy/reactive/common/core/AbstractResteasyReactiveContext.java
+++ b/independent-projects/resteasy-reactive/common/runtime/src/main/java/org/jboss/resteasy/reactive/common/core/AbstractResteasyReactiveContext.java
@@ -51,8 +51,7 @@ public void resume() {
     }
 
     public synchronized void resume(Throwable throwable) {
-        handleException(throwable);
-        resume((Executor) null);
+        resume(throwable, false);
     }
 
     public synchronized void resume(Throwable throwable, boolean keepTarget) {
@@ -303,13 +302,7 @@ public H[] getHandlers() {
      * a response result and switch to the abort chain
      */
     public void handleException(Throwable t) {
-        if (abortHandlerChainStarted) {
-            handleUnrecoverableError(unwrapException(t));
-        } else {
-            this.throwable = unwrapException(t);
-            abortHandlerChainStarted = true;
-            restart(abortHandlerChain);
-        }
+        handleException(t, false);
     }
 
     public void handleException(Throwable t, boolean keepSameTarget) {