Update RestEasy Classic mappers and Vert.x HTTP to log messages relat…

…ed to 401
quarkusio · Sep 22, 2022 · 28652ba · 28652ba
1 parent 12aa096
commit 28652ba
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 2 deletions.
diff --git a/...me/src/main/java/io/quarkus/resteasy/runtime/AuthenticationCompletionExceptionMapper.java b/...me/src/main/java/io/quarkus/resteasy/runtime/AuthenticationCompletionExceptionMapper.java
@@ -4,13 +4,18 @@
 import javax.ws.rs.ext.ExceptionMapper;
 import javax.ws.rs.ext.Provider;
 
+import org.jboss.logging.Logger;
+
 import io.quarkus.security.AuthenticationCompletionException;
 
 @Provider
 public class AuthenticationCompletionExceptionMapper implements ExceptionMapper<AuthenticationCompletionException> {
 
+    private static final Logger log = Logger.getLogger(AuthenticationCompletionExceptionMapper.class.getName());
+
     @Override
     public Response toResponse(AuthenticationCompletionException ex) {
+        log.debug("Authentication has failed, returning HTTP status 401");
         return Response.status(401).build();
     }
 

diff --git a/...untime/src/main/java/io/quarkus/resteasy/runtime/AuthenticationFailedExceptionMapper.java b/...untime/src/main/java/io/quarkus/resteasy/runtime/AuthenticationFailedExceptionMapper.java
@@ -7,6 +7,8 @@
 import javax.ws.rs.ext.ExceptionMapper;
 import javax.ws.rs.ext.Provider;
 
+import org.jboss.logging.Logger;
+
 import io.quarkus.security.AuthenticationFailedException;
 import io.quarkus.vertx.http.runtime.CurrentVertxRequest;
 import io.quarkus.vertx.http.runtime.security.ChallengeData;
@@ -16,6 +18,7 @@
 @Provider
 @Priority(Priorities.USER + 1)
 public class AuthenticationFailedExceptionMapper implements ExceptionMapper<AuthenticationFailedException> {
+    private static final Logger log = Logger.getLogger(AuthenticationFailedExceptionMapper.class.getName());
 
     private volatile CurrentVertxRequest currentVertxRequest;
 
@@ -38,8 +41,13 @@ public Response toResponse(AuthenticationFailedException exception) {
                 if (challengeData.headerName != null) {
                     status.header(challengeData.headerName.toString(), challengeData.headerContent);
                 }
+                log.debugf("Returning an authentication challenge, status code: %d", challengeData.status);
                 return status.build();
+            } else {
+                log.error("HttpAuthenticator is not found, returning HTTP status 401");
             }
+        } else {
+            log.error("RoutingContext is not found, returning HTTP status 401");
         }
         return Response.status(401).entity("Not Authenticated").build();
     }

diff --git a/...steasy/runtime/src/main/java/io/quarkus/resteasy/runtime/UnauthorizedExceptionMapper.java b/...steasy/runtime/src/main/java/io/quarkus/resteasy/runtime/UnauthorizedExceptionMapper.java
@@ -48,11 +48,17 @@ public Response toResponse(UnauthorizedException exception) {
                     if (challengeData.headerName != null) {
                         status.header(challengeData.headerName.toString(), challengeData.headerContent);
                     }
+                    log.debugf("Returning an authentication challenge, status code: %d", challengeData.status);
                     return status.build();
                 } else {
+                    log.debug("ChallengeData is null, returning HTTP status 401");
                     return Response.status(401).build();
                 }
+            } else {
+                log.error("HttpAuthenticator is not found, returning HTTP status 401");
             }
+        } else {
+            log.error("RoutingContext is not found, returning HTTP status 401");
         }
         return Response.status(401).entity("Not authorized").build();
     }

diff --git a/...-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java b/...-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java
@@ -11,6 +11,8 @@
 import javax.enterprise.inject.Instance;
 import javax.inject.Singleton;
 
+import org.jboss.logging.Logger;
+
 import io.netty.handler.codec.http.HttpResponseStatus;
 import io.quarkus.security.identity.IdentityProvider;
 import io.quarkus.security.identity.IdentityProviderManager;
@@ -25,6 +27,8 @@
  */
 @Singleton
 public class HttpAuthenticator {
+    private static final Logger log = Logger.getLogger(HttpAuthenticator.class);
+
     private final IdentityProviderManager identityProviderManager;
     private final Instance<PathMatchingHttpSecurityPolicy> pathMatchingPolicy;
     private final HttpAuthenticationMechanism[] mechanisms;
@@ -164,6 +168,7 @@ public Uni<? extends Boolean> apply(Boolean authDone) {
             @Override
             public Uni<? extends Boolean> apply(Boolean authDone) {
                 if (!authDone) {
+                    log.debug("Authentication has not been done, returning HTTP status 401");
                     routingContext.response().setStatusCode(401);
                     routingContext.response().end();
                 }

diff --git a/...tp/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java b/...tp/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java
@@ -92,6 +92,7 @@ public void accept(Throwable throwable) {
                                 }
                             });
                         } else if (throwable instanceof AuthenticationCompletionException) {
+                            log.debug("Authentication has failed, returning HTTP status 401");
                             event.response().setStatusCode(401);
                             event.response().end();
                         } else if (throwable instanceof AuthenticationRedirectException) {

diff --git a/integration-tests/oidc-code-flow/src/main/resources/application.properties b/integration-tests/oidc-code-flow/src/main/resources/application.properties
@@ -85,7 +85,7 @@ quarkus.oidc.tenant-refresh.authentication.cookie-path=/tenant-refresh
 quarkus.oidc.tenant-refresh.authentication.session-age-extension=2M
 quarkus.oidc.tenant-refresh.token.refresh-expired=true
 
-quarkus.oidc.tenant-autorefresh.auth-server-url=${keycloak.url}/realms/logout-realm
+quarkus.oidc.tenant-autorefresh.auth-server-url=${keycloak.url}/realms/quarkus
 quarkus.oidc.tenant-autorefresh.client-id=quarkus-app
 quarkus.oidc.tenant-autorefresh.credentials.secret=secret
 quarkus.oidc.tenant-autorefresh.application-type=web-app

diff --git a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java
@@ -502,7 +502,7 @@ public Boolean call() throws Exception {
     public void testTokenAutoRefresh() throws IOException {
         try (final WebClient webClient = createWebClient()) {
             HtmlPage page = webClient.getPage("http://localhost:8081/tenant-autorefresh");
-            assertEquals("Sign in to logout-realm", page.getTitleText());
+            assertEquals("Sign in to quarkus", page.getTitleText());
             HtmlForm loginForm = page.getForms().get(0);
             loginForm.getInputByName("username").setValueAttribute("alice");
             loginForm.getInputByName("password").setValueAttribute("alice");