Skip to content

Commit

Permalink
Do not require RoutingContext outside or RESTEasy handler
Browse files Browse the repository at this point in the history
  • Loading branch information
michalvavrik committed Jan 26, 2024
1 parent 467cc9c commit 36bfe4c
Showing 1 changed file with 6 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
import io.quarkus.security.Authenticated;
import io.quarkus.security.PermissionsAllowed;
import io.quarkus.security.spi.runtime.AuthorizationController;
import io.vertx.ext.web.RoutingContext;
import io.quarkus.vertx.http.runtime.CurrentVertxRequest;

/**
* Security checks for RBAC annotations on endpoints are done by the {@link EagerSecurityFilter}, this interceptor
Expand All @@ -30,12 +30,14 @@ public abstract class StandardSecurityCheckInterceptor {
AuthorizationController controller;

@Inject
RoutingContext routingContext;
CurrentVertxRequest currentVertxRequest;

@AroundInvoke
public Object intercept(InvocationContext ic) throws Exception {
if (controller.isAuthorizationEnabled()) {
Method method = routingContext.get(EagerSecurityFilter.class.getName());
// RoutingContext can be null if RESTEasy is used together with other stacks that do not rely on it (e.g. gRPC)
// and this is not invoked from RESTEasy route handler
if (controller.isAuthorizationEnabled() && currentVertxRequest.getCurrent() != null) {
Method method = currentVertxRequest.getCurrent().get(EagerSecurityFilter.class.getName());
if (method != null && method.equals(ic.getMethod())) {
ic.getContextData().put(SECURITY_HANDLER, EXECUTED);
}
Expand Down

0 comments on commit 36bfe4c

Please sign in to comment.