Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security annotations with Mutiny #20332

Closed
kristijan-rusu opened this issue Sep 22, 2021 · 1 comment · Fixed by #20481
Closed

Security annotations with Mutiny #20332

kristijan-rusu opened this issue Sep 22, 2021 · 1 comment · Fixed by #20481
Labels
area/mutiny area/security area/smallrye kind/enhancement New feature or request
Milestone
2.4.0.CR1

Comments

@kristijan-rusu
Copy link

kristijan-rusu commented Sep 22, 2021
edited
Loading

Description

Security annotations, such as @Authenticated or @RolesAllowed should would with Mutiny. I'm not sure if they are working correctly with RESTEasy Reactive, but they are not working with other Mutiny methods such as gRPC implementations. When invoking non-blocking gRPC implementation annotated with @RolesAllowed this exception is thrown:

io.quarkus.runtime.BlockingOperationNotAllowedException: Cannot call getIdentity() from the IO thread when lazy authentication is in use, as resolving the identity may block the thread. Instead you should inject the CurrentIdentityAssociation, call CurrentIdentityAssociation#getDeferredIdentity() and subscribe to the Uni.
	at io.quarkus.security.runtime.SecurityIdentityAssociation.getIdentity(SecurityIdentityAssociation.java:68)
	at io.quarkus.security.runtime.SecurityIdentityAssociation_Subclass.getIdentity$$superforward1(SecurityIdentityAssociation_Subclass.zig:193)
	at io.quarkus.security.runtime.SecurityIdentityAssociation_Subclass$$function$$1.apply(SecurityIdentityAssociation_Subclass$$function$$1.zig:24)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:54)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.proceed(InvocationInterceptor.java:62)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.monitor(InvocationInterceptor.java:49)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor_Bean.intercept(InvocationInterceptor_Bean.zig:521)
	at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
	at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
	at io.quarkus.security.runtime.SecurityIdentityAssociation_Subclass.getIdentity(SecurityIdentityAssociation_Subclass.zig:307)
	at io.quarkus.security.runtime.SecurityIdentityAssociation_ClientProxy.getIdentity(SecurityIdentityAssociation_ClientProxy.zig:250)
	at io.quarkus.security.runtime.SecurityIdentityProxy.hasRole(SecurityIdentityProxy.java:38)
	at io.quarkus.security.runtime.SecurityIdentityProxy_Subclass.hasRole$$superforward1(SecurityIdentityProxy_Subclass.zig:371)
	at io.quarkus.security.runtime.SecurityIdentityProxy_Subclass$$function$$4.apply(SecurityIdentityProxy_Subclass$$function$$4.zig:33)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:54)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.proceed(InvocationInterceptor.java:62)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.monitor(InvocationInterceptor.java:49)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor_Bean.intercept(InvocationInterceptor_Bean.zig:521)
	at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
	at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
	at io.quarkus.security.runtime.SecurityIdentityProxy_Subclass.hasRole(SecurityIdentityProxy_Subclass.zig:797)
	at io.quarkus.security.runtime.SecurityIdentityProxy_ClientProxy.hasRole(SecurityIdentityProxy_ClientProxy.zig:401)
	at io.quarkus.security.runtime.interceptor.check.RolesAllowedCheck.apply(RolesAllowedCheck.java:55)
	at io.quarkus.security.runtime.interceptor.SecurityConstrainer.check(SecurityConstrainer.java:28)
	at io.quarkus.security.runtime.interceptor.SecurityConstrainer_Subclass.check$$superforward1(SecurityConstrainer_Subclass.zig:100)
	at io.quarkus.security.runtime.interceptor.SecurityConstrainer_Subclass$$function$$1.apply(SecurityConstrainer_Subclass$$function$$1.zig:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:54)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.proceed(InvocationInterceptor.java:62)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.monitor(InvocationInterceptor.java:49)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor_Bean.intercept(InvocationInterceptor_Bean.zig:521)
	at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
	at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
	at io.quarkus.security.runtime.interceptor.SecurityConstrainer_Subclass.check(SecurityConstrainer_Subclass.zig:170)
	at io.quarkus.security.runtime.interceptor.SecurityHandler.handle(SecurityHandler.java:23)
	at io.quarkus.security.runtime.interceptor.SecurityHandler_Subclass.handle$$superforward1(SecurityHandler_Subclass.zig:137)
	at io.quarkus.security.runtime.interceptor.SecurityHandler_Subclass$$function$$2.apply(SecurityHandler_Subclass$$function$$2.zig:33)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:54)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.proceed(InvocationInterceptor.java:62)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.monitor(InvocationInterceptor.java:49)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor_Bean.intercept(InvocationInterceptor_Bean.zig:521)
	at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
	at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
	at io.quarkus.security.runtime.interceptor.SecurityHandler_Subclass.handle(SecurityHandler_Subclass.zig:296)
	at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor.intercept(RolesAllowedInterceptor.java:29)
	at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor_Bean.intercept(RolesAllowedInterceptor_Bean.zig:386)
	at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
	at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
	at org.example.GreeterImpl_Subclass.hello(GreeterImpl_Subclass.zig:166)
	at org.example.api.GreeterBean.hello(GreeterBean.java:21)
	at io.quarkus.grpc.runtime.ServerCalls.oneToOne(ServerCalls.java:29)
	at org.example.api.MutinyGreeterGrpc$MethodHandlers.invoke(MutinyGreeterGrpc.java:116)
	at io.grpc.stub.ServerCalls$UnaryServerCallHandler$UnaryServerCallListener.onHalfClose(ServerCalls.java:182)
	at io.grpc.PartialForwardingServerCallListener.onHalfClose(PartialForwardingServerCallListener.java:35)
	at io.grpc.ForwardingServerCallListener.onHalfClose(ForwardingServerCallListener.java:23)
	at io.grpc.ForwardingServerCallListener$SimpleForwardingServerCallListener.onHalfClose(ForwardingServerCallListener.java:40)
	at io.quarkus.grpc.runtime.supports.context.GrpcRequestContextGrpcInterceptor$1.onHalfClose(GrpcRequestContextGrpcInterceptor.java:81)
	at io.grpc.internal.ServerCallImpl$ServerStreamListenerImpl.halfClosed(ServerCallImpl.java:331)
	at io.grpc.internal.ServerImpl$JumpToApplicationThreadServerStreamListener$1HalfClosed.runInContext(ServerImpl.java:797)
	at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37)
	at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:123)
	at io.quarkus.grpc.runtime.GrpcServerRecorder$DevModeWrapper.run(GrpcServerRecorder.java:495)
	at io.quarkus.grpc.runtime.GrpcServerRecorder$9$2.handle(GrpcServerRecorder.java:388)
	at io.quarkus.grpc.runtime.GrpcServerRecorder$9$2.handle(GrpcServerRecorder.java:385)
	at io.vertx.core.impl.future.FutureImpl$3.onSuccess(FutureImpl.java:141)
	at io.vertx.core.impl.future.FutureBase.lambda$emitSuccess$0(FutureBase.java:54)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:500)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.base/java.lang.Thread.run(Thread.java:829)

Implementation ideas

As there is more and more focus on reactive implementations, it would be useful if these annotations work with Mutiny (and similar references as CompletionStage). There is already a similar implementation for cache and transactions I think.

Sorry if this is a wrong kind of an issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/mutiny area/security area/smallrye kind/enhancement New feature or request
Projects
None yet
Milestone
2.4.0.CR1
Development

Successfully merging a pull request may close this issue.

Quarkus gRPC security interceptor + non-blocking security check michalszynkiewicz/quarkus
1 participant
@kristijan-rusu