Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RESTEasy Reactive: add ability to invoke filters once the form parameters are read #22209

Closed
FroMage opened this issue Dec 14, 2021 · 7 comments · Fixed by #22252
Closed

RESTEasy Reactive: add ability to invoke filters once the form parameters are read #22209

FroMage opened this issue Dec 14, 2021 · 7 comments · Fixed by #22252
Labels
area/rest kind/enhancement New feature or request
Milestone
2.7.0.CR1

Comments

@FroMage
Copy link
Member

FroMage commented Dec 14, 2021

Description

I need to set a filter that checks every POST request for the existence of a CRSF value, but when my filter is invoked, the form is not read yet:

    @ServerRequestFilter
    public void filterRequest(HttpServerRequest req) {
        // check CRSF param for every method except the three safe ones
        if (req.method() != HttpMethod.GET
                && req.method() != HttpMethod.HEAD
                && req.method() != HttpMethod.OPTIONS) {
            //FIXME: can't do this for now because form values are not read when filter is invoked
            CurrentVertxRequest currentVertxRequest = CDI.current().select(CurrentVertxRequest.class).get();
            ResteasyReactiveRequestContext rrContext = (ResteasyReactiveRequestContext) currentVertxRequest
                    .getOtherHttpContextObject();
            FormData formData = rrContext.getFormData();
        }
    }

It would be nice to have an option to delay filters to after the form is read, perhaps with @ServerRequestFilter(readBody = true)

Implementation ideas

No response
@FroMage FroMage added kind/enhancement New feature or request area/rest labels Dec 14, 2021
@quarkus-bot
Copy link

quarkus-bot bot commented Dec 14, 2021

/cc @geoand, @stuartwdouglas

@geoand
Copy link
Contributor

geoand commented Dec 14, 2021

Sounds interesting

geoand added a commit to geoand/quarkus that referenced this issue Dec 15, 2021
@geoand
Allow request filters to be run after the input has been read
c9a05d5 
Resolves: quarkusio#22209
@geoand geoand mentioned this issue Dec 15, 2021
Merged
geoand added a commit to geoand/quarkus that referenced this issue Dec 15, 2021
@geoand
Allow request filters to be run after the input has been read
65f0a3d 
Resolves: quarkusio#22209
geoand added a commit that referenced this issue Dec 15, 2021
@geoand
Merge pull request #22252 from geoand/#22209
ed7ebb6 
Allow request filters to be run after the input has been read
@quarkus-bot quarkus-bot bot added this to the 2.7 - main milestone Dec 15, 2021
@FroMage
Copy link
Member Author

FroMage commented Dec 21, 2021

OK, so funny thing: this works when the endpoint has @FormParam elements that forces us to read the body, but doesn't when the endpoint is a @POST method with zero @FormParam. Can we force the body reading if we have filters like that? Should I open a new issue?

@geoand
Copy link
Contributor

geoand commented Dec 21, 2021

We probably can. Please open a new issue

@FroMage FroMage mentioned this issue Dec 21, 2021
Closed
@FroMage
Copy link
Member Author

FroMage commented Dec 21, 2021

Done, thanks!

@jimbogithub
Copy link

@FroMage Are you able to describe the exact circumstances under which this will currently work? I need a filter to do an HMAC calc for security reasons and it needs all the form data. I'm using @ServerRequestFilter(readBody = true) for the filter and the endpoint is @POST with multiple @FormParams. This seems to fit with what you describe above but in my case the FormData is still always null. (2.9.2.Final)

I can't do the calc just from the individual @FormParams as the caller may include fields I'm unaware of that still need to be in the HMAC.

This was easy with REST Classic and is currently a showstopper for migrating to Reactive.

@jimbogithub
Copy link

jimbogithub commented Jun 17, 2022
edited
Loading

Resolved. Needed to req.setExpectMultipart(true) and use a binding to ensure it only applies to endpoints expecting form data, e.g.

@HMACAuthenticated
@ServerRequestFilter(readBody = true)
public void filterRequest(HttpServerRequest req) {
    req.setExpectMultipart(true);
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/rest kind/enhancement New feature or request
Projects
None yet
Milestone
2.7.0.CR1
Development

Successfully merging a pull request may close this issue.

Allow request filters to be run after the input has been read geoand/quarkus
3 participants
@FroMage @geoand @jimbogithub