From 46a2de0ed87c1a84e65899835b94bf4c9ace5fa1 Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Mon, 29 Nov 2021 11:14:20 +1100 Subject: [PATCH] Fix exception wrapping issue with SecurityHandler Fixes #21679 --- .../security/test/cdi/CDIAccessDefaultTest.java | 14 ++++++++++++++ .../test/cdi/app/BeanWithSecuredMethods.java | 5 +++++ .../security/test/cdi/app/TestException.java | 4 ++++ .../runtime/interceptor/SecurityHandler.java | 2 +- 4 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/TestException.java diff --git a/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/CDIAccessDefaultTest.java b/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/CDIAccessDefaultTest.java index 9b3cba18f3c8c..6bc1ef4f5c466 100644 --- a/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/CDIAccessDefaultTest.java +++ b/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/CDIAccessDefaultTest.java @@ -21,6 +21,7 @@ import io.quarkus.security.test.cdi.app.SubclassWithDenyAll; import io.quarkus.security.test.cdi.app.SubclassWithPermitAll; import io.quarkus.security.test.cdi.app.SubclassWithoutAnnotations; +import io.quarkus.security.test.cdi.app.TestException; import io.quarkus.security.test.utils.AuthData; import io.quarkus.security.test.utils.IdentityMock; import io.quarkus.security.test.utils.SecurityTestUtils; @@ -53,6 +54,7 @@ public class CDIAccessDefaultTest { AuthData.class, SubclassWithDenyAll.class, SubclassWithoutAnnotations.class, + TestException.class, SubclassWithPermitAll.class, SecurityTestUtils.class)); @@ -101,6 +103,18 @@ public void shouldRestrictAccessToSpecificRoleCompletionState() { }, "accessibleForAdminOnly", ADMIN); } + @Test + public void testExceptionWrapping() { + Executable executable = () -> { + try { + bean.securedMethodCompletionStageException().toCompletableFuture().get(); + } catch (ExecutionException e) { + throw e.getCause(); + } + }; + assertFailureFor(executable, TestException.class, ADMIN); + } + @Test public void shouldFailToAccessForbiddenOnClass() { assertFailureFor(() -> denyAllBean.noAdditionalConstraints(), UnauthorizedException.class, ANONYMOUS); diff --git a/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/BeanWithSecuredMethods.java b/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/BeanWithSecuredMethods.java index 987620fa5e927..db457825b0fef 100644 --- a/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/BeanWithSecuredMethods.java +++ b/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/BeanWithSecuredMethods.java @@ -37,6 +37,11 @@ public CompletionStage securedMethodCompletionStage() { return Uni.createFrom().item("accessibleForAdminOnly").subscribeAsCompletionStage(); } + @RolesAllowed("admin") + public CompletionStage securedMethodCompletionStageException() { + throw new TestException(); + } + public String unsecuredMethod() { return "accessibleForAll"; } diff --git a/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/TestException.java b/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/TestException.java new file mode 100644 index 0000000000000..4337f93489b4e --- /dev/null +++ b/extensions/security/deployment/src/test/java/io/quarkus/security/test/cdi/app/TestException.java @@ -0,0 +1,4 @@ +package io.quarkus.security.test.cdi.app; + +public class TestException extends RuntimeException { +} diff --git a/extensions/security/runtime/src/main/java/io/quarkus/security/runtime/interceptor/SecurityHandler.java b/extensions/security/runtime/src/main/java/io/quarkus/security/runtime/interceptor/SecurityHandler.java index 209d37d1ab46e..ab0153df22bc3 100644 --- a/extensions/security/runtime/src/main/java/io/quarkus/security/runtime/interceptor/SecurityHandler.java +++ b/extensions/security/runtime/src/main/java/io/quarkus/security/runtime/interceptor/SecurityHandler.java @@ -36,7 +36,7 @@ public Object handle(InvocationContext ic) throws Exception { try { return Uni.createFrom().completionStage((CompletionStage) ic.proceed()); } catch (Exception e) { - throw new RuntimeException(e); + return Uni.createFrom().failure(e); } }).subscribeAsCompletionStage(); } else if (Multi.class.isAssignableFrom(returnType)) {