From 5a48e6d2435c7ff54c1a0678c3a1bc165c32c852 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= Date: Sat, 21 Sep 2024 10:27:40 +0200 Subject: [PATCH] Avoid SecurityContextOverrideHandler NPE when auth impl without Quarkus Sec --- .../security/SecurityContextOverrideHandler.java | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/extensions/resteasy-reactive/rest/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java b/extensions/resteasy-reactive/rest/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java index e2a978c5a9cfa..a7a05f39fcf4b 100644 --- a/extensions/resteasy-reactive/rest/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java +++ b/extensions/resteasy-reactive/rest/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.java @@ -16,6 +16,7 @@ import org.jboss.resteasy.reactive.server.model.ServerResourceMethod; import org.jboss.resteasy.reactive.server.spi.ServerRestHandler; +import io.quarkus.arc.Arc; import io.quarkus.resteasy.reactive.server.runtime.ResteasyReactiveSecurityContext; import io.quarkus.security.credential.Credential; import io.quarkus.security.identity.CurrentIdentityAssociation; @@ -45,11 +46,11 @@ public void handle(ResteasyReactiveRequestContext requestContext) throws Excepti updateIdentity(requestContext, modified); } - private void updateIdentity(ResteasyReactiveRequestContext requestContext, SecurityContext modified) { + private static void updateIdentity(ResteasyReactiveRequestContext requestContext, SecurityContext modified) { requestContext.requireCDIRequestScope(); - if (EagerSecurityContext.instance.identityAssociation.isResolvable()) { + final CurrentIdentityAssociation currentIdentityAssociation = getIdentityAssociation(); + if (currentIdentityAssociation != null) { RoutingContext routingContext = requestContext.unwrap(RoutingContext.class); - CurrentIdentityAssociation currentIdentityAssociation = EagerSecurityContext.instance.identityAssociation.get(); Uni oldIdentity = currentIdentityAssociation.getDeferredIdentity(); currentIdentityAssociation.setIdentity(oldIdentity.map(new Function() { @Override @@ -119,6 +120,15 @@ public Uni checkPermission(Permission permission) { } } + private static CurrentIdentityAssociation getIdentityAssociation() { + if (EagerSecurityContext.instance != null) { + return EagerSecurityContext.instance.identityAssociation.orElse(null); + } + // this should only happen when Quarkus Security extension is not present + // but user implements security themselves, like in their own JAX-RS filter + return Arc.container().instance(CurrentIdentityAssociation.class).orElse(null); + } + public static class Customizer implements HandlerChainCustomizer { @Override public List handlers(Phase phase, ResourceClass resourceClass,