-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: run blocking tasks on Vert.X duplicated ctx
- Loading branch information
1 parent
e763315
commit 58233e2
Showing
6 changed files
with
186 additions
and
27 deletions.
There are no files selected for viewing
42 changes: 42 additions & 0 deletions
42
...y/runtime-spi/src/main/java/io/quarkus/security/spi/runtime/BlockingSecurityExecutor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package io.quarkus.security.spi.runtime; | ||
|
||
import java.util.concurrent.Executor; | ||
import java.util.function.Consumer; | ||
import java.util.function.Supplier; | ||
|
||
import io.quarkus.security.identity.AuthenticationRequestContext; | ||
import io.smallrye.mutiny.Uni; | ||
import io.smallrye.mutiny.subscription.UniEmitter; | ||
|
||
/** | ||
* Blocking executor used for security purposes such {@link AuthenticationRequestContext#runBlocking(Supplier)}. | ||
* Extensions may provide their own implementation if they need a single thread pool. | ||
*/ | ||
public interface BlockingSecurityExecutor { | ||
|
||
<T> Uni<T> executeBlocking(Supplier<? extends T> supplier); | ||
|
||
static BlockingSecurityExecutor createBlockingExecutor(Supplier<Executor> executorSupplier) { | ||
return new BlockingSecurityExecutor() { | ||
@Override | ||
public <T> Uni<T> executeBlocking(Supplier<? extends T> function) { | ||
return Uni.createFrom().emitter(new Consumer<UniEmitter<? super T>>() { | ||
@Override | ||
public void accept(UniEmitter<? super T> uniEmitter) { | ||
executorSupplier.get().execute(new Runnable() { | ||
@Override | ||
public void run() { | ||
try { | ||
uniEmitter.complete(function.get()); | ||
} catch (Throwable t) { | ||
uniEmitter.fail(t); | ||
} | ||
} | ||
}); | ||
} | ||
}); | ||
} | ||
}; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
66 changes: 66 additions & 0 deletions
66
...src/test/java/io/quarkus/jwt/test/EnabledProactiveAuthFailedExceptionMapperHttp2Test.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package io.quarkus.jwt.test; | ||
|
||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
||
import java.io.IOException; | ||
import java.net.URISyntaxException; | ||
import java.net.URL; | ||
import java.net.http.HttpClient; | ||
import java.net.http.HttpRequest; | ||
import java.net.http.HttpResponse; | ||
|
||
import jakarta.ws.rs.core.Response; | ||
|
||
import org.jboss.resteasy.reactive.server.ServerExceptionMapper; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.security.AuthenticationFailedException; | ||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.quarkus.test.common.http.TestHTTPResource; | ||
|
||
public class EnabledProactiveAuthFailedExceptionMapperHttp2Test { | ||
|
||
private static final String CUSTOMIZED_RESPONSE = "AuthenticationFailedException"; | ||
protected static final Class<?>[] classes = { JsonValuejectionEndpoint.class, TokenUtils.class, | ||
AuthFailedExceptionMapper.class }; | ||
|
||
@RegisterExtension | ||
static final QuarkusUnitTest config = new QuarkusUnitTest() | ||
.withApplicationRoot((jar) -> jar | ||
.addClasses(classes) | ||
.addAsResource(new StringAsset("quarkus.http.auth.proactive=true\n" + | ||
"quarkus.smallrye-jwt.blocking-authentication=true\n"), "application.properties")); | ||
|
||
@TestHTTPResource | ||
URL url; | ||
|
||
@Test | ||
public void testExMapperCustomizedResponse() throws IOException, InterruptedException, URISyntaxException { | ||
var client = HttpClient.newBuilder() | ||
.version(HttpClient.Version.HTTP_2) | ||
.build(); | ||
|
||
var response = client.send( | ||
HttpRequest.newBuilder() | ||
.GET() | ||
.header("Authorization", "Bearer 12345") | ||
.uri(url.toURI()) | ||
.build(), | ||
HttpResponse.BodyHandlers.ofString()); | ||
|
||
assertEquals(401, response.statusCode()); | ||
} | ||
|
||
public static class AuthFailedExceptionMapper { | ||
|
||
@ServerExceptionMapper(value = AuthenticationFailedException.class) | ||
public Response unauthorized() { | ||
return Response | ||
.status(401) | ||
.entity(CUSTOMIZED_RESPONSE).build(); | ||
} | ||
|
||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
...e/src/main/java/io/quarkus/vertx/http/runtime/security/VertxBlockingSecurityExecutor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package io.quarkus.vertx.http.runtime.security; | ||
|
||
import static io.quarkus.vertx.core.runtime.context.VertxContextSafetyToggle.setContextSafe; | ||
import static io.smallrye.common.vertx.VertxContext.getOrCreateDuplicatedContext; | ||
|
||
import java.util.function.Supplier; | ||
|
||
import jakarta.inject.Inject; | ||
|
||
import io.quarkus.security.spi.runtime.BlockingSecurityExecutor; | ||
import io.smallrye.mutiny.Uni; | ||
import io.vertx.core.Context; | ||
import io.vertx.core.Handler; | ||
import io.vertx.core.Promise; | ||
import io.vertx.core.Vertx; | ||
|
||
public class VertxBlockingSecurityExecutor implements BlockingSecurityExecutor { | ||
|
||
@Inject | ||
Vertx vertx; | ||
|
||
@Override | ||
public <T> Uni<T> executeBlocking(Supplier<? extends T> supplier) { | ||
Context local = getOrCreateDuplicatedContext(vertx); | ||
setContextSafe(local, true); | ||
return Uni | ||
.createFrom() | ||
.completionStage( | ||
local | ||
.executeBlocking(new Handler<Promise<T>>() { | ||
@Override | ||
public void handle(Promise<T> promise) { | ||
promise.complete(supplier.get()); | ||
} | ||
}) | ||
.toCompletionStage()); | ||
} | ||
} |