quarkusio · gastaldi · Jan 30, 2023 · Jan 28, 2023
diff --git a/...easy/deployment/src/test/java/io/quarkus/resteasy/test/security/RolesAllowedResource.java b/...easy/deployment/src/test/java/io/quarkus/resteasy/test/security/RolesAllowedResource.java
@@ -2,15 +2,22 @@
 
 import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
+import javax.inject.Inject;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 
+import io.quarkus.security.identity.CurrentIdentityAssociation;
+
 /**
  * @author Michal Szynkiewicz, [email protected]
  */
 @Path("/roles")
 @PermitAll
 public class RolesAllowedResource {
+
+    @Inject
+    CurrentIdentityAssociation currentIdentityAssociation;
+
     @GET
     @RolesAllowed({ "user", "admin" })
     public String defaultSecurity() {
@@ -24,4 +31,10 @@ public String admin() {
         return "admin";
     }
 
+    @Path("/admin/security-identity")
+    @RolesAllowed("admin")
+    @GET
+    public String getSecurityIdentity() {
+        return currentIdentityAssociation.getIdentity().getPrincipal().getName();
+    }
 }
diff --git a/...oyment/src/test/java/io/quarkus/resteasy/test/security/SecurityIdentityAugmentorTest.java b/...oyment/src/test/java/io/quarkus/resteasy/test/security/SecurityIdentityAugmentorTest.java
@@ -0,0 +1,67 @@
+package io.quarkus.resteasy.test.security;
+
+import java.util.List;
+import java.util.function.Supplier;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.control.ActivateRequestContext;
+
+import org.hamcrest.Matchers;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.builder.Version;
+import io.quarkus.maven.dependency.Dependency;
+import io.quarkus.security.identity.AuthenticationRequestContext;
+import io.quarkus.security.identity.SecurityIdentity;
+import io.quarkus.security.identity.SecurityIdentityAugmentor;
+import io.quarkus.security.runtime.QuarkusSecurityIdentity;
+import io.quarkus.security.test.utils.TestIdentityController;
+import io.quarkus.security.test.utils.TestIdentityProvider;
+import io.quarkus.test.QuarkusUnitTest;
+import io.restassured.RestAssured;
+import io.smallrye.mutiny.Uni;
+
+public class SecurityIdentityAugmentorTest {
+
+    @RegisterExtension
+    static QuarkusUnitTest runner = new QuarkusUnitTest()
+            .withApplicationRoot((jar) -> jar
+                    .addAsResource(new StringAsset("quarkus.http.auth.basic=true\n"), "application.properties")
+                    .addClasses(TestIdentityProvider.class, RolesAllowedResource.class, TestIdentityController.class))
+            .setForcedDependencies(List.of(Dependency.of("io.quarkus", "quarkus-undertow", Version.getVersion())));
+
+    @BeforeAll
+    public static void setupUsers() {
+        TestIdentityController.resetRoles().add("admin", "admin");
+    }
+
+    @Test
+    public void testSecurityIdentityAugmentor() {
+        RestAssured.given().auth().basic("admin", "admin").get("/roles/admin/security-identity").then().statusCode(200)
+                .body(Matchers.is("admin"));
+    }
+
+    @ApplicationScoped
+    public static class CustomAugmentor implements SecurityIdentityAugmentor {
+
+        @Override
+        public Uni<SecurityIdentity> augment(SecurityIdentity identity, AuthenticationRequestContext context) {
+            if (identity.isAnonymous()) {
+                return Uni.createFrom().item(identity);
+            }
+            return context.runBlocking(build(identity));
+        }
+
+        @ActivateRequestContext
+        Supplier<SecurityIdentity> build(SecurityIdentity identity) {
+            QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(identity);
+            builder.addRole("admin");
+            return builder::build;
+        }
+
+    }
+
+}
diff --git a/...ndertow/runtime/src/main/java/io/quarkus/undertow/runtime/UndertowDeploymentRecorder.java b/...ndertow/runtime/src/main/java/io/quarkus/undertow/runtime/UndertowDeploymentRecorder.java
@@ -564,6 +564,15 @@ public T call(HttpServerExchange exchange, C context) throws Exception {
                         // Not sure what to do here
                         ManagedContext requestContext = beanContainer.requestContext();
                         if (requestContext.isActive()) {
+                            if (currentVertxRequest.getCurrent() == null && exchange != null
+                                    && exchange.getDelegate() instanceof VertxHttpExchange) {
+                                // goal here is to add event to the Vert.X request when Smallrye Context Propagation
+                                // creates fresh instance of request context without the event; we experienced
+                                // the request context activated and terminated by ActivateRequestContextInterceptor
+                                // invoked for the SecurityIdentityAugmentor that was (re)created during permission checks
+                                addEventToVertxRequest(exchange);
+                            }
+
                             return action.call(exchange, context);
                         } else if (exchange == null) {
                             requestContext.activate();
@@ -578,9 +587,7 @@ public T call(HttpServerExchange exchange, C context) throws Exception {
                             try {
                                 requestContext.activate(existingRequestContext);
 
-                                VertxHttpExchange delegate = (VertxHttpExchange) exchange.getDelegate();
-                                RoutingContext rc = (RoutingContext) delegate.getContext();
-                                currentVertxRequest.setCurrent(rc);
+                                RoutingContext rc = addEventToVertxRequest(exchange);
 
                                 if (association != null) {
                                     QuarkusHttpUser existing = (QuarkusHttpUser) rc.user();
@@ -631,6 +638,13 @@ public void onStartAsync(AsyncEvent event) throws IOException {
                             }
                         }
                     }
+
+                    private RoutingContext addEventToVertxRequest(HttpServerExchange exchange) {
+                        VertxHttpExchange delegate = (VertxHttpExchange) exchange.getDelegate();
+                        RoutingContext rc = (RoutingContext) delegate.getContext();
+                        currentVertxRequest.setCurrent(rc);
+                        return rc;
+                    }
                 };
             }
         });