use of io.quarkus.security.identity.CurrentIdentityAssociation in project quarkus by quarkusio.
the class SecurityContextOverrideHandler method updateIdentity.
private void updateIdentity(ResteasyReactiveRequestContext requestContext, SecurityContext modified) {
requestContext.requireCDIRequestScope();
InjectableInstance<CurrentIdentityAssociation> instance = getCurrentIdentityAssociation();
if (instance.isResolvable()) {
CurrentIdentityAssociation currentIdentityAssociation = instance.get();
Uni<SecurityIdentity> oldIdentity = currentIdentityAssociation.getDeferredIdentity();
currentIdentityAssociation.setIdentity(oldIdentity.map(new Function<SecurityIdentity, SecurityIdentity>() {
@Override
public SecurityIdentity apply(SecurityIdentity old) {
Set<Credential> oldCredentials = old.getCredentials();
Map<String, Object> oldAttributes = old.getAttributes();
return new SecurityIdentity() {
@Override
public Principal getPrincipal() {
return modified.getUserPrincipal();
}
@Override
public boolean isAnonymous() {
return modified.getUserPrincipal() == null;
}
@Override
public Set<String> getRoles() {
throw new UnsupportedOperationException("retrieving all roles not supported when JAX-RS security context has been replaced");
}
@Override
public boolean hasRole(String role) {
return modified.isUserInRole(role);
}
@SuppressWarnings("unchecked")
@Override
public <T extends Credential> T getCredential(Class<T> credentialType) {
for (Credential cred : getCredentials()) {
if (credentialType.isAssignableFrom(cred.getClass())) {
return (T) cred;
}
}
return null;
}
@Override
public Set<Credential> getCredentials() {
return oldCredentials;
}
@SuppressWarnings("unchecked")
@Override
public <T> T getAttribute(String name) {
return (T) oldAttributes.get(name);
}
@Override
public Map<String, Object> getAttributes() {
return oldAttributes;
}
@Override
public Uni<Boolean> checkPermission(Permission permission) {
return Uni.createFrom().nullItem();
}
};
}
}));
}
}
use of io.quarkus.security.identity.CurrentIdentityAssociation in project quarkus by quarkusio.
the class UndertowDeploymentRecorder method setupRequestScope.
public void setupRequestScope(DeploymentInfo deploymentInfo, BeanContainer beanContainer) {
CurrentVertxRequest currentVertxRequest = CDI.current().select(CurrentVertxRequest.class).get();
Instance<CurrentIdentityAssociation> identityAssociations = CDI.current().select(CurrentIdentityAssociation.class);
CurrentIdentityAssociation association;
if (identityAssociations.isResolvable()) {
association = identityAssociations.get();
} else {
association = null;
}
deploymentInfo.addThreadSetupAction(new ThreadSetupHandler() {
@Override
public <T, C> ThreadSetupHandler.Action<T, C> create(Action<T, C> action) {
return new Action<T, C>() {
@Override
public T call(HttpServerExchange exchange, C context) throws Exception {
// Not sure what to do here
ManagedContext requestContext = beanContainer.requestContext();
if (requestContext.isActive()) {
return action.call(exchange, context);
} else if (exchange == null) {
requestContext.activate();
try {
return action.call(exchange, context);
} finally {
requestContext.terminate();
}
} else {
InjectableContext.ContextState existingRequestContext = exchange.getAttachment(REQUEST_CONTEXT);
try {
requestContext.activate(existingRequestContext);
VertxHttpExchange delegate = (VertxHttpExchange) exchange.getDelegate();
RoutingContext rc = (RoutingContext) delegate.getContext();
currentVertxRequest.setCurrent(rc);
if (association != null) {
QuarkusHttpUser existing = (QuarkusHttpUser) rc.user();
if (existing != null) {
SecurityIdentity identity = existing.getSecurityIdentity();
association.setIdentity(identity);
} else {
association.setIdentity(QuarkusHttpUser.getSecurityIdentity(rc, null));
}
}
return action.call(exchange, context);
} finally {
ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpServletRequestImpl req = src.getOriginalRequest();
if (req.isAsyncStarted()) {
exchange.putAttachment(REQUEST_CONTEXT, requestContext.getState());
requestContext.deactivate();
if (existingRequestContext == null) {
req.getAsyncContextInternal().addListener(new AsyncListener() {
@Override
public void onComplete(AsyncEvent event) throws IOException {
requestContext.activate(exchange.getAttachment(REQUEST_CONTEXT));
requestContext.terminate();
}
@Override
public void onTimeout(AsyncEvent event) throws IOException {
onComplete(event);
}
@Override
public void onError(AsyncEvent event) throws IOException {
onComplete(event);
}
@Override
public void onStartAsync(AsyncEvent event) throws IOException {
}
});
}
} else {
requestContext.terminate();
}
}
}
}
};
}
});
}
use of io.quarkus.security.identity.CurrentIdentityAssociation in project quarkus by quarkusio.
the class ResteasyReactiveRecorder method createDeployment.
public RuntimeValue<Deployment> createDeployment(DeploymentInfo info, BeanContainer beanContainer, ShutdownContext shutdownContext, HttpBuildTimeConfig vertxConfig, RequestContextFactory contextFactory, BeanFactory<ResteasyReactiveInitialiser> initClassFactory, LaunchMode launchMode, boolean resumeOn404) {
if (resumeOn404) {
info.setResumeOn404(true);
}
CurrentRequestManager.setCurrentRequestInstance(new QuarkusCurrentRequest(beanContainer.instance(CurrentVertxRequest.class)));
BlockingOperationSupport.setIoThreadDetector(new BlockingOperationSupport.IOThreadDetector() {
@Override
public boolean isBlockingAllowed() {
return BlockingOperationControl.isBlockingAllowed();
}
});
Consumer<Closeable> closeTaskHandler = new Consumer<Closeable>() {
@Override
public void accept(Closeable closeable) {
shutdownContext.addShutdownTask(new ShutdownContext.CloseRunnable(closeable));
}
};
CurrentIdentityAssociation currentIdentityAssociation = Arc.container().instance(CurrentIdentityAssociation.class).get();
ClassLoader tccl = Thread.currentThread().getContextClassLoader();
if (contextFactory == null) {
contextFactory = new RequestContextFactory() {
@Override
public ResteasyReactiveRequestContext createContext(Deployment deployment, ProvidersImpl providers, Object context, ThreadSetupAction requestContext, ServerRestHandler[] handlerChain, ServerRestHandler[] abortHandlerChain) {
return new QuarkusResteasyReactiveRequestContext(deployment, providers, (RoutingContext) context, requestContext, handlerChain, abortHandlerChain, launchMode == LaunchMode.DEVELOPMENT ? tccl : null, currentIdentityAssociation);
}
};
}
RuntimeDeploymentManager runtimeDeploymentManager = new RuntimeDeploymentManager(info, EXECUTOR_SUPPLIER, closeTaskHandler, contextFactory, new ArcThreadSetupAction(beanContainer.requestContext()), vertxConfig.rootPath);
Deployment deployment = runtimeDeploymentManager.deploy();
initClassFactory.createInstance().getInstance().init(deployment);
currentDeployment = deployment;
if (LaunchMode.current() == LaunchMode.DEVELOPMENT) {
classMappers = deployment.getClassMappers();
RuntimeResourceVisitor.visitRuntimeResources(classMappers, ScoreSystem.ScoreVisitor);
}
return new RuntimeValue<>(deployment);
}
use of io.quarkus.security.identity.CurrentIdentityAssociation in project quarkus by quarkusio.
the class WebsocketCoreRecorder method createServerContainer.
public RuntimeValue<ServerWebSocketContainer> createServerContainer(BeanContainer beanContainer, RuntimeValue<WebSocketDeploymentInfo> infoVal, ServerWebSocketContainerFactory serverContainerFactory) throws DeploymentException {
WebSocketDeploymentInfo info = infoVal.getValue();
ClassLoader cl = Thread.currentThread().getContextClassLoader();
ManagedContext requestContext = Arc.container().requestContext();
if (serverContainerFactory == null) {
serverContainerFactory = ServerWebSocketContainer::new;
}
Instance<CurrentIdentityAssociation> currentIdentityAssociation = Arc.container().select(CurrentIdentityAssociation.class);
ServerWebSocketContainer container = serverContainerFactory.create(new ObjectIntrospecter() {
@Override
public <T> ObjectFactory<T> createInstanceFactory(Class<T> clazz) {
BeanContainer.Factory<T> factory = beanContainer.instanceFactory(clazz);
return new ObjectFactory<T>() {
@Override
public ObjectHandle<T> createInstance() {
BeanContainer.Instance<T> instance = factory.create();
return new ObjectHandle<T>() {
@Override
public T getInstance() {
return instance.get();
}
@Override
public void release() {
instance.close();
}
};
}
};
}
}, Thread.currentThread().getContextClassLoader(), new Supplier<EventLoopGroup>() {
@Override
public EventLoopGroup get() {
return ((VertxInternal) VertxCoreRecorder.getVertx().get()).getEventLoopGroup();
}
}, Collections.singletonList(new ContextSetupHandler() {
@Override
public <T, C> Action<T, C> create(Action<T, C> action) {
return new Action<T, C>() {
CurrentIdentityAssociation getCurrentIdentityAssociation() {
if (currentIdentityAssociation.isResolvable()) {
return currentIdentityAssociation.get();
}
return null;
}
@Override
public T call(C context, UndertowSession session) throws Exception {
ClassLoader old = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(cl);
boolean required = !requestContext.isActive();
if (required) {
requestContext.activate();
Principal p = session.getUserPrincipal();
if (p instanceof WebSocketPrincipal) {
var current = getCurrentIdentityAssociation();
if (current != null) {
current.setIdentity(((WebSocketPrincipal) p).getSecurityIdentity());
}
}
}
try {
return action.call(context, session);
} finally {
try {
if (required) {
requestContext.terminate();
}
} finally {
Thread.currentThread().setContextClassLoader(old);
}
}
}
};
}
}), info.isDispatchToWorkerThread(), null, null, info.getExecutor(), Collections.emptyList(), info.getMaxFrameSize(), new Supplier<Principal>() {
@Override
public Principal get() {
if (currentIdentityAssociation.isResolvable()) {
return new WebSocketPrincipal(currentIdentityAssociation.get().getIdentity());
}
return null;
}
});
for (Class<?> i : info.getAnnotatedEndpoints()) {
container.addEndpoint(i);
}
for (ServerEndpointConfig i : info.getProgramaticEndpoints()) {
container.addEndpoint(i);
}
UndertowContainerProvider.setDefaultContainer(container);
return new RuntimeValue<>(container);
}
use of io.quarkus.security.identity.CurrentIdentityAssociation in project quarkus by quarkusio.
the class UndertowDeploymentRecorder method createDeployment.
public RuntimeValue<DeploymentInfo> createDeployment(String name, Set<String> knownFile, Set<String> knownDirectories, LaunchMode launchMode, ShutdownContext context, String mountPoint, String defaultCharset, String requestCharacterEncoding, String responseCharacterEncoding, boolean proactiveAuth, List<String> welcomeFiles) {
DeploymentInfo d = new DeploymentInfo();
d.setDefaultRequestEncoding(requestCharacterEncoding);
d.setDefaultResponseEncoding(responseCharacterEncoding);
d.setDefaultEncoding(defaultCharset);
d.setSessionIdGenerator(new QuarkusSessionIdGenerator());
d.setClassLoader(getClass().getClassLoader());
d.setDeploymentName(name);
d.setContextPath(mountPoint);
d.setEagerFilterInit(true);
ClassLoader cl = Thread.currentThread().getContextClassLoader();
if (cl == null) {
cl = new ClassLoader() {
};
}
d.setClassLoader(cl);
// TODO: we need better handling of static resources
ResourceManager resourceManager;
if (hotDeploymentResourcePaths == null) {
resourceManager = new KnownPathResourceManager(knownFile, knownDirectories, new ClassPathResourceManager(d.getClassLoader(), "META-INF/resources"));
} else {
List<ResourceManager> managers = new ArrayList<>();
for (Path i : hotDeploymentResourcePaths) {
managers.add(new PathResourceManager(i));
}
managers.add(new ClassPathResourceManager(d.getClassLoader(), "META-INF/resources"));
resourceManager = new DelegatingResourceManager(managers.toArray(new ResourceManager[0]));
}
if (launchMode == LaunchMode.NORMAL) {
// todo: cache configuration
resourceManager = new CachingResourceManager(1000, 0, null, resourceManager, 2000);
}
d.setResourceManager(resourceManager);
if (welcomeFiles != null) {
// if available, use welcome-files from web.xml
d.addWelcomePages(welcomeFiles);
} else {
d.addWelcomePages("index.html", "index.htm");
}
d.addServlet(new ServletInfo(ServletPathMatches.DEFAULT_SERVLET_NAME, DefaultServlet.class).setAsyncSupported(true));
for (HandlerWrapper i : hotDeploymentWrappers) {
d.addOuterHandlerChainWrapper(i);
}
d.addAuthenticationMechanism("QUARKUS", new ImmediateAuthenticationMechanismFactory(QuarkusAuthMechanism.INSTANCE));
d.setLoginConfig(new LoginConfig("QUARKUS", "QUARKUS"));
context.addShutdownTask(new ShutdownContext.CloseRunnable(d.getResourceManager()));
d.addNotificationReceiver(new NotificationReceiver() {
@Override
public void handleNotification(SecurityNotification notification) {
if (notification.getEventType() == SecurityNotification.EventType.AUTHENTICATED) {
QuarkusUndertowAccount account = (QuarkusUndertowAccount) notification.getAccount();
Instance<CurrentIdentityAssociation> instance = CDI.current().select(CurrentIdentityAssociation.class);
if (instance.isResolvable())
instance.get().setIdentity(account.getSecurityIdentity());
}
}
});
if (proactiveAuth) {
d.setAuthenticationMode(AuthenticationMode.PRO_ACTIVE);
} else {
d.setAuthenticationMode(AuthenticationMode.CONSTRAINT_DRIVEN);
}
return new RuntimeValue<>(d);
}
Aggregations