Comments (9)
Judging from the changelog of 3.7.2, this might be a consequence of #38605
Looking at the pull request's description, my use-case was never legal and should have never worked to begin with. Would you agree @mkouba ?
@Felk That's correct. It only "worked" by coincidence.
from quarkus.
Also CC @manovotn @michalvavrik
from quarkus.
Here's a reproducer project:
inject-securityidentity-regression.zip
It's basically just https://code.quarkus.io/?a=inject-securityidentity-regression&j=21&e=oidc&e=scheduler with the above code added.
from quarkus.
/cc @sberyozkin (security)
from quarkus.
Judging from the changelog of 3.7.2, this might be a consequence of #38605
Looking at the pull request's description, my use-case was never legal and should have never worked to begin with. Would you agree @mkouba ?
My solution would then be to catch ContextNotActiveException
and treat that as an anonymous user.
from quarkus.
Hey, I'll let answer Martins on CDI request being active, but I have a comment on the use case if you don't mind.
I checked your reproducer and the identity is always going to be anonymous (even with active CDI request context), won't it? If so, I'm not sure why to bother, just use QuarkusSecurityIdentity.builder().setAnonymous(true).build()
. I appreciate your real use case might be much more complex, but I can't imagine where the identity is coming from unless you set it yourself in the SecurityIdentityAssociation
, in which case you need to do it inside same CDI request context in which you set it. Doesn't it basically means you need to do it inside scope of the same method where you request the identity (if you also want to be able to deactivate the context)?
I ask because if your real use case has non-anonymous identity that is accessible without the ContextNotActiveException
, it should mean you had activated CDI request context in that scenario. So you can just activate it here as well.
from quarkus.
My real-world usecase is that I have a @PreUpdate listener on JPA entities that sets a "updated_by"-kind of field on every update. That listener exists in all situations, including background workers, but also in the context of actual HTTP requests that do have a security context automatically. I didn't model any of that in the reproducer, so sorry if the reproducer looks a bit silly.
from quarkus.
My real-world usecase is that I have a @PreUpdate listener on JPA entities that sets a "updated_by"-kind of field on every update. That listener exists in all situations, including background workers, but also in the context of actual HTTP requests that do have a security context automatically.
Cool, that's legit scenario.
I didn't model any of that in the reproducer, so sorry if the reproducer looks a bit silly.
I just tried to understand, this is okay. Thank you
from quarkus.
Alright, thanks for confirming! I'll close this issue
from quarkus.
Related Issues (20)
- OidcProvider throws NPE when certificate chain is configured with OIDC server which has no JWK keys at the startup HOT 1
- Build Card Page for Dev UI results in NPE in ArtifactInfoUtil HOT 10
- ARJUNA012095: Abort of action id <ID> invoked while multiple threads active within it. HOT 2
- allow fetching of lazy relations outside of its original transaction HOT 12
- Customize Vert.x builder to update the Vert.x Cluster manager configuration HOT 1
- `ImageMetricsITCase.verifyImageMetrics` failures in `main` HOT 15
- quarkus-quartz: CDIAwareJob destroys instance of Quartz Job too early when Job is a @Dependent bean HOT 4
- try it out in swagger configuration option HOT 5
- Agroal Data Source Health check failing for reactive data source HOT 5
- Offer a way to block inside custom `SecurityContext.isUserInRole` with resteasy-reactive HOT 15
- Hibernate Reactive can't persist a many-to-many relation when one of the entities is a child (with the "joined" inheritance type) and the batch size is greater than 1 HOT 10
- Postgresql bump causing detection of instance Random/SplittableRandom HOT 11
- jpamodelgen fails with range out of bounds HOT 9
- Properly pass errors from JsonRPC backends to Dev UI HOT 2
- Unable to build a container with Jib when podman is running HOT 7
- Exception thrown when stopping devmode and with dev services running with Podman HOT 1
- Quarkus opentelemetry extension WARNING when exporting to dynatrace HOT 11
- GRPC server doesn't respond when running on the same server as HTTP and using TLS HOT 6
- Add @PermissionsAllowed to Panache Resources HOT 9
- Native: Introduce flag to favor build time improvements at the cost of using more resources and vice versa HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quarkus.