Comments (11)
The problem with moving the check to an earlier phase is that we would be able to check only the capabilities declared in the metadata. Those produced as build items directly (should be an exception, i think) would only be available for checking during augmentation (until @holly-cummins captures all of them in metadata).
Excellent - another use case for #40306. (That PR only records things annotated with @AddToMetadata
, but this makes me wonder if it should record everything so tools can do analysis without explicit opt-in from the build item owner.)
from quarkus.
This likely has something to do with the big rename.
@aloubyansky any idea why this is happening even though both extensions have <provides>io.quarkus.rest</provides>
as a provided capability?
from quarkus.
/cc @FroMage (resteasy-reactive), @stuartwdouglas (resteasy-reactive)
from quarkus.
Yeah, we got a check failing even before augmentation starts.
Caused by: java.lang.Throwable: This is the location of the conflicting producer (io.quarkus.resteasy.deployment.ResteasyBuiltinsProcessor#setUpDenyAllJaxRs).
at io.quarkus.builder.BuildStepBuilder.build(BuildStepBuilder.java:195)
at io.quarkus.builder.BuildStepBuilder.buildIf(BuildStepBuilder.java:209)
at io.quarkus.deployment.ExtensionLoader.lambda$loadStepsFromClass$80(ExtensionLoader.java:774)
at java.base/java.util.function.Consumer.lambda$andThen$0(Consumer.java:65)
at io.quarkus.deployment.ExtensionLoader.lambda$loadStepsFromClass$81(ExtensionLoader.java:882)
When I added capability checks I had an option to do it before the build of during the build. I did it during the build so dev mode could be launched and recover with user changing the POM (there was a discussion about that).
So to get the "user-friendly" error back I'd need to move the check to an earlier phase.
from quarkus.
🙏🏼
from quarkus.
The problem with moving the check to an earlier phase is that we would be able to check only the capabilities declared in the metadata. Those produced as build items directly (should be an exception, i think) would only be available for checking during augmentation (until @holly-cummins captures all of them in metadata).
from quarkus.
So fixing this issue by moving the capability check before the build will break dev mode in the following way: start an app in dev mode with just quarkus-rest, once booted add quarkus-resteasy. AFAIR, the app will just quit.
OTOH, this now will happen anyway due to another check failing.
from quarkus.
I wouldn't do that.
I think the main issue is that we are somehow sharing some config and behavior between the two implementations without having a common artifact to share and handle them. See both JaxRsSecurityConfig
and the methods consuming this config.
It's a bit similar to what was done for REST Client config where we share some config for both REST Clients.
IMO, the right fix would be to have a shared artifact to handle this config and the production of the build item once, even with two implementations.
Another option would be to make the build item a multi and deal with potential conflicts in the consumer. Given how things are atm, the values would be exactly the same so we could just take the first one of the list and be done with it (and we could check that the values are consistent across the list if we want to be thorough). Not pretty but probably an easier fix.
Now, is it worth the hassle, I don't know but I think we had quite a few issues with users reporting this and that's what led us to have such a nice error message.
Thoughts?
from quarkus.
My 2 cents:
Another option would be to make the build item a multi and deal with potential conflicts in the consumer. Given how things are atm, the values would be exactly the same so we could just take the first one of the list and be done with it (and we could check that the values are consistent across the list if we want to be thorough). Not pretty but probably an easier fix.
Right now, the default check is exactly one, so I think it is not perfect to make this Multi
. It's just implementation detail that right now this check is connected to default JAX-RS security, because SecurityCheck
is independent concept. IMO it is completely legal that a build item is simple but can be produced by multiple extensions that are mutually exclusive.
TL;DR; I don't think it matter. If there is javadoc and validation that warns developer right when he tries to produce another default check. I wrote the paragraph above because I am surprised how much problems this new item caused.
I think the main issue is that we are somehow sharing some config and behavior between the two implementations without having a common artifact to share and handle them. See both JaxRsSecurityConfig and the methods consuming this config.
I think in past I heard either from you or from Sergey that I should be careful with creating a new modules (but I don't remember reason :-) Maybe many more modules would stress build?). Unless you can reuse quarkus-jaxrs-spi-deployment
for this purpose, I think Multi
is appropriate action.
from quarkus.
Right now, the default check is exactly one, so I think it is not perfect to make this Multi. It's just implementation detail that right now this check is connected to default JAX-RS security, because SecurityCheck is independent concept. IMO it is completely legal that a build item is simple but can be produced by multiple extensions that are mutually exclusive.
I perfectly agree that what using a SimpleBuildItem was the way to go. And I wouldn't even complain if we didn't have this issue, which is a bit annoying for the users.
I think in past I heard either from you or from Sergey that I should be careful with creating a new modules (but I don't remember reason :-) Maybe many more modules would stress build?). Unless you can reuse quarkus-jaxrs-spi-deployment for this purpose, I think Multi is appropriate action.
Yeah so I had a look as I completely forgot about this module and I don't think it would be ideal as it will bring the security bits in areas where we don't need them.
Creating another artifact would be the most acceptable answer theoretically but I think in this case, I would advice to make it a MultiBuildItem
, add a comment and then we could handle it two ways:
- consume
Capabilities
to make sure the capability aggregation step is executed first and then also fail if we have more than one item in the Multi - accept multiple values as long as they are identical
I think I would be in favor of the former with a comment explaining why we consume Capabilities
.
If this looks acceptable to everyone, do you want to handle it or should I?
from quarkus.
If this looks acceptable to everyone, do you want to handle it or should I?
I am happy to do it little later this week. Thank you for elaborate comments.
from quarkus.
Related Issues (20)
- WebSocket Next Server-Side Streaming cancelation HOT 1
- LambdaIdentityProvider not called for resteasy handler when running in quarkus:dev mode. HOT 3
- Write an ADR explaining how clients should use the TLS registry HOT 2
- ClassCastException when streaming with MQTT messaging HOT 3
- Qute: include section - make it possible to supply the template id dynamically
- Resteasy client: Setting new output stream to the `ClientWriterInterceptorContextImpl` results in the body not being sent HOT 6
- Implemented healthcheck in quarkus application using smallrye- /myapp/health-ui is not working on demo/Approval environment HOT 2
- Random behavior for QuarkusRestClientBuilder vs Native (Java interface) REST client HOT 7
- Broken error message shown when quarkus application failes to start due to occupied port HOT 1
- Issue while sending InputStream to Server (POST) HOT 1
- Invalid encoding of '?' in query parameter values by Encode.encodeQueryParam HOT 8
- OIDC client set expire time for access token as configuration item HOT 2
- Add new property `quarkus.build.timestamp` HOT 6
- `ContextNotActiveException` in `SecurityIdentityAugmentor` since Quarkus 3.10 HOT 6
- Websocket client fails to connect when using native transport HOT 11
- Docker-build fails to detect podman HOT 26
- Mutiny retry with backoff net resetting counter HOT 2
- ProfileManager is 'almost' removed HOT 2
- Vert.x Http: application/json MIME not compressed by default HOT 1
- Changing Accept Header in PreMatching filter isn't considered by MessageBodyWriter HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quarkus.