Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@Valid on object parameter implementing Principal without @Auth #1197

Closed
derrikcurran opened this issue Jul 29, 2015 · 4 comments
Closed

@Valid on object parameter implementing Principal without @Auth #1197

derrikcurran opened this issue Jul 29, 2015 · 4 comments

Comments

@derrikcurran
Copy link

I'm using Dropwizard 0.9.0-rc3 and I'm running into some trouble with the new auth system.

I have a User model that implements Principal and a POST resource method for signing up new users. The signup method has a validated User parameter but it's not authenticated. When I try access that resource, I get an IllegalStateException with the message: Cannot inject a custom principal into unauthenticated request. Is there an easy way to handle this scenario?

EDIT: I should note that it works just fine if I don't use @Valid.

My signup method looks like this:

@POST
@Path("signup")
@Timed
@UnitOfWork
public Response signup(@Valid final User user, @Context final HttpServletRequest request) throws JOSEException {
    dao.setFilteredByTenantId(false);
    user.setInterceptorBypassed(true);
    user.setRole("Admin");
    final Optional<User> newUser = dao.create(user);
    dao.resetFilters();

    if (newUser.isPresent()) {
        final Token token = AuthUtils.createToken(request.getRemoteHost(), newUser.get().getId());
        return Response.status(Status.CREATED).entity(token).build();
    } else {
        return JSONErrorResponse.build(Status.CONFLICT, "Failed to create new user.");
    }
}
@StanSvec
Copy link
Contributor

For some reason Jersey is trying to use AuthValueFactoryProvider for injecting of the User instance into the method even when no authentication is used. Looks like a bug. Do you use @Auth annotation on another method or on class level for this resource class?

@derrikcurran
Copy link
Author

No @Auth annotations in that class.

@StanSvec
Copy link
Contributor

I've located the bug and will provide fix for this.

StanSvec added a commit to StanSvec/dropwizard that referenced this issue Aug 30, 2015
@StanSvec
Fix for dropwizard#1197 - Principal instance not injected when annotated
23f353a
carlo-rtr added a commit that referenced this issue Sep 2, 2015
@carlo-rtr
Merge pull request #1241 from StanSvec/#1197_Principal_not_injected_w…
d2bbabf 
…hen_annotated

Fix for #1197 - Principal instance not injected when annotated
@nickbabcock
Copy link
Contributor

Closed by #1241

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickbabcock @StanSvec @derrikcurran