Rely on original security context even for profiles

When multiple security filters are used, a pac4j security context can rely on an already authenticated pac4j security context. In this case, it must delegate to the original if it doesn't itself have some profiles stored.
pac4j · Jun 16, 2018 · 045fae4 · 045fae4
1 parent 0d0245a
commit 045fae4
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java b/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
@@ -56,6 +56,8 @@ public Pac4JSecurityContext(SecurityContext original, JaxRsContext context,
         public Optional<Collection<CommonProfile>> getProfiles() {
             if (principal != null) {
                 return Optional.of(Collections.unmodifiableCollection(profiles));
+            } else if (original instanceof Pac4JSecurityContext) {
+                return ((Pac4JSecurityContext) original).getProfiles();
             } else {
                 return Optional.empty();
             }