From 045fae4b0bc28655f729f50f4d0753e28ecb2bc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Victor=20No=C3=ABl?= <victor.noel@crazydwarves.org>
Date: Sat, 16 Jun 2018 14:53:58 +0200
Subject: [PATCH] Rely on original security context even for profiles

When multiple security filters are used, a pac4j security context
can rely on an already authenticated pac4j security context.
In this case, it must delegate to the original if it doesn't itself
have some profiles stored.
---
 .../main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java b/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
index bceb045..749e935 100644
--- a/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
+++ b/core/src/main/java/org/pac4j/jax/rs/pac4j/JaxRsProfileManager.java
@@ -56,6 +56,8 @@ public Pac4JSecurityContext(SecurityContext original, JaxRsContext context,
         public Optional<Collection<CommonProfile>> getProfiles() {
             if (principal != null) {
                 return Optional.of(Collections.unmodifiableCollection(profiles));
+            } else if (original instanceof Pac4JSecurityContext) {
+                return ((Pac4JSecurityContext) original).getProfiles();
             } else {
                 return Optional.empty();
             }