Unexpected behaviour when HTTP Authorization configured using application.properties

[mvmandapati]

Describe the bug

Hi,

Please help me to understand if this is expected behaviour or a bug.

When I configure quarkus.http.auth.permission.* and quarkus.http.auth.proactive=false in a reactive-routes application, Quarkus is not resolving resource methods returning non mutiny types.

e.g.

with below config

quarkus.http.auth.proactive=false
# PermitAll policy for metrics endpoint. Same as @PermitAll annotation
quarkus.http.auth.permission.permit.paths=/q/*
quarkus.http.auth.permission.permit.policy=permit
# Authenticated policy for groups and logout endpoints. Same as @Authenticated or @RolesAllowed("**") annotation
quarkus.http.auth.permission.loggedin.paths=/api/*
quarkus.http.auth.permission.loggedin.policy=authenticated

following resources are not resolved and clients will eventually timeout.

@Route(path = "greetings/:name", methods = Route.HttpMethod.GET)
@RolesAllowed("greet")
public Greeting greetings(@Param("name") String name) {
    return new Greeting(String.format("Hello %s!", name));
}

@Route(path = "greetings/rc/:name", methods = Route.HttpMethod.GET)
@RolesAllowed("greet")
public void greetingsRoutingExchange(@Param("name") String name, RoutingExchange rc) {
    rc.ok(Json.encode(new Greeting(String.format("Hello %s!", name))));
}

where as below resource works fine.

@Route(path = "greetings/uni/:name", methods = Route.HttpMethod.GET)
@RolesAllowed("greet")
public Uni<Greeting> greetingsUni(@Param("name") String name) {
    return Uni.createFrom().item(new Greeting(String.format("Hello %s!", name)));
}

Issue is only reproduced if proactive auth is disabled, http auth permissions are configured and @RolesAllowed is used for fine grain roles authorization.

Below combinations doesn't reproduce the problem and works fine for all types of resources.

1. proactive auth is true, http auth permissions are configured and @RolesAllowed is used
2. proactive auth is false, http auth permissions are configured but @RolesAllowed is not used
3. http auth permissions are not configured and @RolesAllowed is used.

Issue is only observed in Quarkus 2.11.0 and above. Works fine in 2.10.x

Expected behavior

Resources with non mutiny types should return a successful response

Actual behavior

Resources with non mutiny types are not resolved and requests timesout

How to Reproduce?

Reproducer: https://github.com/mvmandapati/reactive-routes

Run mvn clean verify to see the test failures.

Output of uname -a or ver

Windows 10 / Linux

Output of java -version

OpenJDK Runtime Environment Temurin-17.0.4.1+1 (build 17.0.4.1+1) OpenJDK 64-Bit Server VM Temurin-17.0.4.1+1 (build 17.0.4.1+1, mixed mode, sharing)

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.11.x or above

Build tool (ie. output of mvnw --version or gradlew --version)

Maven 3

Additional information

No response

[michalvavrik]

I'll have a look.

[sberyozkin]

Thanks @michalvavrik

[michalvavrik]

@mvmandapati to answer your question: definitely a bug, I'm sorry for this, thank you for reporting it.