New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RR - use exception mappers on auth failure exceptions for proactive auth #29590
RR - use exception mappers on auth failure exceptions for proactive auth #29590
Conversation
@michalvavrik Sorry for the delay. |
@sberyozkin sure, I'll think about it and may add tests next week. I removed the docs section as it says with |
Maybe there is another way, let me think about it, I'm currently on sick leave. |
@michalvavrik Sorry, take care, no rush at all, lets talk in a few days (I'd consider keeping the doc section but adjusting the advice only when/how to use it - ex, if both basic and code flow are enabled, etc) |
@michalvavrik Hey, so the only question on my part here, is the fault route path still working with this PR (can you link to the test please), and if yes, then my only change request is to keep the info about using fault routes in the docs (with some minor updates - it won't longer be the only option) |
Simply priority adjustment will make failure handlers working again and then I will return docs section & add all relevant tests. I'll do that. |
3ff5df2
to
8721761
Compare
I've added an example and caution note to docs regarding auth mechanism challenge. Together existing test coverage and added tests covers both exception mappers and failure handlers in RESTEasy Reactive and Classic. |
This comment has been minimized.
This comment has been minimized.
docs/src/main/asciidoc/security-built-in-authentication-support-concept.adoc
Outdated
Show resolved
Hide resolved
docs/src/main/asciidoc/security-built-in-authentication-support-concept.adoc
Outdated
Show resolved
Hide resolved
docs/src/main/asciidoc/security-built-in-authentication-support-concept.adoc
Outdated
Show resolved
Hide resolved
docs/src/main/asciidoc/security-built-in-authentication-support-concept.adoc
Outdated
Show resolved
Hide resolved
docs/src/main/asciidoc/security-built-in-authentication-support-concept.adoc
Outdated
Show resolved
Hide resolved
@michalvavrik Great work, thanks, left a few minor doc suggestions only |
8721761
to
8ed165f
Compare
Docs looks better with your comments, thank you. |
Failing Jobs - Building 8ed165f
Full information is available in the Build summary check run. Failures⚙️ Gradle Tests - JDK 11 Windows #- Failing: integration-tests/gradle
📦 integration-tests/gradle✖
|
fixes: #29896
This is proposal to enable RESTEasy Reactive exception mappers to handle
AuthenticationCompletionException
,AuthenticationFailedException
,AuthenticationRedirectException
,ForbiddenException
whenquarkus.http.auth.proactive=true
. I suggest we weight the arguments and decide whether the change is needed in some form or the PR should be closed.Pros:
quarkus.http.auth.proactive=false
proactive=true
), currently it's only customizable via failure handlersCons:
proactive=false
(once Sergey suggested it)AuthenticationFailedException
thrown by OIDC is unlikely to send challenge