Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow applications to customize how roles are decoded from raw identity #3124

Merged
merged 1 commit into from
Jul 10, 2019
Merged

Allow applications to customize how roles are decoded from raw identity #3124

merged 1 commit into from
Jul 10, 2019

Conversation

pedroigor
Copy link
Contributor

@pedroigor pedroigor commented Jul 5, 2019
edited by gsmet
Loading

Fixes #3123

@pedroigor pedroigor changed the title [fixes #3123] - Allow applications to customize how roles are decoded… [fixes #3123] - Allow applications to customize how roles are decoded from raw identity Jul 5, 2019
gsmet
gsmet requested changes Jul 5, 2019
View reviewed changes
Copy link
Member

@gsmet gsmet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a formatting error.

Please run ./mvnw process-sources and amend your commit.

@gsmet
Copy link
Member

gsmet commented Jul 8, 2019

@pedroigor could you run the formatter and amend your commit, please?

Thanks!

gsmet
gsmet requested changes Jul 8, 2019
View reviewed changes
Copy link
Member

@gsmet gsmet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added 2 comments, could you take care of them?

FYI next release is on Wednesday at 12pm.

...n-security/runtime/src/main/java/io/quarkus/elytron/security/runtime/DefaultRoleDecoder.java

@Override
public Roles decodeRoles(AuthorizationIdentity authorizationIdentity) {
RoleDecoder delegate = getDelegate();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we do that in the constructor instead? It doesn't sound like a good idea to do that every time.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, but if we use the constructors we are assuming that app-defined instances are application-scoped and I'm not sure if that is always the case.

Or are you thinking about something else that I may be missing?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm. Right.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you think that we should worry about performance now, maybe we could check whether or not the first produced instance is application-scoped and then cache it?

Or maybe all this logic to use application provided instances into instances created during the build steps could be managed by Quarkus somehow? For instance, one drawback with the approach I'm using is that we may want to allow applications to provide instances for RoleMapper or PermissionMapper. For each of them we would need a similar instance as DefaultRoleDecoder just to use Instance to obtain the delegate.

...n-security/runtime/src/main/java/io/quarkus/elytron/security/runtime/DefaultRoleDecoder.java Outdated
if (delegate == null) {
Attributes.Entry groups = authorizationIdentity.getAttributes().get(DEFAULT_ATTRIBUTE_NAME);
Set<String> roles = new HashSet<>(groups);
return new Roles() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would make it a proper static inner class.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realized that Roles provides a fromSet method that serves to the same purpose. Thanks for catching this.

@pedroigor pedroigor force-pushed the issue-3123 branch 2 times, most recently from e8a1767 to c8bd01f Compare July 8, 2019 13:43
@gsmet
Copy link
Member

gsmet commented Jul 10, 2019

I force pushed a rebase due to conflicts with the recent s/template/recorder/ changes.

Let's wait to see what CI has to say.

@gsmet gsmet added the triage/waiting-for-ci Ready to merge when CI successfully finishes label Jul 10, 2019
@gsmet gsmet added this to the 0.19.0 milestone Jul 10, 2019
@gsmet gsmet changed the title [fixes #3123] - Allow applications to customize how roles are decoded from raw identity Allow applications to customize how roles are decoded from raw identity Jul 10, 2019
@gsmet gsmet merged commit dc7e001 into quarkusio:master Jul 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsmet gsmet gsmet approved these changes

Assignees
No one assigned
Labels
triage/waiting-for-ci Ready to merge when CI successfully finishes
Projects
None yet
Milestone
0.19.0
Development

Successfully merging this pull request may close these issues.

Allow applications to customize how roles are decoded from raw identity
2 participants
@pedroigor @gsmet