Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Batch PR of 0.27.0 updates #4999

Merged
merged 8 commits into from Oct 29, 2019
Merged

Batch PR of 0.27.0 updates #4999

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
9d76827
Fixes #4520
kenfinnigan Oct 15, 2019
9d479e5
Simplify blocking operation in identity providers
stuartwdouglas Oct 29, 2019
b872fae
Refactor the way HTTP permissions are applied
stuartwdouglas Oct 29, 2019
7868d6c
Implement web.xml based permissions
stuartwdouglas Oct 29, 2019
282bdf1
Make RESTEasy standalone use correct TCCL in dev mode
stuartwdouglas Oct 29, 2019
5579219
MP OpenAPI TCK - remove exclusion for AirlinesAppTest
mkouba Oct 25, 2019
bfe5e77
Arquillian TestNG - disable injection for non-arquillian dataProvider
mkouba Oct 25, 2019
055786b
MP OpenAPI TCK - remove exclusion for OASFactoryErrorTest
mkouba Oct 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions bom/runtime/pom.xml
View file
Open in desktop
Expand Up @@ -24,13 +24,13 @@
<opentracing-concurrent.version>0.2.0</opentracing-concurrent.version>
<opentracing-jdbc.version>0.0.12</opentracing-jdbc.version>
<jaeger.version>0.34.0</jaeger.version>
<quarkus-http.version>3.0.0.Beta2</quarkus-http.version>
<quarkus-http.version>3.0.0.Beta3</quarkus-http.version>
<jboss-servlet-api_4.0_spec.version>1.0.0.Final</jboss-servlet-api_4.0_spec.version>
<microprofile-config-api.version>1.3</microprofile-config-api.version>
<microprofile-context-propagation.version>1.0.1</microprofile-context-propagation.version>
<microprofile-opentracing-api.version>1.3.1</microprofile-opentracing-api.version>
<microprofile-reactive-streams-operators.version>1.0</microprofile-reactive-streams-operators.version>
<microprofile-rest-client.version>1.3.3</microprofile-rest-client.version>
<microprofile-rest-client.version>1.3.4</microprofile-rest-client.version>
<smallrye-config.version>1.3.9</smallrye-config.version>
<smallrye-health.version>2.1.0</smallrye-health.version>
<smallrye-metrics.version>2.2.0</smallrye-metrics.version>
Expand Down
2 changes: 1 addition & 1 deletion build-parent/pom.xml
View file
Open in desktop
Expand Up @@ -61,7 +61,7 @@
<microprofile-metrics-api.version>2.1.0</microprofile-metrics-api.version>
<microprofile-fault-tolerance-api.version>2.0.2</microprofile-fault-tolerance-api.version>
<microprofile-reactive-messaging-api.version>1.0</microprofile-reactive-messaging-api.version>
<microprofile-rest-client-api.version>1.2.1</microprofile-rest-client-api.version>
<microprofile-rest-client-api.version>1.3.4</microprofile-rest-client-api.version>
<microprofile-open-api.version>1.1.2</microprofile-open-api.version>
<microprofile-opentracing-api.version>1.3.1</microprofile-opentracing-api.version>
<microprofile-context-propagation.version>1.0.1</microprofile-context-propagation.version>
Expand Down
35 changes: 18 additions & 17 deletions ...ation/runtime/src/main/java/io/quarkus/keycloak/pep/KeycloakPolicyEnforcerAuthorizer.java
View file
Open in desktop
Expand Up @@ -6,6 +6,7 @@
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.stream.Collectors;

Expand All @@ -18,45 +19,45 @@
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;

import io.quarkus.arc.AlternativePriority;
import io.quarkus.oidc.runtime.OidcConfig;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.vertx.http.runtime.security.HttpAuthorizer;
import io.quarkus.vertx.http.runtime.security.QuarkusHttpUser;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.vertx.ext.web.RoutingContext;

@Singleton
@AlternativePriority(1)
public class KeycloakPolicyEnforcerAuthorizer extends HttpAuthorizer {
public class KeycloakPolicyEnforcerAuthorizer
implements HttpSecurityPolicy, BiFunction<RoutingContext, SecurityIdentity, HttpSecurityPolicy.CheckResult> {

private KeycloakAdapterPolicyEnforcer delegate;

@Override
public CompletionStage<SecurityIdentity> checkPermission(RoutingContext routingContext) {
public CompletionStage<CheckResult> checkPermission(RoutingContext request, SecurityIdentity identity,
AuthorizationRequestContext requestContext) {
return requestContext.runBlocking(request, identity, this);
}

@Override
public CheckResult apply(RoutingContext routingContext, SecurityIdentity identity) {

VertxHttpFacade httpFacade = new VertxHttpFacade(routingContext);
AuthorizationContext result = delegate.authorize(httpFacade);

if (result.isGranted()) {
QuarkusHttpUser user = (QuarkusHttpUser) routingContext.user();

if (user == null) {
return attemptAnonymousAuthentication(routingContext);
}

return enhanceSecurityIdentity(user.getSecurityIdentity(), result);
SecurityIdentity newIdentity = enhanceSecurityIdentity(identity, result);
return new CheckResult(true, newIdentity);
}

return CompletableFuture.completedFuture(null);
return CheckResult.DENY;
}

private CompletableFuture<SecurityIdentity> enhanceSecurityIdentity(SecurityIdentity current,
private SecurityIdentity enhanceSecurityIdentity(SecurityIdentity current,
AuthorizationContext context) {
Map<String, Object> attributes = new HashMap<>(current.getAttributes());

attributes.put("permissions", context.getPermissions());

return CompletableFuture.completedFuture(new QuarkusSecurityIdentity.Builder()
return new QuarkusSecurityIdentity.Builder()
.addAttributes(attributes)
.setPrincipal(current.getPrincipal())
.addRoles(current.getRoles())
Expand All @@ -82,7 +83,7 @@ public CompletionStage<Boolean> apply(Permission permission) {

return CompletableFuture.completedFuture(false);
}
}).build());
}).build();
}

public void init(OidcConfig oidcConfig, KeycloakPolicyEnforcerConfig config) {
Expand Down
92 changes: 58 additions & 34 deletions ...client/deployment/src/main/java/io/quarkus/restclient/deployment/RestClientProcessor.java
View file
Open in desktop
Expand Up @@ -138,33 +138,9 @@ void processInterfaces(CombinedIndexBuildItem combinedIndexBuildItem,
Set<Type> returnTypes = new HashSet<>();

IndexView index = combinedIndexBuildItem.getIndex();
for (AnnotationInstance annotation : index.getAnnotations(PATH)) {
AnnotationTarget target = annotation.target();
ClassInfo theInfo;
if (target.kind() == AnnotationTarget.Kind.CLASS) {
theInfo = target.asClass();
} else if (target.kind() == AnnotationTarget.Kind.METHOD) {
theInfo = target.asMethod().declaringClass();
} else {
continue;
}

if (!isRestClientInterface(index, theInfo)) {
continue;
}

interfaces.put(theInfo.name(), theInfo);

// Find Return types
for (MethodInfo method : theInfo.methods()) {
Type type = method.returnType();
if (!type.name().toString().contains("java.lang")) {
if (!returnTypes.contains(type)) {
returnTypes.add(type);
}
}
}
}
findInterfaces(index, interfaces, returnTypes, REGISTER_REST_CLIENT);
findInterfaces(index, interfaces, returnTypes, PATH);

if (interfaces.isEmpty()) {
return;
Expand Down Expand Up @@ -207,16 +183,17 @@ public void register(RegistrationContext registrationContext) {
// The spec is not clear whether we should add superinterfaces too - let's keep aligned with SmallRye for now
configurator.addType(restClientName);
configurator.addQualifier(REST_CLIENT);
final ScopeInfo scope = computeDefaultScope(config, entry);
final String configPrefix = computeConfigPrefix(restClientName.toString(), entry.getValue());
final ScopeInfo scope = computeDefaultScope(config, entry, configPrefix);
configurator.scope(scope);
configurator.creator(m -> {
// return new RestClientBase(proxyType, baseUri).create();
ResultHandle interfaceHandle = m.loadClass(restClientName.toString());
ResultHandle baseUriHandle = m.load(getAnnotationParameter(entry.getValue(), "baseUri"));
ResultHandle configKeyHandle = m.load(getAnnotationParameter(entry.getValue(), "configKey"));
ResultHandle configPrefixHandle = m.load(configPrefix);
ResultHandle baseHandle = m.newInstance(
MethodDescriptor.ofConstructor(RestClientBase.class, Class.class, String.class, String.class),
interfaceHandle, baseUriHandle, configKeyHandle);
interfaceHandle, baseUriHandle, configPrefixHandle);
ResultHandle ret = m.invokeVirtualMethod(
MethodDescriptor.ofMethod(RestClientBase.class, "create", Object.class), baseHandle);
m.returnValue(ret);
Expand All @@ -232,13 +209,60 @@ public void register(RegistrationContext registrationContext) {
restClientRecorder.setSslEnabled(sslNativeConfig.isEnabled());
}

private ScopeInfo computeDefaultScope(Config config, Map.Entry<DotName, ClassInfo> entry) {
DotName restClientName = entry.getKey();
private void findInterfaces(IndexView index, Map<DotName, ClassInfo> interfaces, Set<Type> returnTypes,
DotName annotationToFind) {
for (AnnotationInstance annotation : index.getAnnotations(annotationToFind)) {
AnnotationTarget target = annotation.target();
ClassInfo theInfo;
if (target.kind() == AnnotationTarget.Kind.CLASS) {
theInfo = target.asClass();
} else if (target.kind() == AnnotationTarget.Kind.METHOD) {
theInfo = target.asMethod().declaringClass();
} else {
continue;
}

if (!isRestClientInterface(index, theInfo)) {
continue;
}

interfaces.put(theInfo.name(), theInfo);

// Find Return types
processInterfaceReturnTypes(theInfo, returnTypes);
for (Type interfaceType : theInfo.interfaceTypes()) {
ClassInfo interfaceClassInfo = index.getClassByName(interfaceType.name());
if (interfaceClassInfo != null) {
processInterfaceReturnTypes(interfaceClassInfo, returnTypes);
}
}
}
}

private void processInterfaceReturnTypes(ClassInfo classInfo, Set<Type> returnTypes) {
for (MethodInfo method : classInfo.methods()) {
Type type = method.returnType();
if (!type.name().toString().startsWith("java.lang")) {
returnTypes.add(type);
}
}
}

private String computeConfigPrefix(String interfaceName, ClassInfo classInfo) {
String propertyPrefixFromAnnotation = getAnnotationParameter(classInfo, "configKey");

if (propertyPrefixFromAnnotation != null && !propertyPrefixFromAnnotation.isEmpty()) {
return propertyPrefixFromAnnotation;
}

return interfaceName;
}

private ScopeInfo computeDefaultScope(Config config, Map.Entry<DotName, ClassInfo> entry, String configPrefix) {
// Initialize a default @Dependent scope as per the spec
ScopeInfo scopeInfo = BuiltinScope.DEPENDENT.getInfo();
final String REST_SCOPE_FORMAT = "%s/" + RestClientBase.MP_REST + "/scope";
final Optional<String> scopeConfig = config
.getOptionalValue(String.format(REST_SCOPE_FORMAT, restClientName.toString()), String.class);
.getOptionalValue(String.format(RestClientBase.REST_SCOPE_FORMAT, configPrefix), String.class);
if (scopeConfig.isPresent()) {
final DotName scope = DotName.createSimple(scopeConfig.get());
final BuiltinScope builtinScope = BuiltinScope.from(scope);
Expand All @@ -247,7 +271,7 @@ private ScopeInfo computeDefaultScope(Config config, Map.Entry<DotName, ClassInf
} else {
log.warn(String.format(
"Unsupported default scope %s provided for rest client %s. Defaulting to @Dependent.",
scope, restClientName));
scope, entry.getKey()));
}
} else {
final Set<DotName> annotations = entry.getValue().annotations().keySet();
Expand Down