Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reactive Routes - failure handler can't intercept exception thrown for invalid JWT #28488

Closed
michalvavrik opened this issue Oct 10, 2022 · 1 comment · Fixed by #28967
Closed

Reactive Routes - failure handler can't intercept exception thrown for invalid JWT #28488

michalvavrik opened this issue Oct 10, 2022 · 1 comment · Fixed by #28967
Labels
area/security area/smallrye kind/bug Something isn't working
Milestone
2.14.3.Final

Comments

@michalvavrik
Copy link
Contributor

Describe the bug

When application with reactive-routes and smallrye-jwt receives invalid token, there is no way to customize response. The issue is valid when proactive security is disabled or enabled.

Expected behavior

My failure handler dealing with AuthenticationFailedException is invoked when JWT token is invalid.

Actual behavior

Exception is caught (event is not failed), default authentication handler is invoked directly, the handler sends a challenge and ends event (iff some auth mechanism didn't end it itself).

How to Reproduce?

Reproducer:

Steps to reproduce the behavior:

  1. git clone https://github.com/michalvavrik/quarkus-reproducer.git
  2. git checkout reactive-routes
  3. mvn quarkus:dev
  4. curl -v "http://localhost:8080/hello" -vvv -H "Authorization: Bearer asdgasdg"
  5. response body is empty

Output of uname -a or ver

No response

Output of java -version

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

We discussed multiple solutions here #28391, in PR history can also be found multiple variants of fixes, but it was suggested that it's handled in dedicated issue.
@michalvavrik michalvavrik added the kind/bug Something isn't working label Oct 10, 2022
@quarkus-bot
Copy link

quarkus-bot bot commented Oct 10, 2022

/cc @sberyozkin

This was referenced Oct 10, 2022
Merged
Closed
@michalvavrik michalvavrik mentioned this issue Oct 31, 2022
Merged
@quarkus-bot quarkus-bot bot added this to the 2.15 - main milestone Nov 1, 2022
@gsmet gsmet modified the milestones: 2.15.0.CR1, 2.14.3.Final Dec 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security area/smallrye kind/bug Something isn't working
Projects
None yet
Milestone
2.14.3.Final
Development

Successfully merging a pull request may close this issue.

Use failure handlers for security exceptions before JAX-RS chain starts michalvavrik/quarkus
2 participants
@gsmet @michalvavrik