Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RESTEasy Reactive - provide way to customize response when JWT is invalid and proactive security enabled #28489

Closed
michalvavrik opened this issue Oct 10, 2022 · 1 comment · Fixed by #28967
Closed

RESTEasy Reactive - provide way to customize response when JWT is invalid and proactive security enabled #28489

michalvavrik opened this issue Oct 10, 2022 · 1 comment · Fixed by #28967
Labels
area/resteasy-reactive area/security area/smallrye kind/bug Something isn't working
Milestone
2.14.3.Final

Comments

@michalvavrik
Copy link
Contributor

michalvavrik commented Oct 10, 2022
edited

Describe the bug

When application with resteasy-reactive and smallrye-jwt receives invalid token and proactive security is enabled, there is no way to customize response.

Expected behavior

There is a way to catch AuthenticationFailedException and customize response.

Actual behavior

Exception mapper/failure handler is not called.

How to Reproduce?

Reproducer:

Steps to reproduce the behavior:

  1. git clone https://github.com/michalvavrik/quarkus-reproducer.git
  2. git checkout resteasy-reactive
  3. mvn quarkus:dev
  4. curl -v "http://localhost:8080/hello" -vvv -H "Authorization: Bearer asdgasdg"
  5. response body is empty

Output of uname -a or ver

No response

Output of java -version

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

We discussed multiple solutions here #28391, in PR history can also be found multiple variants of fixes, but it was suggested that it's handled in dedicated issue.

You can consider it duplicate of #5751, but IMHO #28391 showed the issue is sensitive and should be handled in small parts. #26922 differs in proactive=false and there is also issue when ending of response in RR that I'm going to handled.
@michalvavrik michalvavrik added the kind/bug Something isn't working label Oct 10, 2022
@quarkus-bot
Copy link

quarkus-bot bot commented Oct 10, 2022

/cc @FroMage, @geoand, @sberyozkin, @stuartwdouglas

This was referenced Oct 10, 2022
Merged
Closed
@michalvavrik michalvavrik changed the title RESTEasy Reactive - exception mapper not called when JWT is invalid and proactive security enabled RESTEasy Reactive - provide way to customize response when JWT is invalid and proactive security enabled Oct 31, 2022
@michalvavrik michalvavrik mentioned this issue Oct 31, 2022
Merged
@quarkus-bot quarkus-bot bot added this to the 2.15 - main milestone Nov 1, 2022
@gsmet gsmet modified the milestones: 2.15.0.CR1, 2.14.3.Final Dec 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/resteasy-reactive area/security area/smallrye kind/bug Something isn't working
Projects
None yet
Milestone
2.14.3.Final
2 participants
@gsmet @michalvavrik