From c8843a7f7fd98e6ef135dd9c93d5580c04ad395e Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Wed, 17 Aug 2022 16:07:34 +0100 Subject: [PATCH] Do not set 'realm=Quarkus' in Basic auth challenge --- .../vertx/http/security/CombinedFormBasicAuthTestCase.java | 3 ++- .../main/java/io/quarkus/vertx/http/runtime/AuthConfig.java | 4 ++-- .../http/runtime/security/BasicAuthenticationMechanism.java | 2 +- .../vertx/http/runtime/security/HttpSecurityRecorder.java | 3 ++- .../quarkus/it/keycloak/BearerTokenAuthorizationTest.java | 6 +++--- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CombinedFormBasicAuthTestCase.java b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CombinedFormBasicAuthTestCase.java index f1ff0f674b64d..ea98c6618566e 100644 --- a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CombinedFormBasicAuthTestCase.java +++ b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CombinedFormBasicAuthTestCase.java @@ -23,6 +23,7 @@ public class CombinedFormBasicAuthTestCase { private static final String APP_PROPS = "" + "quarkus.http.auth.basic=true\n" + + "quarkus.http.auth.realm=TestRealm\n" + "quarkus.http.auth.form.enabled=true\n" + "quarkus.http.auth.form.login-page=login\n" + "quarkus.http.auth.form.error-page=error\n" + @@ -154,7 +155,7 @@ public void testBasicAuthFailure() { .then() .assertThat() .statusCode(401) - .header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\"")); + .header("WWW-Authenticate", equalTo("basic realm=\"TestRealm\"")); } } diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/AuthConfig.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/AuthConfig.java index c2bfb0bb43af9..3e609d66f9825 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/AuthConfig.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/AuthConfig.java @@ -29,8 +29,8 @@ public class AuthConfig { /** * The authentication realm */ - @ConfigItem(defaultValue = "Quarkus") - public String realm; + @ConfigItem + public Optional realm; /** * The HTTP permissions diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/BasicAuthenticationMechanism.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/BasicAuthenticationMechanism.java index 1abbb36a50059..60566daba953d 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/BasicAuthenticationMechanism.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/BasicAuthenticationMechanism.java @@ -95,7 +95,7 @@ public BasicAuthenticationMechanism(final String realmName, final boolean silent public BasicAuthenticationMechanism(final String realmName, final boolean silent, Charset charset, Map userAgentCharsets) { - this.challenge = BASIC_PREFIX + "realm=\"" + realmName + "\""; + this.challenge = realmName == null ? BASIC : BASIC_PREFIX + "realm=\"" + realmName + "\""; this.silent = silent; this.charset = charset; this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap<>(userAgentCharsets)); diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java index 9a17a290d6456..48a55cba4d3de 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java @@ -279,7 +279,8 @@ public Supplier setupBasicAuth(HttpBuildTimeConfig buildTimeConfig) { return new Supplier() { @Override public BasicAuthenticationMechanism get() { - return new BasicAuthenticationMechanism(buildTimeConfig.auth.realm, buildTimeConfig.auth.form.enabled); + return new BasicAuthenticationMechanism(buildTimeConfig.auth.realm.orElse(null), + buildTimeConfig.auth.form.enabled); } }; } diff --git a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java index 993d3b9ac2bd5..7e98044f3688a 100644 --- a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java +++ b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java @@ -75,7 +75,7 @@ public void testBasicAuthWrongPassword() { .when().get("/api/users/me") .then() .statusCode(401) - .header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\"")); + .header("WWW-Authenticate", equalTo("basic")); } @Test @@ -144,7 +144,7 @@ public void testVerificationFailedNoBearerTokenAndBasicCreds() { RestAssured.given() .when().get("/api/users/me").then() .statusCode(401) - .header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\"")); + .header("WWW-Authenticate", equalTo("basic")); } @Test @@ -171,7 +171,7 @@ public void testBearerAuthFailureWhereBasicIsRequired() { .when().get("/basic-only") .then() .statusCode(401) - .header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\"")); + .header("WWW-Authenticate", equalTo("basic")); } @Test