Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

switches web authentication principal resolver to use reactive context (#6598) #7687

Merged
merged 1 commit into from
Dec 12, 2019
Merged

switches web authentication principal resolver to use reactive context (#6598) #7687

merged 1 commit into from
Dec 12, 2019

Conversation

Dav1dde
Copy link
Contributor

@Dav1dde Dav1dde commented Nov 29, 2019
edited
Loading

Implementation for #6598 as noted by @eleftherias

Replacing exchange.getPrincipal() with ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) in AuthenticationPrincipalArgumentResolver.
Other implementations of AuthenticationPrincipalArgumentResolver are already doing that (messaging).

One thing I noticed was, the logic for AuthenticationPrincipalArgumentResolver exists multiple times (like 2-3 duplicates), maybe it's time to refactor the logic out into an abstract base class.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 29, 2019
@eleftherias eleftherias self-assigned this Dec 2, 2019
@eleftherias eleftherias added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 2, 2019
@eleftherias eleftherias merged commit 64e063d into spring-projects:master Dec 12, 2019
@eleftherias
Copy link
Contributor

Thanks for the PR @Dav1dde! This is now merged into master.

@eleftherias eleftherias mentioned this pull request Dec 12, 2019
Closed
@eleftherias eleftherias added the type: enhancement A general enhancement label Dec 12, 2019
@eleftherias eleftherias added this to the 5.3.0.M1 milestone Dec 12, 2019
@eleftherias eleftherias added the status: duplicate A duplicate of another issue label Dec 17, 2019
robotmrv
robotmrv reviewed Dec 22, 2019
View reviewed changes
.../security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java
.ofType(Authentication.class)
.flatMap( a -> {
return ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Dav1dde @eleftherias
By javadoc SecurityContext::getAuthentication could return null
Mono.map forbids null
should this case be handled, or it is very unlikely to happen

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the implementation of ReactiveSecurityContextHolder this may very well be the case (the API allows it).

This would also need to be fixed in multiple other AuthenticationPrinicipalArgumentResolver implementations, e.g. in messaging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robotmrv robotmrv robotmrv left review comments

Assignees

@eleftherias eleftherias

Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.0.M1
Development

Successfully merging this pull request may close these issues.
4 participants
@Dav1dde @eleftherias @robotmrv @spring-projects-issues