Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to create AuthenticationFailedException with attributes that puts the failure in a better context #60

Merged
merged 1 commit into from
Jan 28, 2025
Merged

Allow to create AuthenticationFailedException with attributes that puts the failure in a better context #60

merged 1 commit into from
Jan 28, 2025

Conversation

michalvavrik
Copy link
Member

@michalvavrik michalvavrik commented Jan 14, 2025
edited
Loading

@michalvavrik michalvavrik force-pushed the feature/add-auth-failure-attrs branch from 87f7919 to 5ba8461 Compare January 14, 2025 20:08
@michalvavrik michalvavrik force-pushed the feature/add-auth-failure-attrs branch from 5ba8461 to bde71a8 Compare January 14, 2025 20:15
@michalvavrik michalvavrik force-pushed the feature/add-auth-failure-attrs branch from bde71a8 to 2486f2b Compare January 14, 2025 22:33
@sberyozkin
Copy link
Member

May be it is worth to have a package private AbstractAuthenticationException extends SecurityException implements AuthenticationException that all quarkus-security exceptions will extend ? Though we can do it later for sure, please don't spend time on it for now

@michalvavrik
Copy link
Member Author

May be it is worth to have a package private AbstractAuthenticationException extends SecurityException implements AuthenticationException that all quarkus-security exceptions will extend ? Though we can do it later for sure, please don't spend time on it for now

I thought about it, it is not about time, I am in no hurry. It's more about - does it make sense to have such attributes for other exceptions? If you have examples in mind, then I can do it. In general, I think we should only add there what is necessary and hard to access from elsewhere. If you can use a SecurityEvent and get routingcontext from there and the failure message, what else do you need?

@sberyozkin sberyozkin self-requested a review January 14, 2025 22:44
@sberyozkin sberyozkin requested a review from FroMage January 14, 2025 22:45
@michalvavrik
Copy link
Member Author

We have time, but if @FroMage is busy, I think any of @gsmet or @cescoffier could review as well. It is fairly small change and we need Quarkus Security API release before I can finish this in Quarkus main project.

@michalvavrik
Copy link
Member Author

I realized this is related to quarkusio/quarkus#44993 so if @FroMage finds time next week, great. I'll add Clement and Guillaume as IMO we just need one more reviewer to go.

@michalvavrik
Copy link
Member Author

michalvavrik commented Jan 27, 2025
edited
Loading

The change is quite trivial, I think if each review in this repo continues to take a long time, it won't motivate us to actually put stuff here and we will probably prefer Quarkus Security runtime SPI that is in the main repo. (I am speaking for myself, not anyone else)

gsmet
gsmet approved these changes Jan 28, 2025
View reviewed changes
Copy link
Member

@gsmet gsmet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to change it but if I had a recommendation, in this case, it would be easier to initialize the attributes to an empty Map.of() instead of null when no attributes.

It won't require any additional memory and it would simplify a few things.

@michalvavrik
Copy link
Member Author

michalvavrik commented Jan 28, 2025
edited
Loading

No need to change it but if I had a recommendation, in this case, it would be easier to initialize the attributes to an empty Map.of() instead of null when no attributes.

It won't require any additional memory and it would simplify a few things.

thanks @gsmet , I'll change it when I am at my laptop later today.

@michalvavrik michalvavrik force-pushed the feature/add-auth-failure-attrs branch from 2486f2b to d87daa2 Compare January 28, 2025 11:38
@michalvavrik
Copy link
Member Author

Fixed, thanks for the suggestion.

@gsmet gsmet merged commit 08c7e19 into quarkusio:main Jan 28, 2025
3 checks passed
@gsmet
Copy link
Member

gsmet commented Jan 28, 2025

@michalvavrik just a warning: we need to make sure that no security-sensitive attributes end up in a generated message.

@michalvavrik michalvavrik deleted the feature/add-auth-failure-attrs branch January 28, 2025 13:18
@michalvavrik
Copy link
Member Author

@michalvavrik just a warning: we need to make sure that no security-sensitive attributes end up in a generated message.

Understood, I'll keep it in mind. There will be discussion what should end-up there anyway as I have tried to implement quarkusio/quarkus#45207 a week ago or so and I found only 2 situations, only one I found a test for. I'll open discussion in the issue to clarify when and what should be there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsmet gsmet gsmet approved these changes

@sberyozkin sberyozkin sberyozkin approved these changes

@cescoffier cescoffier cescoffier approved these changes

@FroMage FroMage Awaiting requested review from FroMage

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@michalvavrik @sberyozkin @gsmet @cescoffier