Replies: 1 comment 1 reply
-
|
/cc @sberyozkin (security) |
Beta Was this translation helpful? Give feedback.
-
|
@stdunbar Do you mean that you'd like to use a pre-match JAX-RS Moving this custom logic out of the JAX-RS filter to your own If you can provide some basic reproducer to show what you are trying to do then it may help us give more specific suggestions. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm attempting to move from a Wildfly / standard JEE environment that has a ContainerRequestFilter to a non-blocking Quarkus REST implementation. It doesn't seem that Quarkus is doing what I expect but I may be thinking of it wrong.
At a high level, my architecture is that once a JWT has been validated, I want to create users in my DB if they don't exist. My challenge is that I'm not seeing logged in users in a SecurityIdentityAugmentor - everybody is anonymous. If I implement a ContainerRequestFilter, the ContainerRequestContext security context doesn't contain a Principal either. The ContainerRequestFilter implementation is impossible to use with anything that hits the DB - even if my ApplicationScoped bean is marked with Blocking I still get the "Attempting a blocking read on io thread" exception - which honestly sounds like a bug.
Do I give up on the async model of everything on the planet is asynchronous and move back to the non-reactive world? Is there something I'm missing? The docs at https://quarkus.io/guides/security-customization do not reflect what I'm seeing and that's why I'm here.
For reference, this is Quarkus 3.22.3 on Java 21.0.7, LinuxMint 22.1
Beta Was this translation helpful? Give feedback.
All reactions