Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception for multiple HTTP authentication mechanisms is never thrown. #8138

Closed
KeesKoffeman opened this issue Mar 25, 2020 · 0 comments · Fixed by #8006
Closed

Exception for multiple HTTP authentication mechanisms is never thrown. #8138

KeesKoffeman opened this issue Mar 25, 2020 · 0 comments · Fixed by #8006
Labels
area/security kind/bug Something isn't working
Milestone
1.3.1.Final

Comments

@KeesKoffeman
Copy link

Describe the bug
When multiple HTTP authentication mechanisms are present (not implemented yet) a IllegalStateException should be thrown but is not.

Expected behavior
The IllegalStateException to be thrown.

Actual behavior
(Describe the actual behavior clearly and concisely.)

To Reproduce
Steps to reproduce the behavior:

  1. Create new project and add 'io.quarkus:quarkus-smallrye-jwt' and 'io.quarkus:quarkus-oidc'.
  2. Set quarkus.oidc.tenant-enabled=false to avoid startup error.
  3. Quarkus starts up without IllegalStateException

Configuration

# Add your application.properties here, if applicable.
quarkus.oidc.tenant-enabled=false

Additional context
In HttpAuthenticator.java lift if (instance.isAmbiguous()) out of if (instance.isResolvable()).

@Inject
    public HttpAuthenticator(Instance<HttpAuthenticationMechanism> instance,
            Instance<IdentityProvider<UsernamePasswordAuthenticationRequest>> usernamePassword) {
        if (instance.isResolvable()) { 
            **if (instance.isAmbiguous()) {** // Not reachable due because isResolvable checks !isAmbiguous
                throw new IllegalStateException("Multiple HTTP authentication mechanisms are not implemented yet, discovered "
                        + instance.stream().collect(Collectors.toList()));
            }
            mechanism = instance.get();
        } else {
            if (!usernamePassword.isUnsatisfied()) {
                //TODO: config
                mechanism = new BasicAuthenticationMechanism("Quarkus");
            } else {
                mechanism = new NoAuthenticationMechanism();
            }
        }
    }
@KeesKoffeman KeesKoffeman added the kind/bug Something isn't working label Mar 25, 2020
@sberyozkin sberyozkin mentioned this issue Mar 25, 2020
Merged
@gsmet gsmet added this to the 1.3.1.Final milestone Mar 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security kind/bug Something isn't working
Projects
None yet
Milestone
1.3.1.Final
Development

Successfully merging a pull request may close this issue.

Authentication fixes stuartwdouglas/quarkus
3 participants
@gsmet @geoand @KeesKoffeman