Skip to content

ServletOAuth2AuthorizedClientExchangeFilterFunction Does Not Work For Chained Reactive Methods #6483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rwinch opened this issue Jan 25, 2019 · 0 comments
Closed

ServletOAuth2AuthorizedClientExchangeFilterFunction Does Not Work For Chained Reactive Methods #6483

rwinch opened this issue Jan 25, 2019 · 0 comments
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) in: web An issue in web modules (web, webmvc) type: bug A general bug
Milestone
5.2.0.M2

Comments

@rwinch
Copy link
Member

rwinch commented Jan 25, 2019

Summary

The defaults for ServletOAuth2AuthorizedClientExchangeFilterFunction are performed on the main thread so that ThreadLocal's like SecurityContextHolder and RequestContextHolder can be accessed. The problem is that when chaining occurs, the thread has also chained. This means these defaults cannot be accessed.

An example would be something like this:

override fun getPermissionForDefaultLogin(repositoryRef: RepositoryRef): Mono<Permission> {
    return defaultGitHubLogin()
            // getPermissionsForLogin is deferred to another thread which means defaults cannot be found on the ThreadLocal objects
            .flatMap { login -> getPermissionForLogin(repositoryRef, login) }
}

private fun getPermissionForLogin(repositoryRef: RepositoryRef, login: String): Mono<Permission> {
    return webClient.get()
            .uri("$baseGitHubUrl/repos/${repositoryRef.fullName}/collaborators/$login/permission")
            .attributes(clientRegistrationId("github"))
            .retrieve()
            .bodyToMono<Map<String,Object>>()
            .map { body -> body.get("permission")?.toString()!! }
            .map { p -> Permission(login, p) }
}

private fun defaultGitHubLogin(): Mono<String> {
    return webClient.get()
            .uri("$baseGitHubUrl/user")
            .retrieve()
            .bodyToMono<Map<String,Object>>()
            .map { body -> body.get("login")?.toString() }
}

We should find a way to ensure that the defaults are propagated to chained methods (likely using Reactor's context)
@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: bug A general bug in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jan 25, 2019
@rwinch rwinch added this to the 5.1.4 milestone Jan 25, 2019
@jgrandja jgrandja mentioned this issue Feb 12, 2019
Closed
jgrandja added a commit to jgrandja/spring-security that referenced this issue Feb 13, 2019
@jgrandja
ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining
6cf8513 
Fixes spring-projectsgh-6483
@jgrandja jgrandja modified the milestones: 5.1.4, 5.2.0.M2 Feb 13, 2019
@jgrandja jgrandja mentioned this issue Feb 13, 2019
Closed
jgrandja added a commit that referenced this issue Feb 13, 2019
@jgrandja
ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining
091cbe5 
Fixes gh-6483
This was referenced Mar 4, 2019
Closed
Closed
@jgrandja jgrandja mentioned this issue Jun 25, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) in: web An issue in web modules (web, webmvc) type: bug A general bug
Projects
None yet
Milestone
5.2.0.M2
Development

No branches or pull requests
2 participants
@rwinch @jgrandja