From f10fafd7a56690ebb319437ddb7587c42e7dbe6d Mon Sep 17 00:00:00 2001 From: Carles Arnal Date: Fri, 10 Nov 2023 17:54:42 +0100 Subject: [PATCH] Add useful information to the authentication error (#3963) --- .../AuthenticationFailedExceptionMapper.java | 22 ++++++++++++++----- .../rest/RegistryExceptionMapper.java | 1 - .../http/RegistryExceptionMapperService.java | 3 +++ .../registry/auth/SimpleAuthTest.java | 19 ++++++++++++---- storage/mysql/pom.xml | 2 +- 5 files changed, 36 insertions(+), 11 deletions(-) diff --git a/app/src/main/java/io/apicurio/registry/rest/AuthenticationFailedExceptionMapper.java b/app/src/main/java/io/apicurio/registry/rest/AuthenticationFailedExceptionMapper.java index 62998fb9f9..b686e56bca 100644 --- a/app/src/main/java/io/apicurio/registry/rest/AuthenticationFailedExceptionMapper.java +++ b/app/src/main/java/io/apicurio/registry/rest/AuthenticationFailedExceptionMapper.java @@ -16,14 +16,26 @@ package io.apicurio.registry.rest; -import io.quarkus.security.AuthenticationFailedException; - +import io.apicurio.registry.services.http.ErrorHttpResponse; +import io.apicurio.registry.services.http.RegistryExceptionMapperService; +import io.quarkus.security.UnauthorizedException; +import jakarta.annotation.Priority; +import jakarta.inject.Inject; +import jakarta.ws.rs.Priorities; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.ext.ExceptionMapper; +import jakarta.ws.rs.ext.Provider; + +@Provider +@Priority(Priorities.AUTHENTICATION) +public class AuthenticationFailedExceptionMapper implements ExceptionMapper { + + @Inject + RegistryExceptionMapperService exceptionMapperService; -public class AuthenticationFailedExceptionMapper implements ExceptionMapper { @Override - public Response toResponse(AuthenticationFailedException exception) { - return Response.status(401).build(); + public Response toResponse(UnauthorizedException exception) { + ErrorHttpResponse errorHttpResponse = exceptionMapperService.mapException(exception); + return Response.status(401).entity(errorHttpResponse).build(); } } diff --git a/app/src/main/java/io/apicurio/registry/rest/RegistryExceptionMapper.java b/app/src/main/java/io/apicurio/registry/rest/RegistryExceptionMapper.java index a41cdf4570..7c5ccc566c 100644 --- a/app/src/main/java/io/apicurio/registry/rest/RegistryExceptionMapper.java +++ b/app/src/main/java/io/apicurio/registry/rest/RegistryExceptionMapper.java @@ -61,7 +61,6 @@ public class RegistryExceptionMapper implements ExceptionMapper { @Inject RegistryExceptionMapperService exceptionMapper; - @Context HttpServletRequest request; diff --git a/app/src/main/java/io/apicurio/registry/services/http/RegistryExceptionMapperService.java b/app/src/main/java/io/apicurio/registry/services/http/RegistryExceptionMapperService.java index 9d1ac1ce94..83105fe4cb 100644 --- a/app/src/main/java/io/apicurio/registry/services/http/RegistryExceptionMapperService.java +++ b/app/src/main/java/io/apicurio/registry/services/http/RegistryExceptionMapperService.java @@ -57,6 +57,7 @@ import io.apicurio.rest.client.auth.exception.ForbiddenException; import io.apicurio.rest.client.auth.exception.NotAuthorizedException; import io.apicurio.tenantmanager.client.exception.TenantManagerClientException; +import io.quarkus.security.UnauthorizedException; import io.smallrye.mutiny.TimeoutException; import org.apache.commons.lang3.exception.ExceptionUtils; import org.eclipse.microprofile.config.inject.ConfigProperty; @@ -136,6 +137,8 @@ public class RegistryExceptionMapperService { map.put(ParametersConflictException.class, HTTP_CONFLICT); map.put(DownloadNotFoundException.class, HTTP_NOT_FOUND); map.put(ConfigPropertyNotFoundException.class, HTTP_NOT_FOUND); + map.put(UnauthorizedException.class, HTTP_UNAUTHORIZED); + map.put(io.quarkus.security.ForbiddenException.class, HTTP_FORBIDDEN); // From io.apicurio.common.apps.multitenancy.TenantManagerService: map.put(NotAuthorizedException.class, HTTP_FORBIDDEN); map.put(ForbiddenException.class, HTTP_FORBIDDEN); diff --git a/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java b/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java index a0694108aa..1d3fc03880 100644 --- a/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java +++ b/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java @@ -21,7 +21,12 @@ import io.apicurio.registry.rest.client.AdminClient; import io.apicurio.registry.rest.client.RegistryClient; import io.apicurio.registry.rest.client.exception.ArtifactNotFoundException; -import io.apicurio.registry.rest.v2.beans.*; +import io.apicurio.registry.rest.v2.beans.ArtifactMetaData; +import io.apicurio.registry.rest.v2.beans.ArtifactOwner; +import io.apicurio.registry.rest.v2.beans.EditableMetaData; +import io.apicurio.registry.rest.v2.beans.IfExists; +import io.apicurio.registry.rest.v2.beans.Rule; +import io.apicurio.registry.rest.v2.beans.UserInfo; import io.apicurio.registry.rules.compatibility.CompatibilityLevel; import io.apicurio.registry.rules.validity.ValidityLevel; import io.apicurio.registry.types.ArtifactType; @@ -51,9 +56,7 @@ import java.nio.charset.StandardCharsets; import java.util.UUID; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.*; /** * @author Fabian Martinez @@ -99,6 +102,14 @@ public void testWrongCreds() throws Exception { }); } + @Test + public void testNoCreds() throws Exception { + RegistryClient clientNoAuth = createClient(null); + Assertions.assertThrows(NotAuthorizedException.class, () -> { + clientNoAuth.listArtifactsInGroup(groupId); + }); + } + @Test public void testReadOnly() throws Exception { Auth auth = new OidcAuth(httpClient, JWKSMockServer.READONLY_CLIENT_ID, "test1"); diff --git a/storage/mysql/pom.xml b/storage/mysql/pom.xml index f2cde4f936..d977f00cb8 100644 --- a/storage/mysql/pom.xml +++ b/storage/mysql/pom.xml @@ -4,7 +4,7 @@ io.apicurio apicurio-registry-storage - 2.4.13-SNAPSHOT + 2.5.0-SNAPSHOT ../pom.xml