This is an automated email from the ASF dual-hosted git repository.
mweiler pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-kogito-apps.git
The following commit(s) were added to refs/heads/main by this push:
new 81da1df8b [incubator-kie-issues#2085] Conflict while running a secured
Spring Boot application with `kogito-addons-springboot-data-index-jpa` and
`kie-addons-springboot-process-svg` (#2266)
81da1df8b is described below
commit 81da1df8ba9e87d3ea2f7430e61c342a2f6394db
Author: Pere Fernández <[email protected]>
AuthorDate: Thu Sep 4 22:22:19 2025 +0200
[incubator-kie-issues#2085] Conflict while running a secured Spring Boot
application with `kogito-addons-springboot-data-index-jpa` and
`kie-addons-springboot-process-svg` (#2266)
---
.../index/service/KogitoRuntimeCommonClient.java | 8 +----
.../auth/QuarkusDataIndexAuthTokenReader.java | 2 +-
.../service/api/KogitoRuntimeClientTest.java | 24 ++++++-------
.../api/KogitoAddonRuntimeClientImplTest.java | 8 ++---
.../data-index-common-springboot/pom.xml | 14 ++------
.../service/auth/PrincipalAuthTokenReader.java | 26 ---------------
.../auth/SpringBootDataIndexAuthTokenReader.java | 24 +++++--------
.../auth/impl/JwtPrincipalAuthTokenReader.java | 39 ----------------------
.../auth/impl/OIDCPrincipalAuthTokenReader.java | 39 ----------------------
9 files changed, 29 insertions(+), 155 deletions(-)
diff --git
a/data-index/data-index-common/src/main/java/org/kie/kogito/index/service/KogitoRuntimeCommonClient.java
b/data-index/data-index-common/src/main/java/org/kie/kogito/index/service/KogitoRuntimeCommonClient.java
index 0cbf0a845..d86a8b2d2 100644
---
a/data-index/data-index-common/src/main/java/org/kie/kogito/index/service/KogitoRuntimeCommonClient.java
+++
b/data-index/data-index-common/src/main/java/org/kie/kogito/index/service/KogitoRuntimeCommonClient.java
@@ -154,12 +154,6 @@ public abstract class KogitoRuntimeCommonClient {
}
public String getAuthHeader() {
- String authToken = authTokenReader.readToken();
-
- if (authToken == null) {
- return "";
- }
-
- return "Bearer " + authToken;
+ return Optional.ofNullable(authTokenReader.readToken()).orElse("");
}
}
diff --git
a/data-index/data-index-quarkus/data-index-common-quarkus/src/main/java/org/kie/kogito/index/quarkus/service/auth/QuarkusDataIndexAuthTokenReader.java
b/data-index/data-index-quarkus/data-index-common-quarkus/src/main/java/org/kie/kogito/index/quarkus/service/auth/QuarkusDataIndexAuthTokenReader.java
index 12d28454a..ab142bcfc 100644
---
a/data-index/data-index-quarkus/data-index-common-quarkus/src/main/java/org/kie/kogito/index/quarkus/service/auth/QuarkusDataIndexAuthTokenReader.java
+++
b/data-index/data-index-quarkus/data-index-common-quarkus/src/main/java/org/kie/kogito/index/quarkus/service/auth/QuarkusDataIndexAuthTokenReader.java
@@ -45,6 +45,6 @@ public class QuarkusDataIndexAuthTokenReader implements
DataIndexAuthTokenReader
if (identity == null || identity.getCredential(TokenCredential.class)
== null) {
return null;
}
- return identity.getCredential(TokenCredential.class).getToken();
+ return "Bearer " +
identity.getCredential(TokenCredential.class).getToken();
}
}
diff --git
a/data-index/data-index-quarkus/data-index-service-quarkus-common/src/test/java/org/kie/kogito/index/quarkus/service/api/KogitoRuntimeClientTest.java
b/data-index/data-index-quarkus/data-index-service-quarkus-common/src/test/java/org/kie/kogito/index/quarkus/service/api/KogitoRuntimeClientTest.java
index 690f02996..de6f2e133 100644
---
a/data-index/data-index-quarkus/data-index-service-quarkus-common/src/test/java/org/kie/kogito/index/quarkus/service/api/KogitoRuntimeClientTest.java
+++
b/data-index/data-index-quarkus/data-index-service-quarkus-common/src/test/java/org/kie/kogito/index/quarkus/service/api/KogitoRuntimeClientTest.java
@@ -94,7 +94,7 @@ public class KogitoRuntimeClientTest {
private static String TASK_ID = "taskId";
private static String JOB_ID = "jobId";
- private static String AUTHORIZED_TOKEN = "authToken";
+ private static String AUTHORIZED_TOKEN = "Bearer authToken";
@Mock
public Vertx vertx;
@@ -144,7 +144,7 @@ public class KogitoRuntimeClientTest {
"ABORT ProcessInstance with id: " + pI.getId());
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
verify(httpRequestMock).send(handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
checkResponseHandling(handlerCaptor.getValue());
}
@@ -160,7 +160,7 @@ public class KogitoRuntimeClientTest {
"RETRY ProcessInstance with id: " + pI.getId());
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
verify(httpRequestMock).send(handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
checkResponseHandling(handlerCaptor.getValue());
}
@@ -177,7 +177,7 @@ public class KogitoRuntimeClientTest {
"SKIP ProcessInstance with id: " + pI.getId());
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
verify(httpRequestMock).send(handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
checkResponseHandling(handlerCaptor.getValue());
}
@@ -289,7 +289,7 @@ public class KogitoRuntimeClientTest {
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
JsonObject jsonOject = new JsonObject(newJobData);
verify(httpRequestMock).sendJson(eq(jsonOject),
handlerCaptor.capture());
- verify(httpRequestMock).putHeader("Authorization", "Bearer " +
AUTHORIZED_TOKEN);
+ verify(httpRequestMock).putHeader("Authorization", AUTHORIZED_TOKEN);
checkResponseHandling(handlerCaptor.getValue());
}
@@ -307,7 +307,7 @@ public class KogitoRuntimeClientTest {
null);
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
verify(httpRequestMock).send(handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
checkResponseHandling(handlerCaptor.getValue());
}
@@ -325,7 +325,7 @@ public class KogitoRuntimeClientTest {
List.class);
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
verify(httpRequestMock).send(handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
HttpResponse response = mock(HttpResponse.class);
handlerCaptor.getValue().handle(createResponseMocks(response, false,
404));
@@ -354,7 +354,7 @@ public class KogitoRuntimeClientTest {
null);
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
verify(httpRequestMock).send(handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
checkResponseHandling(handlerCaptor.getValue());
}
@@ -421,7 +421,7 @@ public class KogitoRuntimeClientTest {
eq("Get User Task schema for task:TaskName with id: " +
taskInstance.getId()), isNull());
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
verify(httpRequestMock).send(handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
checkResponseHandling(handlerCaptor.getValue());
}
@@ -444,7 +444,7 @@ public class KogitoRuntimeClientTest {
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
JsonObject jsonOject = new JsonObject(taskInfo);
verify(httpRequestMock).sendJson(eq(jsonOject),
handlerCaptor.capture());
- verify(httpRequestMock).putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN));
+ verify(httpRequestMock).putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN));
checkResponseHandling(handlerCaptor.getValue());
}
@@ -616,7 +616,7 @@ public class KogitoRuntimeClientTest {
String token = client.getAuthHeader();
verify(authTokenReader, times(1)).readToken();
- assertThat(token).isEqualTo("Bearer " + AUTHORIZED_TOKEN);
+ assertThat(token).isEqualTo(AUTHORIZED_TOKEN);
when(authTokenReader.readToken()).thenReturn(null);
token = client.getAuthHeader();
@@ -661,7 +661,7 @@ public class KogitoRuntimeClientTest {
protected void setupIdentityMock() {
when(authTokenReader.readToken()).thenReturn(AUTHORIZED_TOKEN);
- when(httpRequestMock.putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN))).thenReturn(httpRequestMock);
+ when(httpRequestMock.putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN))).thenReturn(httpRequestMock);
}
}
diff --git
a/data-index/data-index-quarkus/kogito-addons-quarkus-data-index-persistence/kogito-addons-quarkus-data-index-persistence-common/runtime/src/test/java/org/kie/kogito/index/addon/api/KogitoAddonRuntimeClientImplTest.java
b/data-index/data-index-quarkus/kogito-addons-quarkus-data-index-persistence/kogito-addons-quarkus-data-index-persistence-common/runtime/src/test/java/org/kie/kogito/index/addon/api/KogitoAddonRuntimeClientImplTest.java
index 60926a94b..769c7c173 100644
---
a/data-index/data-index-quarkus/kogito-addons-quarkus-data-index-persistence/kogito-addons-quarkus-data-index-persistence-common/runtime/src/test/java/org/kie/kogito/index/addon/api/KogitoAddonRuntimeClientImplTest.java
+++
b/data-index/data-index-quarkus/kogito-addons-quarkus-data-index-persistence/kogito-addons-quarkus-data-index-persistence-common/runtime/src/test/java/org/kie/kogito/index/addon/api/KogitoAddonRuntimeClientImplTest.java
@@ -79,7 +79,7 @@ public class KogitoAddonRuntimeClientImplTest {
private static final String NODE_ID = "nodeId";
private static String TASK_ID = "taskId";
private static String JOB_ID = "jobId";
- private static String AUTHORIZED_TOKEN = "authToken";
+ private static String AUTHORIZED_TOKEN = "Bearer authToken";
@Mock
public Vertx vertx;
@@ -279,7 +279,7 @@ public class KogitoAddonRuntimeClientImplTest {
ArgumentCaptor<Handler> handlerCaptor =
ArgumentCaptor.forClass(Handler.class);
JsonObject jsonOject = new JsonObject(newJobData);
verify(httpRequestMock).sendJson(eq(jsonOject),
handlerCaptor.capture());
- verify(httpRequestMock).putHeader("Authorization", "Bearer " +
AUTHORIZED_TOKEN);
+ verify(httpRequestMock).putHeader("Authorization", AUTHORIZED_TOKEN);
checkResponseHandling(handlerCaptor.getValue());
}
@@ -329,7 +329,7 @@ public class KogitoAddonRuntimeClientImplTest {
String token = client.getAuthHeader();
verify(authTokenReader, times(1)).readToken();
- assertThat(token).isEqualTo("Bearer " + AUTHORIZED_TOKEN);
+ assertThat(token).isEqualTo(AUTHORIZED_TOKEN);
when(authTokenReader.readToken()).thenReturn(null);
token = client.getAuthHeader();
@@ -403,6 +403,6 @@ public class KogitoAddonRuntimeClientImplTest {
protected void setupIdentityMock() {
when(authTokenReader.readToken()).thenReturn(AUTHORIZED_TOKEN);
- when(httpRequestMock.putHeader(eq("Authorization"), eq("Bearer " +
AUTHORIZED_TOKEN))).thenReturn(httpRequestMock);
+ when(httpRequestMock.putHeader(eq("Authorization"),
eq(AUTHORIZED_TOKEN))).thenReturn(httpRequestMock);
}
}
diff --git
a/data-index/data-index-springboot/data-index-common-springboot/pom.xml
b/data-index/data-index-springboot/data-index-common-springboot/pom.xml
index ccb6131fd..69146cf93 100644
--- a/data-index/data-index-springboot/data-index-common-springboot/pom.xml
+++ b/data-index/data-index-springboot/data-index-common-springboot/pom.xml
@@ -39,21 +39,13 @@
<artifactId>data-index-common</artifactId>
</dependency>
<dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter</artifactId>
- <version>${version.org.springframework.boot}</version>
+ <groupId>org.kie</groupId>
+ <artifactId>kie-addons-springboot-common-auth</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
+ <artifactId>spring-boot-starter</artifactId>
<version>${version.org.springframework.boot}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-oauth2-client</artifactId>
- <version>${version.org.springframework.boot}</version>
- <scope>provided</scope>
</dependency>
</dependencies>
</project>
\ No newline at end of file
diff --git
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/PrincipalAuthTokenReader.java
b/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/PrincipalAuthTokenReader.java
deleted file mode 100644
index f5bbc16f6..000000000
---
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/PrincipalAuthTokenReader.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.kie.kogito.index.springboot.service.auth;
-
-public interface PrincipalAuthTokenReader {
-
- boolean acceptsPrincipal(Object principal);
-
- String readAuthToken(Object principal);
-}
diff --git
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/SpringBootDataIndexAuthTokenReader.java
b/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/SpringBootDataIndexAuthTokenReader.java
index fcdf6b577..944ee3399 100644
---
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/SpringBootDataIndexAuthTokenReader.java
+++
b/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/SpringBootDataIndexAuthTokenReader.java
@@ -19,36 +19,28 @@
package org.kie.kogito.index.springboot.service.auth;
-import java.util.List;
+import java.util.Optional;
+import org.kie.addons.springboot.auth.SpringBootAuthTokenHelper;
import org.kie.kogito.index.service.auth.DataIndexAuthTokenReader;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
@Component
public class SpringBootDataIndexAuthTokenReader implements
DataIndexAuthTokenReader {
- private final List<PrincipalAuthTokenReader> authTokenReaders;
+ private final Optional<SpringBootAuthTokenHelper> authTokenHelper;
@Autowired
- public SpringBootDataIndexAuthTokenReader(List<PrincipalAuthTokenReader>
authTokenReaders) {
- this.authTokenReaders = authTokenReaders;
+ public
SpringBootDataIndexAuthTokenReader(Optional<SpringBootAuthTokenHelper>
authTokenHelper) {
+ this.authTokenHelper = authTokenHelper;
}
@Override
public String readToken() {
-
- SecurityContext securityContext = SecurityContextHolder.getContext();
-
- if (securityContext == null || securityContext.getAuthentication() ==
null) {
- return null;
+ if (authTokenHelper.isPresent()) {
+ return authTokenHelper.get().getAuthToken().orElse(null);
}
-
- Object principal = securityContext.getAuthentication().getPrincipal();
-
- return this.authTokenReaders.stream().filter(reader ->
reader.acceptsPrincipal(principal)).findFirst()
- .map(reader -> reader.readAuthToken(principal)).orElse(null);
+ return null;
}
}
diff --git
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/impl/JwtPrincipalAuthTokenReader.java
b/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/impl/JwtPrincipalAuthTokenReader.java
deleted file mode 100644
index 413961f2b..000000000
---
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/impl/JwtPrincipalAuthTokenReader.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.kie.kogito.index.springboot.service.auth.impl;
-
-import org.kie.kogito.index.springboot.service.auth.PrincipalAuthTokenReader;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.stereotype.Component;
-
-@Component
-@ConditionalOnClass(Jwt.class)
-public class JwtPrincipalAuthTokenReader implements PrincipalAuthTokenReader {
-
- @Override
- public boolean acceptsPrincipal(Object principal) {
- return principal instanceof Jwt;
- }
-
- @Override
- public String readAuthToken(Object principal) {
- return ((Jwt) principal).getTokenValue();
- }
-}
diff --git
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/impl/OIDCPrincipalAuthTokenReader.java
b/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/impl/OIDCPrincipalAuthTokenReader.java
deleted file mode 100644
index c0dde9d7c..000000000
---
a/data-index/data-index-springboot/data-index-common-springboot/src/main/java/org/kie/kogito/index/springboot/service/auth/impl/OIDCPrincipalAuthTokenReader.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.kie.kogito.index.springboot.service.auth.impl;
-
-import org.kie.kogito.index.springboot.service.auth.PrincipalAuthTokenReader;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.security.oauth2.core.oidc.user.OidcUser;
-import org.springframework.stereotype.Component;
-
-@Component
-@ConditionalOnClass({ OidcUser.class })
-public class OIDCPrincipalAuthTokenReader implements PrincipalAuthTokenReader {
-
- @Override
- public boolean acceptsPrincipal(Object principal) {
- return principal instanceof OidcUser;
- }
-
- @Override
- public String readAuthToken(Object principal) {
- return ((OidcUser) principal).getIdToken().getTokenValue();
- }
-}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
