Merge pull request quarkusio#46316 from michalvavrik/feature/drop-sec…

…urity-extension-deprecations

Drop couple of deprecated build items and a field in Security and Vert.x HTTP Security area, mark `redirect-after-login` for removal

extensions/amazon-lambda-http/runtime/src/main/java/io/quarkus/amazon/lambda/http/LambdaHttpAuthenticationMechanism.java

@@ -95,7 +95,7 @@ public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
     }
 
     @Override
-    public HttpCredentialTransport getCredentialTransport() {
-        return null;
+    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext context) {
+        return Uni.createFrom().nullItem();
     }
 }

extensions/amazon-lambda-rest/runtime/src/main/java/io/quarkus/amazon/lambda/http/LambdaHttpAuthenticationMechanism.java

@@ -95,7 +95,7 @@ public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
     }
 
     @Override
-    public HttpCredentialTransport getCredentialTransport() {
-        return null;
+    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext context) {
+        return Uni.createFrom().nullItem();
     }
 }

extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java

@@ -72,7 +72,7 @@ public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
     }
 
     @Override
-    public HttpCredentialTransport getCredentialTransport() {
-        return new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, "bearer");
+    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext context) {
+        return Uni.createFrom().item(new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, "bearer"));
     }
 }

extensions/elytron-security-properties-file/deployment/src/test/java/io/quarkus/security/test/CustomAuth.java

@@ -88,7 +88,7 @@ public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
     }
 
     @Override
-    public HttpCredentialTransport getCredentialTransport() {
-        return new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, "basic");
+    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext context) {
+        return Uni.createFrom().item(new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, "basic"));
     }
 }

extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java

@@ -123,7 +123,6 @@
 import io.quarkus.security.runtime.interceptor.SecurityCheckStorageBuilder;
 import io.quarkus.security.runtime.interceptor.SecurityConstrainer;
 import io.quarkus.security.runtime.interceptor.SecurityHandler;
-import io.quarkus.security.spi.AdditionalSecuredClassesBuildItem;
 import io.quarkus.security.spi.AdditionalSecuredMethodsBuildItem;
 import io.quarkus.security.spi.AdditionalSecurityAnnotationBuildItem;
 import io.quarkus.security.spi.AdditionalSecurityConstrainerEventPropsBuildItem;
@@ -522,26 +521,6 @@ void registerSecurityInterceptors(BuildProducer<InterceptorBindingRegistrarBuild
                 .done());
     }
 
-    /**
-     * Transform deprecated {@link AdditionalSecuredClassesBuildItem} to {@link AdditionalSecuredMethodsBuildItem}.
-     */
-    @BuildStep
-    void transformAdditionalSecuredClassesToMethods(List<AdditionalSecuredClassesBuildItem> additionalSecuredClassesBuildItems,
-            BuildProducer<AdditionalSecuredMethodsBuildItem> additionalSecuredMethodsBuildItemBuildProducer) {
-        for (AdditionalSecuredClassesBuildItem additionalSecuredClassesBuildItem : additionalSecuredClassesBuildItems) {
-            final Collection<MethodInfo> securedMethods = new ArrayList<>();
-            for (ClassInfo additionalSecuredClass : additionalSecuredClassesBuildItem.additionalSecuredClasses) {
-                for (MethodInfo method : additionalSecuredClass.methods()) {
-                    if (isPublicNonStaticNonConstructor(method)) {
-                        securedMethods.add(method);
-                    }
-                }
-            }
-            additionalSecuredMethodsBuildItemBuildProducer.produce(
-                    new AdditionalSecuredMethodsBuildItem(securedMethods, additionalSecuredClassesBuildItem.rolesAllowed));
-        }
-    }
-
     /*
      * The annotation store is not meant to be generally supported for security annotation.
      * It is only used here in order to be able to register the DenyAllInterceptor for

extensions/vertx-http/deployment/src/main/java/io/quarkus/vertx/http/deployment/HttpSecurityProcessor.java

@@ -73,7 +73,6 @@
 import io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism;
 import io.quarkus.vertx.http.runtime.security.HttpAuthenticator;
 import io.quarkus.vertx.http.runtime.security.HttpAuthorizer;
-import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
 import io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder;
 import io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.AuthenticationHandler;
 import io.quarkus.vertx.http.runtime.security.MtlsAuthenticationMechanism;
@@ -90,28 +89,9 @@
 public class HttpSecurityProcessor {
 
     private static final DotName AUTH_MECHANISM_NAME = DotName.createSimple(HttpAuthenticationMechanism.class);
-    private static final DotName BASIC_AUTH_MECH_NAME = DotName.createSimple(BasicAuthenticationMechanism.class);
     private static final DotName BASIC_AUTH_ANNOTATION_NAME = DotName.createSimple(BasicAuthentication.class);
     private static final String KOTLIN_SUSPEND_IMPL_SUFFIX = "$suspendImpl";
 
-    @Record(ExecutionTime.STATIC_INIT)
-    @BuildStep
-    void produceNamedHttpSecurityPolicies(List<HttpSecurityPolicyBuildItem> httpSecurityPolicyBuildItems,
-            BuildProducer<SyntheticBeanBuildItem> syntheticBeanProducer,
-            HttpSecurityRecorder recorder) {
-        if (!httpSecurityPolicyBuildItems.isEmpty()) {
-            httpSecurityPolicyBuildItems.forEach(item -> syntheticBeanProducer
-                    .produce(SyntheticBeanBuildItem
-                            .configure(HttpSecurityPolicy.class)
-                            .named(HttpSecurityPolicy.class.getName() + "." + item.getName())
-                            .runtimeValue(recorder.createNamedHttpSecurityPolicy(item.getPolicySupplier(), item.getName()))
-                            .addType(HttpSecurityPolicy.class)
-                            .scope(Singleton.class)
-                            .unremovable()
-                            .done()));
-        }
-    }
-
     @BuildStep
     @Record(ExecutionTime.STATIC_INIT)
     AdditionalBeanBuildItem initFormAuth(

extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/HeaderAuthenticator.java

@@ -38,7 +38,7 @@ public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
     }
 
     @Override
-    public HttpCredentialTransport getCredentialTransport() {
-        return null;
+    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext context) {
+        return Uni.createFrom().nullItem();
     }
 }

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/FormAuthRuntimeConfig.java

@@ -58,7 +58,7 @@ enum CookieSameSite {
      *             if there is no landing page.
      */
     @WithDefault("true")
-    @Deprecated
+    @Deprecated(forRemoval = true, since = "2.16")
     boolean redirectAfterLogin();
 
     /**

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java

@@ -129,24 +129,6 @@ public EagerSecurityInterceptorStorage get() {
         };
     }
 
-    public RuntimeValue<HttpSecurityPolicy> createNamedHttpSecurityPolicy(Supplier<HttpSecurityPolicy> policySupplier,
-            String name) {
-        return new RuntimeValue<>(new HttpSecurityPolicy() {
-            private final HttpSecurityPolicy delegate = policySupplier.get();
-
-            @Override
-            public Uni<CheckResult> checkPermission(RoutingContext request, Uni<SecurityIdentity> identity,
-                    AuthorizationRequestContext requestContext) {
-                return delegate.checkPermission(request, identity, requestContext);
-            }
-
-            @Override
-            public String name() {
-                return name;
-            }
-        });
-    }
-
     public Supplier<Map<String, Object>> createAdditionalSecEventPropsSupplier() {
         return new Supplier<Map<String, Object>>() {
             @Override

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/ImmutablePathMatcher.java

@@ -55,7 +55,7 @@ public PathMatch<T> match(String path) {
         if (hasExactPathMatches) {
             T match = exactPathMatches.get(path);
             if (match != null) {
-                return new PathMatch<>(path, "", match);
+                return new PathMatch<>(path, match);
             }
         }
 
@@ -64,7 +64,7 @@ public PathMatch<T> match(String path) {
             if (pathLength == length) {
                 SubstringMatch<T> next = paths.get(path, length);
                 if (next != null) {
-                    return new PathMatch<>(path, "", next.getValue());
+                    return new PathMatch<>(path, next.getValue());
                 }
             } else if (pathLength < length) {
                 char c = path.charAt(pathLength);
@@ -76,12 +76,12 @@ public PathMatch<T> match(String path) {
                     //String part = path.substring(0, pathLength);
                     SubstringMatch<T> next = paths.get(path, pathLength);
                     if (next != null) {
-                        return new PathMatch<>(next.getKey(), path.substring(pathLength), next.getValue());
+                        return new PathMatch<>(next.getKey(), next.getValue());
                     }
                 }
             }
         }
-        return new PathMatch<>("", path, defaultHandler);
+        return new PathMatch<>("", defaultHandler);
     }
 
     public static <T> ImmutablePathMatcherBuilder<T> builder() {
@@ -90,25 +90,13 @@ public static <T> ImmutablePathMatcherBuilder<T> builder() {
 
     public static final class PathMatch<T> {
         private final String matched;
-        private final String remaining;
         private final T value;
 
-        public PathMatch(String matched, String remaining, T value) {
+        public PathMatch(String matched, T value) {
             this.matched = matched;
-            this.remaining = remaining;
             this.value = value;
         }
 
-        /**
-         * @deprecated because it can't be supported with inner wildcard without cost. It's unlikely this method is
-         *             used by anyone as users don't get in touch with this class. If there is legit use case, please
-         *             open Quarkus issue.
-         */
-        @Deprecated
-        public String getRemaining() {
-            return remaining;
-        }
-
         public String getMatched() {
             return matched;
         }