Take @testsecurity(authorizationEnabled = false) into account for RES…

…TEasy Reactive Relates to: quarkusio#19834
gsmet · Sep 2, 2021 · 07f9e87 · 07f9e87
1 parent 006d2ec
commit 07f9e87
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/...ntime/src/main/java/io/quarkus/security/runtime/interceptor/check/AuthenticatedCheck.java b/...ntime/src/main/java/io/quarkus/security/runtime/interceptor/check/AuthenticatedCheck.java
@@ -2,21 +2,47 @@
 
 import java.lang.reflect.Method;
 
+import io.quarkus.arc.Arc;
+import io.quarkus.arc.ArcContainer;
+import io.quarkus.arc.InstanceHandle;
 import io.quarkus.security.UnauthorizedException;
 import io.quarkus.security.identity.SecurityIdentity;
+import io.quarkus.security.spi.runtime.AuthorizationController;
 import io.quarkus.security.spi.runtime.SecurityCheck;
 
 public class AuthenticatedCheck implements SecurityCheck {
 
     public static final AuthenticatedCheck INSTANCE = new AuthenticatedCheck();
 
+    private volatile AuthorizationController authorizationController;
+
     private AuthenticatedCheck() {
     }
 
     @Override
     public void apply(SecurityIdentity identity, Method method, Object[] parameters) {
+        if (isAuthorizationDisabled()) {
+            return;
+        }
         if (identity.isAnonymous()) {
             throw new UnauthorizedException();
         }
     }
+
+    private boolean isAuthorizationDisabled() {
+        if (authorizationController != null) {
+            return !authorizationController.isAuthorizationEnabled();
+        }
+
+        ArcContainer container = Arc.container();
+        if ((container == null) || !container.isRunning()) {
+            return false;
+        }
+        InstanceHandle<AuthorizationController> instance = container.instance(AuthorizationController.class);
+        if (instance.isAvailable()) {
+            authorizationController = instance.get();
+            return !instance.get().isAuthorizationEnabled();
+        }
+        return false;
+    }
 }