diff --git a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/AbstractRolesAllowedTestCase.java b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/AbstractRolesAllowedTestCase.java index d1eb8c66e563be..d786e2873a7221 100644 --- a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/AbstractRolesAllowedTestCase.java +++ b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/AbstractRolesAllowedTestCase.java @@ -240,4 +240,23 @@ public void testWildcardMatchingWithoutSlash() { .assertThat() .statusCode(401); } + + @Test + public void testLargeBodyRejected() { + + StringBuilder sb = new StringBuilder("HELLO WORLD"); + for (int i = 0; i < 20; ++i) { + sb.append(sb); + } + for (int i = 0; i < 10; ++i) { + RestAssured + .given() + .body(sb.toString()) + .post("/roles1") + .then() + .assertThat() + .statusCode(401); + } + + } } diff --git a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedLazyAuthTestCase.java b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedLazyAuthTestCase.java index 92728c43150d8c..fb01c0faa25e4d 100644 --- a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedLazyAuthTestCase.java +++ b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedLazyAuthTestCase.java @@ -19,6 +19,7 @@ public class RolesAllowedLazyAuthTestCase extends AbstractRolesAllowedTestCase { private static final String APP_PROPS = "" + "quarkus.http.auth.basic=true\n" + + "quarkus.http.limits.max-body-size=100m\n" + "quarkus.http.auth.policy.r1.roles-allowed=test\n" + "quarkus.http.auth.policy.r2.roles-allowed=admin\n" + "quarkus.http.auth.permission.roles1.paths=/roles1,/deny,/permit,/combined,/wildcard1/*,/wildcard2*\n" + diff --git a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedTestCase.java b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedTestCase.java index 5f2fad2e217698..92db42d6dcc327 100644 --- a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedTestCase.java +++ b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/RolesAllowedTestCase.java @@ -19,6 +19,7 @@ public class RolesAllowedTestCase extends AbstractRolesAllowedTestCase { private static final String APP_PROPS = "" + "quarkus.http.auth.basic=true\n" + + "quarkus.http.limits.max-body-size=100m\n" + "quarkus.http.auth.policy.r1.roles-allowed=test\n" + "quarkus.http.auth.policy.r2.roles-allowed=admin\n" + "quarkus.http.auth.permission.roles1.paths=/roles1,/deny,/permit,/combined,/wildcard1/*,/wildcard2*\n" + diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java index 86e8d38578616a..73c252b4f5969e 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java @@ -140,6 +140,10 @@ public Uni apply(SecurityIdentity data) { * @return */ public Uni sendChallenge(RoutingContext routingContext) { + //we want to consume any body content if present + //challenges won't read the body, and if we don't consume + //things can get stuck + routingContext.request().resume(); Uni result = null; HttpAuthenticationMechanism matchingMech = routingContext.get(HttpAuthenticationMechanism.class.getName());