Merge pull request #4305 from stuartwdouglas/security-fixes

Fixes for JWT auth
quarkusio · Oct 2, 2019 · eb6e47c · eb6e47c
2 parents c93aa03 + 2a93978
commit eb6e47c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/...allrye-jwt/runtime/src/main/java/io/quarkus/smallrye/jwt/runtime/auth/MpJwtValidator.java b/...allrye-jwt/runtime/src/main/java/io/quarkus/smallrye/jwt/runtime/auth/MpJwtValidator.java
@@ -70,7 +70,9 @@ public CompletionStage<SecurityIdentity> authenticate(TokenAuthenticationRequest
 
         } catch (ParseException | MalformedClaimException e) {
             log.debug("Authentication failed", e);
-            throw new AuthenticationFailedException();
+            CompletableFuture<SecurityIdentity> cf = new CompletableFuture<SecurityIdentity>();
+            cf.completeExceptionally(new AuthenticationFailedException());
+            return cf;
         }
     }
 }
diff --git a/...tp/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java b/...tp/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java
@@ -1,5 +1,6 @@
 package io.quarkus.vertx.http.runtime.security;
 
+import java.util.concurrent.CompletionException;
 import java.util.function.BiFunction;
 
 import javax.enterprise.inject.spi.CDI;
@@ -25,6 +26,9 @@ public void handle(RoutingContext event) {
                     @Override
                     public Object apply(SecurityIdentity identity, Throwable throwable) {
                         if (throwable != null) {
+                            while (throwable instanceof CompletionException && throwable.getCause() != null) {
+                                throwable = throwable.getCause();
+                            }
                             //auth failed
                             if (throwable instanceof AuthenticationFailedException) {
                                 authenticator.sendChallenge(event, new Runnable() {