Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intercepted subclasses generation - fix evaluation of skipped methods #21781

Merged
merged 1 commit into from
Nov 30, 2021
Merged

Intercepted subclasses generation - fix evaluation of skipped methods #21781

merged 1 commit into from
Nov 30, 2021

Conversation

mkouba
Copy link
Contributor

@mkouba mkouba commented Nov 29, 2021

@quarkus-bot quarkus-bot bot added the area/arc Issue related to ARC (dependency injection) label Nov 29, 2021
@mkouba
Copy link
Contributor Author

mkouba commented Nov 29, 2021

This PR should supersede #21625 and fix #19177.

@mkouba mkouba mentioned this pull request Nov 29, 2021
Closed
@mkouba mkouba changed the title Intercepted subclasses generation - fix skipped methods evaluation Intercepted subclasses generation - fix evaluation of skipped methods Nov 29, 2021
@quarkus-bot

This comment has been minimized.

Sign in to view
Ladicek
Ladicek approved these changes Nov 29, 2021
View reviewed changes
Copy link
Contributor

@Ladicek Ladicek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, it took me a while to realize that by "do not skip methods with a private param", you mean "do not skip methods with a private param declared in the same package", but that obviously makes sense.

@mkouba @Ladicek
Intercepted subclasses generation - fix skipped methods evaluation
de75549 
- do not skip methods with a private param
- also do not evaluate methods that declare no interceptor bindings;
these methods are skipped automatically
- related to quarkusio#19177

Co-authored-by: Ladislav Thon <[email protected]>
@mkouba mkouba added the triage/waiting-for-ci Ready to merge when CI successfully finishes label Nov 29, 2021
@gastaldi gastaldi linked an issue Nov 29, 2021 that may be closed by this pull request
Regression v2.0.2.Final: RolesAllowed check skipped when endpoint method payload POJO class is private #19177
Closed
stuartwdouglas
stuartwdouglas reviewed Nov 29, 2021
View reviewed changes
independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java
}
// e.g. parameters whose class is package-private and the package is not the same as the package of the method for which we are checking can not be loaded,
// as we would end up with IllegalAccessError when trying to access the use the load the class
if (!DotNames.packageName(param.name()).equals(originalClassPackage)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO this should be an error rather than a warning. We have seen cases where security interceptors are not applied even though the user was expecting them to be.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree but the problem is that if you annotate a class with an interceptor binding then all methods (incl. inherited ones) should be intercepted and sometimes you need to extend a class from a different package which you don't control. Such an extended class may declare e.g. a package-private method that accepts a private param type. And since you're not able to modify the extended class you'd be screwed. An example from the original issue is java.util.concurrent.ThreadPoolExecutor and ThreadPoolExecutor.runWorker(Worker).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to merge this PR. @stuartwdouglas if you really think that the current behavior is wrong (actually, before this PR the method is ignored and no warning is logged) then pls file a new issue.

@mkouba mkouba merged commit e993043 into quarkusio:main Nov 30, 2021
@quarkus-bot quarkus-bot bot added this to the 2.6 - main milestone Nov 30, 2021
@quarkus-bot quarkus-bot bot removed the triage/waiting-for-ci Ready to merge when CI successfully finishes label Nov 30, 2021
@kdubb
Copy link
Contributor

kdubb commented Dec 2, 2021

@mkouba This PR seems to cause warnings for primitive arrays.

Specifically the check following this:

quarkus/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java

Line 559 in 277523b

ClassInfo param = beanArchiveIndex.getClassByName(typeName);

Causes the following warnings.

Parameter type info not available: [B - unable to validate the parameter type's visibility for method parse declared on io.outfoxx.cloud.security.jwt.jwk.JsonWebKeySetLoader

@manovotn manovotn mentioned this pull request Dec 2, 2021
Merged
@manovotn
Copy link
Contributor

manovotn commented Dec 2, 2021

@kdubb this should fix it - #21900

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stuartwdouglas stuartwdouglas stuartwdouglas left review comments

@Ladicek Ladicek Ladicek approved these changes

@manovotn manovotn manovotn approved these changes

@geoand geoand geoand approved these changes

Assignees
No one assigned
Labels
area/arc Issue related to ARC (dependency injection)
Projects
None yet
Milestone
2.6.0.CR1
Development

Successfully merging this pull request may close these issues.

Regression v2.0.2.Final: RolesAllowed check skipped when endpoint method payload POJO class is private
6 participants
@mkouba @kdubb @manovotn @stuartwdouglas @Ladicek @geoand