Merge pull request quarkusio#4221 from stuartwdouglas/authenticated

Wire up @authenticated when used with JAX-RS

bom/runtime/pom.xml

@@ -164,7 +164,8 @@
         <mockito.version>3.0.0</mockito.version>
         <jna.version>5.3.1</jna.version>
         <antlr.version>4.7.2</antlr.version>
-        <quarkus-security.version>1.0.0.Alpha1</quarkus-security.version>
+        <quarkus-security.version>1.0.0.Alpha2</quarkus-security.version>
+        <javax.interceptor-api.version>1.2</javax.interceptor-api.version>
     </properties>
 
     <dependencyManagement>
@@ -1125,6 +1126,12 @@
                 <artifactId>validation-api</artifactId>
                 <version>${validation-api.version}</version>
             </dependency>
+
+            <dependency>
+                <groupId>javax.interceptor</groupId>
+                <artifactId>javax.interceptor-api</artifactId>
+                <version>${javax.interceptor-api.version}</version>
+            </dependency>
             <dependency>
                 <groupId>javax.ws.rs</groupId>
                 <artifactId>javax.ws.rs-api</artifactId>

extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesAllowedFilter.java

@@ -24,7 +24,7 @@ public class RolesAllowedFilter implements ContainerRequestFilter {
     private final Set<String> allowedRoles;
     private final boolean allRolesAllowed;
 
-    public RolesAllowedFilter(String[] allowedRoles) {
+    public RolesAllowedFilter(String... allowedRoles) {
         this.allowedRoles = new HashSet<>(asList(allowedRoles));
         this.allRolesAllowed = this.allowedRoles.stream().anyMatch("*"::equals);
     }

extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/RolesFilterRegistrar.java

@@ -21,6 +21,8 @@
 import javax.ws.rs.core.FeatureContext;
 import javax.ws.rs.ext.Provider;
 
+import io.quarkus.security.Authenticated;
+
 /**
  * A JAXRS provider that installs security filters to support the RBAC access to endpoints based on the
  * common security annotations.
@@ -30,7 +32,7 @@ public class RolesFilterRegistrar implements DynamicFeature {
 
     private static final DenyAllFilter denyAllFilter = new DenyAllFilter();
     private final Set<Class<? extends Annotation>> mpJwtAnnotations = new HashSet<>(
-            asList(DenyAll.class, PermitAll.class, RolesAllowed.class));
+            asList(DenyAll.class, PermitAll.class, RolesAllowed.class, Authenticated.class));
 
     @Override
     public void configure(ResourceInfo resourceInfo, FeatureContext context) {
@@ -40,6 +42,8 @@ public void configure(ResourceInfo resourceInfo, FeatureContext context) {
                 configureDenyAll(context);
             } else if (mpJwtAnnotation instanceof RolesAllowed) {
                 configureRolesAllowed((RolesAllowed) mpJwtAnnotation, context);
+            } else if (mpJwtAnnotation instanceof Authenticated) {
+                configureAuthenticated(context);
             }
         } else {
             // the resource method is not annotated and the class is not annotated either
@@ -54,6 +58,10 @@ private void configureRolesAllowed(RolesAllowed mpJwtAnnotation, FeatureContext
         context.register(new RolesAllowedFilter(mpJwtAnnotation.value()));
     }
 
+    private void configureAuthenticated(FeatureContext context) {
+        context.register(new RolesAllowedFilter("*"));
+    }
+
     private void configureDenyAll(FeatureContext context) {
         context.register(denyAllFilter);
     }

extensions/security/runtime/pom.xml

@@ -18,6 +18,10 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-arc</artifactId>
         </dependency>
+        <dependency>
+            <groupId>javax.interceptor</groupId>
+            <artifactId>javax.interceptor-api</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.oracle.substratevm</groupId>
             <artifactId>svm</artifactId>

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java

@@ -53,6 +53,25 @@ public void callEchoNoAuth() {
                 .statusCode(HttpURLConnection.HTTP_UNAUTHORIZED);
     }
 
+    @Test()
+    public void testAuthenticatedAnnotation() {
+        RestAssured.given()
+                .when()
+                .queryParam("input", "hello")
+                .get("/endp/authenticated")
+                .then()
+                .statusCode(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+        io.restassured.response.Response response = RestAssured.given().auth()
+                .oauth2(token)
+                .when()
+                .get("/endp/authenticated").andReturn();
+
+        Assertions.assertEquals(HttpURLConnection.HTTP_OK, response.getStatusCode());
+        String replyString = response.body().asString();
+        Assertions.assertEquals("[email protected]", replyString);
+    }
+
     /**
      * Validate a request without an MP-JWT to unsecured endpoint has HTTP_OK with expected response
      */

extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesEndpoint.java

@@ -20,6 +20,8 @@
 import org.eclipse.microprofile.jwt.ClaimValue;
 import org.eclipse.microprofile.jwt.JsonWebToken;
 
+import io.quarkus.security.Authenticated;
+
 @Path("/endp")
 @DenyAll
 @RequestScoped
@@ -124,6 +126,16 @@ public String getReasonPhrase() {
         return response;
     }
 
+    @GET
+    @Path("/authenticated")
+    @Authenticated
+    public String checkAuthenticated(@Context SecurityContext sec) {
+        if (sec.getUserPrincipal() != null) {
+            return sec.getUserPrincipal().getName();
+        }
+        return "FAILED";
+    }
+
     @GET
     @Path("/getInjectedPrincipal")
     @RolesAllowed("Tester")