Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JwksSignature error when used from HttpServerFilter #1680

Open
mrusinak opened this issue Apr 25, 2024 · 3 comments
Open

JwksSignature error when used from HttpServerFilter #1680

mrusinak opened this issue Apr 25, 2024 · 3 comments
Labels
closed: notabug The issue is not a bug

Comments

@mrusinak
Copy link

mrusinak commented Apr 25, 2024
edited
Loading

Expected Behavior

I should be able to use JwksSignature.verify() from within HttpServerFilter.doFilter

This worked in 4.3.7, and started failing on upgrade to 4.4.1

Actual Behaviour

An exception is thrown:

java.lang.IllegalStateException: blockOptional() is blocking, which is not supported in thread default-nioEventLoopGroup-1-3
	at reactor.core.publisher.BlockingOptionalMonoSubscriber.blockingGet(BlockingOptionalMonoSubscriber.java:108)
	at reactor.core.publisher.Mono.blockOptional(Mono.java:1831)
	at io.micronaut.security.token.jwt.signature.jwks.JwksSignature.loadJwkSet(JwksSignature.java:178)
	at io.micronaut.security.token.jwt.signature.jwks.JwksSignature.computeJWKSet(JwksSignature.java:78)
	at io.micronaut.security.token.jwt.signature.jwks.JwksSignature.verify(JwksSignature.java:149)

Steps To Reproduce

  1. Create a project with dependencies
    1. "io.micronaut:micronaut-http-server-netty"
    2. "io.micronaut.security:micronaut-security-jwt"
  2. Create an HttpServerFilter, and configure/autowire in a JwksSignature
  3. Within the doFilter method of the filter, attempt call the verify method of the signature
    1. Or really, any method that will cause fetching of the JWKS

Possible? (Kotlin) Workaround:

  • Add dependency to "org.jetbrains.kotlinx:kotlinx-coroutines-reactor"
  • Wrap verify (or another method that will trigger fetching of JWKS) in runBlocking(Dispatchers.IO) { }

Environment Information

No response

Example Application

No response

Version

4.4.1
@sdelamo
Copy link
Contributor

sdelamo commented Apr 30, 2024
edited
Loading

This is an intentional change in Micronaut Framework 4.4.0 to avoid performance degradation due to the blocking of the Netty event loop.

In addition, since Micronaut framework 4.4.0, any Project Reactor blocking operations throw an exception when they are done on an event loop thread. This new behaviour will help you identify the controller’s methods, which you must annotate with @ExecuteOn to avoid performance loss or dead locks in the event loop.

Please watch: https://www.youtube.com/watch?v=W6iztOuulVU

if you are using a ServerFilter annotate the filter method with @ExecuteOn.

@sdelamo sdelamo added the closed: notabug The issue is not a bug label Apr 30, 2024
@mrusinak
Copy link
Author

mrusinak commented Apr 30, 2024
edited
Loading

Thanks, but I do think this is still a bit of a bug / unexpected problem - I believe it should be possible to call JwksSignature.verify() from within nonblocking threads without running into an error like this.

Whether that be a new method, new argument, or change to the existing verify() so it can be used without a hidden call to resolve JWKS in a blocking fashion

@sdelamo
Copy link
Contributor

sdelamo commented May 2, 2024

we are working on #1693

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed: notabug The issue is not a bug
Projects
No open projects
4.5.0 Release
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sdelamo @mrusinak