-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Multi-tenancy support for Reactive Resource Server #6861
Conversation
@jzheaux I have decided to create a draft pull request to get some feedback before proceeding with updating the Seems like draft pull requests does not trigger build, I wish it did that way we would have figured whether the changes added break any tests or not. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, @rhamedy! I've left some feedback inline.
Also, I figure that you are waiting to add unit tests and updating javadocs until we are further along, so I've left most of that feedback out of this review.
...springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
Outdated
Show resolved
Hide resolved
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
Outdated
Show resolved
Hide resolved
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
Outdated
Show resolved
Hide resolved
...ain/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
Outdated
Show resolved
Hide resolved
.../java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
Show resolved
Hide resolved
.../java/org/springframework/security/authentication/ReactiveAuthenticationManagerResolver.java
Outdated
Show resolved
Hide resolved
...ain/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
Outdated
Show resolved
Hide resolved
@jzheaux thank you for the initial review. I think |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again, @rhamedy. Yes, I think a draft PR was a good idea in the beginning - if you think it's ready, go ahead and had any remaining tests and java docs and the convert into a formal PR.
...ain/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
Outdated
Show resolved
Hide resolved
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
Outdated
Show resolved
Hide resolved
...ain/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
Outdated
Show resolved
Hide resolved
Hi @jzheaux The switch to Also, please let me know if any changes need to be made in method names (naming is not my strongest skill set), javadoc, and remaining tests (if any). Thanks for your feedback. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rhamedy, I answered your question about tests in the PR. Thanks!
Also, it appears that the branch has some conflicts, let me know if you have any questions about resolving those.
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
Outdated
Show resolved
Hide resolved
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
Outdated
Show resolved
Hide resolved
15ce1f8
to
6226e6c
Compare
Hey @jzheaux sorry, I had some I have pushed my changes that contains the
even though I have stubbed the authentication manager to return |
@rhamedy, I think the problem is that when just I'd recommend something similar to this: if (this.authenticationManagerResolver != null) {
AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(this.authenticationManagerResolver);
oauth2.setServerAuthenticationConverter(bearerTokenConverter);
oauth2.setAuthenticationFailureHandler(new
ServerAuthenticationEntryPointFailureHandler(entryPoint));
http.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
} else if (this.jwt != null) {
this.jwt.configure(http);
} else if (this.opaqueToken != null) {
this.jwt.configure(http);
} The extra support in |
936941f
to
28b3181
Compare
Hi @jzheaux thanks for hint above, that seemed to be the issue with failing tests. I squashed my commits and pushed my changes. Please let me know if there is need for more tests and/or javadoc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rhamedy, this looks great, thank you again.
Just one quick change, which I've described inline, and we should be good.
...ain/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
Outdated
Show resolved
Hide resolved
Suitable for multi-tenant reactive applications needing to branch authentication strategies based on request details.
Thanks, @rhamedy, this is now merged into |
Fixes: gh-6727
Fixes: gh-6723