Skip to content

Authentication does not work as in example #106

New issue
New issue
Closed
Closed
Authentication does not work as in example#106
@kruckerr

Description

@kruckerr
kruckerr
opened on Mar 4, 2021

Hi

I tried the newest version (1.0.4) with Vert.x 4.0.2. But I have problems with the authorization. We are working with JWT tokens.

First I migrated to the new version without changing my code. When I call a REST path annotated with @RolesAllowed("Admin"), I get a 403 (Forbidden) response event though the token contains the "Admin" permission. Before the upgrade, this worked fine.

@Path("/private")
public class PrivateHelloRestController implements IRestController {
    private static final Logger LOGGER = LoggerFactory.getLogger(PrivateHelloRestController.class);

    @GET
    @Path("/hello")
    @Produces(MediaType.APPLICATION_JSON)
    @RolesAllowed({"Admin"})
    public String hello(@Context User user) {
        LOGGER.debug("This is the user: {}", user.principal());
        return "Private hello from Vert.x";
    }
}

Then I tried to migrate to then new authentication and authorization approach. When I added my authentication provider as a global authentication provider, it works fine.

        RestRouter.authenticateWith(MyAuthenticator.class);

and

@Path("/private")
public class PrivateHelloRestController implements IRestController {
    private static final Logger LOGGER = LoggerFactory.getLogger(PrivateHelloRestController.class);

    @GET
    @Path("/hello")
    @Produces(MediaType.APPLICATION_JSON)
    @Authorize(MyAuthorizationProvider.class)
    public String hello(@Context User user) {
        LOGGER.debug("This is the user: {}", user.principal());
        return "Private hello from Vert.x";
    }
}

But we have some paths, that must be accessable without authorization. So a global authentication is no option. When I annotate a class with @Authenticate as in your example, my custom authenticator implementation is never called.

@Path("/private")
@Authenticate(MyAuthenticator.class)
public class PrivateHelloRestController implements IRestController {
    private static final Logger LOGGER = LoggerFactory.getLogger(PrivateHelloRestController.class);

    @GET
    @Path("/hello")
    @Produces(MediaType.APPLICATION_JSON)
    @Authorize(MyAuthorizationProvider.class)
    public String hello(@Context User user) {
        LOGGER.debug("This is the user: {}", user.principal());
        return "Private hello from Vert.x";
    }
}

I works, when I put the annotation to a method.

@Path("/private")
public class PrivateHelloRestController implements IRestController {
    private static final Logger LOGGER = LoggerFactory.getLogger(PrivateHelloRestController.class);

    @GET
    @Path("/hello")
    @Produces(MediaType.APPLICATION_JSON)
    @Authenticate(MyAuthenticator.class)
    @Authorize(MyAuthorizationProvider.class)
    public String hello(@Context User user) {
        LOGGER.debug("This is the user: {}", user.principal());
        return "Private hello from Vert.x";
    }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions