Improvement around profile injection and SecurityContext

README.md

@@ -165,7 +165,7 @@ public class Pac4JFeature implements Feature {
             .register(new JaxRsConfigProvider(config))
             .register(new Pac4JSecurityFeature())
             .register(new Pac4JValueFactoryProvider.Binder()) // only with Jersey <2.26
-            .register(new Pac4JProfileInjectorFactory()) // only with RestEasy
+            .register(new Pac4JProfileInjectorFactory()) // only with Resteasy
             .register(new ServletJaxRsContextFactoryProvider());
 
         return true;
@@ -301,7 +301,7 @@ For example:
 
 ### 5) Get the user profile (`CommonProfile` and `ProfileManager`)
 
-When using Jersey (<2.26) as the JAX-RS runtime, it is possible to directly inject a pac4j profile or profile manager using method parameters injection.
+When using Jersey (<2.26)  or Resteasy as the JAX-RS runtime, it is possible to directly inject a pac4j profile or profile manager using method parameters injection.
 When using another JAX-RS runtime, see below for workarounds.
 
 #### Using method parameters injection
@@ -320,8 +320,6 @@ You can get the profile of the authenticated user using the annotation `@Pac4JPr
     }
 ```
 
-It has one parameter name `readFromSession` (default is `true`: use `false` not to use the session, but only the current HTTP request, useful in particular with the session-less `JaxRsContextFactoryProvider`).
-
 It is also possible to inject a optional `CommonProfile` like so:
 
 ```java
@@ -375,9 +373,16 @@ or even:
 
 #### Without method parameters injection
 
-**Help wanted**: if you want to implement method parameters injection for other frameworks than Jersey <2.26, help will be appreciated (for example [Jersey >=2.26](https://github.com/pac4j/jax-rs-pac4j/issues/30)).
+**Help wanted**: if you want to implement method parameters injection for other frameworks than Jersey <2.26 or Resteasy, help will be appreciated (for example [Jersey >=2.26](https://github.com/pac4j/jax-rs-pac4j/issues/30)).
+
+Other solutions involves:
+ - retrieving the `SecurityContext` and casting it to `Pac4JSecurityContext` to access the profiles.
+ - retrieving the `SecurityContext` and casting it to `Pac4JSecurityContext` to access the `JaxRsContext`.
+ - retrieving the `JaxRsContext` in order to instantiate a `JaxRsProfileManager`.
 
-If using a JAX-RS runtime running on top of a Servlet container, it is always possible to simply exploit the `HttpServletRequest` as explained [there](https://github.com/pac4j/j2e-pac4j#5-get-the-user-profile-profilemanager):
+To retrieve the `Pac4JSecurityContext` or the `JaxRsContext`, see [JerseyResource.java](src/test/java/org/pac4j/jax/rs/resources/JerseyResource.java) or [RestEasyResource.java](src/test/java/org/pac4j/jax/rs/resources/RestEasyResource.java) for examples.
+
+Worst case scenario, when using a JAX-RS runtime running on top of a Servlet container, it is always possible to simply exploit the `HttpServletRequest` as explained [there](https://github.com/pac4j/j2e-pac4j#5-get-the-user-profile-profilemanager):
 ```java
     @GET
     public void get(@Context HttpServletRequest request) {
@@ -386,27 +391,6 @@ If using a JAX-RS runtime running on top of a Servlet container, it is always po
     }
 ```
 
-Or with Jersey >=2.26 using the following:
-```java
-public class MyResource {
-    @Context
-    private Providers providers;
-
-    @Inject
-    private ContainerRequest request;
-
-    private JaxRsContext getContext() {
-        return ProvidersHelper.getContext(providers, JaxRsContextFactory.class).provides(request);
-    }
-
-    @GET
-    public void get() {
-        ProfileManager manager = new ProfileManager(getContext());
-        Optional<CommonProfile> profile = manager.get(true);
-    }
-}
-```
-
 ---
 
 ### 6) Logout (`ApplicationLogoutFilter`)
@@ -459,7 +443,7 @@ If you have any question, please use the following mailing lists:
 ## Development
 
 
-The version 2.1.0-SNAPSHOT is under development.
+The version 2.2.0-SNAPSHOT is under development.
 
 Maven artifacts are built via Travis and available in the [Sonatype snapshots repository](https://oss.sonatype.org/content/repositories/snapshots/org/pac4j). This repository must be added in the Maven `settings.xml` or `pom.xml` files:
 

pom.xml

@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
@@ -12,7 +13,7 @@
   <artifactId>jax-rs-pac4j</artifactId>
   <packaging>jar</packaging>
   <name>pac4j implementation for JAX-RS</name>
-  <version>2.1.1-SNAPSHOT</version>
+  <version>2.2.0-SNAPSHOT</version>
   <description>Security library for JAX-RS based on pac4j, optional support for Jersey</description>
   <url>https://github.com/pac4j/jax-rs-pac4j</url>
 
@@ -21,15 +22,23 @@
       <id>sonatype-nexus-snapshots</id>
       <name>Sonatype Nexus Snapshots</name>
       <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-      <releases><enabled>false</enabled></releases>
-      <snapshots><enabled>true</enabled></snapshots>
+      <releases>
+        <enabled>false</enabled>
+      </releases>
+      <snapshots>
+        <enabled>true</enabled>
+      </snapshots>
     </repository>
     <repository>
       <id>sonatype-nexus</id>
       <name>Sonatype Nexus</name>
       <url>https://oss.sonatype.org/content/repositories/releases</url>
-      <releases><enabled>true</enabled></releases>
-      <snapshots><enabled>false</enabled></snapshots>
+      <releases>
+        <enabled>true</enabled>
+      </releases>
+      <snapshots>
+        <enabled>false</enabled>
+      </snapshots>
     </repository>
   </repositories>
 
@@ -69,12 +78,12 @@
 
   <properties>
     <servlet.version>3.1.0</servlet.version>
-    <!-- careful jersey 2.26 moved to jax-rs 2.1 and even though
-         the versionning does not show it, this is a huge upgrade -->
+    <!-- careful jersey 2.26 moved to jax-rs 2.1 and even though the versionning 
+      does not show it, this is a huge upgrade -->
     <jax.rs.version>2.0.1</jax.rs.version>
     <jersey.version>2.25.1</jersey.version>
     <resteasy.version>3.1.4.Final</resteasy.version>
-    <pac4j.version>2.1.0</pac4j.version>
+    <pac4j.version>2.2.0</pac4j.version>
     <java.version>1.8</java.version>
   </properties>
 
@@ -178,6 +187,12 @@
       <artifactId>jersey-test-framework-provider-inmemory</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.awaitility</groupId>
+      <artifactId>awaitility</artifactId>
+      <version>3.0.0</version>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>

src/main/java/org/pac4j/jax/rs/annotations/Pac4JProfile.java

@@ -7,14 +7,12 @@
 import java.lang.annotation.Target;
 
 import org.pac4j.core.profile.CommonProfile;
-import org.pac4j.jax.rs.jersey.features.Pac4JValueFactoryProvider;
 
 /**
  * 
  * Binds the value(s) of the current Pac4J {@link CommonProfile} to a resource method parameter, resource class field,
  * or resource class bean property.
  * 
- * @see Pac4JValueFactoryProvider.Binder
  * @author Victor Noel - Linagora
  * @since 1.0.0
  *
@@ -23,5 +21,10 @@
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
 public @interface Pac4JProfile {
+
+    /**
+     * @deprecated will be removed in jax-rs-pac4j 3.0.0
+     */
+    @Deprecated
     boolean readFromSession() default true;
 }

src/main/java/org/pac4j/jax/rs/features/JaxRsContextFactoryProvider.java

@@ -8,7 +8,7 @@
 import org.pac4j.core.client.IndirectClient;
 import org.pac4j.core.config.Config;
 import org.pac4j.jax.rs.features.JaxRsContextFactoryProvider.JaxRsContextFactory;
-import org.pac4j.jax.rs.helpers.ProvidersHelper;
+import org.pac4j.jax.rs.helpers.ProvidersContext;
 import org.pac4j.jax.rs.pac4j.JaxRsContext;
 
 /**
@@ -22,7 +22,6 @@
  * 
  * @author Victor Noel - Linagora
  * @since 1.0.0
- *
  */
 public class JaxRsContextFactoryProvider implements ContextResolver<JaxRsContextFactory> {
 
@@ -40,7 +39,7 @@ protected Providers getProviders() {
     }
 
     protected Config getConfig() {
-        return ProvidersHelper.getContext(providers, Config.class);
+        return new ProvidersContext(providers).resolveNotNull(Config.class);
     }
 
     /**

src/main/java/org/pac4j/jax/rs/features/Pac4JSecurityFeature.java

@@ -164,4 +164,4 @@ public boolean configure(FeatureContext context) {
         // fields.
         return true;
     }
-}
+}

src/main/java/org/pac4j/jax/rs/filters/AbstractFilter.java

@@ -11,8 +11,8 @@
 import org.pac4j.core.authorization.authorizer.Authorizer;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.http.HttpActionAdapter;
-import org.pac4j.jax.rs.features.JaxRsContextFactoryProvider.JaxRsContextFactory;
-import org.pac4j.jax.rs.helpers.ProvidersHelper;
+import org.pac4j.jax.rs.helpers.ProvidersContext;
+import org.pac4j.jax.rs.helpers.RequestJaxRsContext;
 import org.pac4j.jax.rs.pac4j.JaxRsContext;
 
 /**
@@ -32,18 +32,14 @@ public AbstractFilter(Providers providers) {
     }
 
     protected Config getConfig() {
-        return ProvidersHelper.getContext(providers, Config.class);
+        return new ProvidersContext(providers).resolveNotNull(Config.class);
     }
 
     protected abstract void filter(JaxRsContext context) throws IOException;
 
     @Override
     public void filter(ContainerRequestContext requestContext) throws IOException {
-        JaxRsContext context = ProvidersHelper.getContext(providers, JaxRsContextFactory.class)
-                .provides(requestContext);
-        assert context != null;
-
-        filter(context);
+        filter(new RequestJaxRsContext(providers, requestContext).contextOrNew());
     }
 
     @Override
@@ -54,11 +50,8 @@ public void filter(ContainerRequestContext requestContext, ContainerResponseCont
         // unfortunately, if skipResponse is used, we can't do that because pac4j considers
         // its abort response in the same way as the normal response
         if (skipResponse == null || !skipResponse) {
-            JaxRsContext context = ProvidersHelper.getContext(providers, JaxRsContextFactory.class)
-                    .provides(requestContext);
-            assert context != null;
-
-            context.getResponseHolder().populateResponse(responseContext);
+            new RequestJaxRsContext(providers, requestContext).contextOrNew().getResponseHolder()
+                    .populateResponse(responseContext);
         }
     }
 

src/main/java/org/pac4j/jax/rs/filters/CallbackFilter.java

@@ -21,12 +21,6 @@
 @Priority(Priorities.AUTHORIZATION)
 public class CallbackFilter extends AbstractFilter {
 
-    private static final DefaultCallbackLogic<Object, JaxRsContext> DEFAULT_LOGIC = new DefaultCallbackLogic<>();
-
-    static {
-        DEFAULT_LOGIC.setProfileManagerFactory(JaxRsProfileManager::new);
-    }
-
     private CallbackLogic<Object, JaxRsContext> callbackLogic;
 
     private String defaultUrl;
@@ -41,21 +35,22 @@ public CallbackFilter(Providers providers) {
 
     @Override
     protected void filter(JaxRsContext context) throws IOException {
-
         Config config = getConfig();
 
-        CallbackLogic<Object, JaxRsContext> cl;
+        buildLogic(config).perform(context, config, adapter(config), context.getAbsolutePath(defaultUrl, false),
+                multiProfile, renewSession);
+    }
 
+    protected CallbackLogic<Object, JaxRsContext> buildLogic(Config config) {
         if (callbackLogic != null) {
-            cl = callbackLogic;
+            return callbackLogic;
         } else if (config.getCallbackLogic() != null) {
-            cl = config.getCallbackLogic();
+            return config.getCallbackLogic();
         } else {
-            cl = DEFAULT_LOGIC;
+            DefaultCallbackLogic<Object, JaxRsContext> logic = new DefaultCallbackLogic<>();
+            logic.setProfileManagerFactory(JaxRsProfileManager::new);
+            return logic;
         }
-
-        cl.perform(context, config, adapter(config), context.getAbsolutePath(defaultUrl, false), multiProfile,
-                renewSession);
     }
 
     public CallbackLogic<Object, JaxRsContext> getCallbackLogic() {

src/main/java/org/pac4j/jax/rs/filters/LogoutFilter.java

@@ -21,12 +21,6 @@
 @Priority(Priorities.AUTHORIZATION)
 public class LogoutFilter extends AbstractFilter {
 
-    private static final DefaultLogoutLogic<Object, JaxRsContext> DEFAULT_LOGIC = new DefaultLogoutLogic<>();
-
-    static {
-        DEFAULT_LOGIC.setProfileManagerFactory(JaxRsProfileManager::new);
-    }
-
     private LogoutLogic<Object, JaxRsContext> logoutLogic;
 
     private String defaultUrl;
@@ -45,21 +39,23 @@ public LogoutFilter(Providers providers) {
 
     @Override
     protected void filter(JaxRsContext context) throws IOException {
-
         Config config = getConfig();
 
-        LogoutLogic<Object, JaxRsContext> ll;
+        buildLogic(config).perform(context, config, adapter(config), context.getAbsolutePath(defaultUrl, false),
+                context.getAbsolutePath(logoutUrlPattern, false), localLogout, destroySession, centralLogout);
+    }
 
+    protected LogoutLogic<Object, JaxRsContext> buildLogic(Config config) {
         if (logoutLogic != null) {
-            ll = logoutLogic;
+            return logoutLogic;
         } else if (config.getLogoutLogic() != null) {
-            ll = config.getLogoutLogic();
+            return config.getLogoutLogic();
         } else {
-            ll = DEFAULT_LOGIC;
+            DefaultLogoutLogic<Object, JaxRsContext> logic = new DefaultLogoutLogic<>();
+            logic.setProfileManagerFactory(JaxRsProfileManager::new);
+            return logic;
         }
 
-        ll.perform(context, config, adapter(config), context.getAbsolutePath(defaultUrl, false),
-                context.getAbsolutePath(logoutUrlPattern, false), localLogout, destroySession, centralLogout);
     }
 
     public String getDefaultUrl() {