closes #189

Alexander Furer · Alexander Furer · commit 2103610b9dae · 2021-03-10T10:56:42.000+02:00
diff --git a/grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/CustomInterceptorsOrderTest.java b/grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/CustomInterceptorsOrderTest.java
@@ -13,6 +13,7 @@
 import io.grpc.examples.GreeterOuterClass;
 import org.hamcrest.Matchers;
 import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.lognet.springboot.grpc.demo.DemoApp;
 import org.lognet.springboot.grpc.security.AuthClientInterceptor;
@@ -52,6 +53,7 @@
 
 @SpringBootTest(classes = DemoApp.class,
         properties = {
+                "grpc.security.auth.fail-fast=false", // give validator a chance to run before failing auth
                 "grpc.security.auth.interceptor-order=3", //third
                 "grpc.metrics.interceptor-order=2", //second
                 "grpc.validation.interceptor-order=1" //first
@@ -90,7 +92,7 @@ public void setUp() throws Exception {
 
     }
 
-   // @Test
+    @Test
     public void validationShouldInvokedBeforeAuthTest() {
         final GreeterGrpc.GreeterBlockingStub stub = GreeterGrpc.newBlockingStub(super.getChannel());
         StatusRuntimeException e = assertThrows(StatusRuntimeException.class, () -> {
@@ -99,8 +101,10 @@ public void validationShouldInvokedBeforeAuthTest() {
                     .clearName()//invalid
                     .build());
         });
+
         assertThat(e.getStatus().getCode(), Matchers.is(Status.Code.INVALID_ARGUMENT));
 
+
     }
 
     @Override
diff --git a/grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/ValidationTest.java b/grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/ValidationTest.java
@@ -1,5 +1,6 @@
 package org.lognet.springboot.grpc;
 
+import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.StatusRuntimeException;
 import io.grpc.examples.GreeterGrpc;
@@ -10,6 +11,9 @@
 import org.junit.runner.RunWith;
 import org.lognet.springboot.grpc.demo.DemoApp;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -19,7 +23,22 @@
 
 @RunWith(SpringRunner.class)
 @SpringBootTest(classes = {DemoApp.class}, webEnvironment = NONE, properties = {"grpc.port=0"})
+@Import(ValidationTest.TestCfg.class)
 public class ValidationTest extends GrpcServerTestBase {
+
+    @TestConfiguration
+    static class TestCfg {
+        @Bean
+        public GRpcErrorHandler authErrorHandler() {
+            return new GRpcErrorHandler() {
+                @Override
+                public Status handle(Object message, Status status, Exception exception, Metadata requestHeaders, Metadata responseHeaders) {
+                    responseHeaders.put(Metadata.Key.of("test", Metadata.ASCII_STRING_MARSHALLER), "val");
+                    return super.handle(message,status,exception,requestHeaders,responseHeaders);
+                }
+            };
+        }
+    }
     private  GreeterGrpc.GreeterBlockingStub stub;
 
 
@@ -45,6 +64,7 @@ public void stringValidationTest() {
                 Matchers.containsStringIgnoringCase(getFieldName(GreeterOuterClass.Person.NAME_FIELD_NUMBER))
 
         ));
+
     }
 
     @Test
@@ -84,6 +104,7 @@ public void fieldsValidationTest() {
                 Matchers.containsStringIgnoringCase("must be true")
 
         ));
+        assertResponseHeaders(e);
     }
 
     @Test
@@ -105,6 +126,7 @@ public void crossFieldsValidationTest() {
                 Matchers.containsStringIgnoringCase(person.getName()),
                 Matchers.containsStringIgnoringCase(Integer.toString(person.getAge()))
         ));
+        assertResponseHeaders(e);
 
 
 
@@ -135,15 +157,18 @@ public void invalidResponseMessageValidationTest() {
 
                 Matchers.containsStringIgnoringCase(getFieldName(GreeterOuterClass.Person.NICKNAME_FIELD_NUMBER)),
                 Matchers.containsStringIgnoringCase("must not be empty")
-
-
         ));
-
+        assertResponseHeaders(e);
 
     }
 
 
     String getFieldName(int fieldNumber) {
         return GreeterOuterClass.Person.getDescriptor().findFieldByNumber(fieldNumber).getName();
     }
+
+    private void assertResponseHeaders(StatusRuntimeException e) {
+        final String header = e.getTrailers().get(Metadata.Key.of("test", Metadata.ASCII_STRING_MARSHALLER));
+        assertThat(header, Matchers.is("val"));
+    }
 }
diff --git a/grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/auth/JwtRoleTest.java b/grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/auth/JwtRoleTest.java
@@ -1,6 +1,7 @@
 package org.lognet.springboot.grpc.auth;
 
 
+import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.StatusRuntimeException;
 import io.grpc.examples.CalculatorGrpc;
@@ -9,6 +10,7 @@
 import org.hamcrest.Matchers;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.lognet.springboot.grpc.GRpcErrorHandler;
 import org.lognet.springboot.grpc.demo.DemoApp;
 import org.lognet.springboot.grpc.security.EnableGrpcSecurity;
 import org.lognet.springboot.grpc.security.GrpcSecurity;
@@ -17,6 +19,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.test.context.ActiveProfiles;
@@ -45,9 +48,22 @@
 public class JwtRoleTest extends JwtAuthBaseTest {
 
 
+    static final Metadata.Key<String> key = Metadata.Key.of("test", Metadata.ASCII_STRING_MARSHALLER);
+
     @TestConfiguration
     static class TestCfg {
 
+        @Bean
+        public GRpcErrorHandler handler(){
+            return new GRpcErrorHandler(){
+                @Override
+                public Status handle(Object message, Status status, Exception exception, Metadata requestHeaders, Metadata responseHeaders) {
+
+                    responseHeaders.put(key,"value");
+                    return super.handle(message, status, exception, requestHeaders, responseHeaders);
+                }
+            };
+        }
         @EnableGrpcSecurity
         public class DemoGrpcSecurityConfig extends GrpcSecurityConfigurerAdapter {
 
@@ -142,6 +158,8 @@ public void shouldFail() {
         });
         assertThat(statusRuntimeException.getStatus().getCode(), Matchers.is(Status.Code.PERMISSION_DENIED));
 
+        assertThat(statusRuntimeException.getTrailers().get(key),Matchers.is("value"));
+
 
     }
 
diff --git a/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/FailureHandlingServerInterceptor.java b/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/FailureHandlingServerInterceptor.java
@@ -0,0 +1,21 @@
+package org.lognet.springboot.grpc;
+
+import io.grpc.Metadata;
+import io.grpc.ServerCall;
+import io.grpc.ServerInterceptor;
+import io.grpc.Status;
+
+public interface FailureHandlingServerInterceptor extends ServerInterceptor {
+    default   void closeCall(Object o, GRpcErrorHandler errorHandler, ServerCall<?, ?> call, Metadata headers, final Status status, Exception exception){
+
+        final Metadata responseHeaders = new Metadata();
+        Status statusToSend;
+        if(null==o){
+            statusToSend = errorHandler.handle(status, exception, headers, responseHeaders);
+        }else {
+            statusToSend = errorHandler.handle(o,status, exception, headers, responseHeaders);
+        }
+
+        call.close(statusToSend, responseHeaders);
+    }
+}
diff --git a/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/GRpcErrorHandler.java b/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/GRpcErrorHandler.java
@@ -0,0 +1,32 @@
+package org.lognet.springboot.grpc;
+
+import io.grpc.Metadata;
+import io.grpc.Status;
+
+public class GRpcErrorHandler {
+
+    /**
+     *
+     * @param status
+     * @param exception
+     * @param requestHeaders
+     * @param responseHeaders - to be filled by implementor with trails meant to be sent to client
+     * @return
+     */
+    public Status handle(Status status, Exception exception, Metadata requestHeaders, Metadata responseHeaders) {
+        return handle(null,status,exception,requestHeaders,responseHeaders);
+    }
+
+    /**
+     *
+     * @param message - request message
+     * @param status
+     * @param exception
+     * @param requestHeaders
+     * @param responseHeaders -  to be filled by implementor with trails meant to be sent to client
+     * @return
+     */
+    public Status handle(Object message,Status status, Exception exception, Metadata requestHeaders, Metadata responseHeaders) {
+        return status.withDescription(exception.getMessage());
+    }
+}
diff --git a/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/autoconfigure/GRpcServerProperties.java b/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/autoconfigure/GRpcServerProperties.java
@@ -86,6 +86,7 @@ public static class SecurityProperties {
         @Setter
         public static class Auth {
             private Integer interceptorOrder;
+            private boolean failFast = true;
         }
     }
 
diff --git a/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/security/GrpcSecurity.java b/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/security/GrpcSecurity.java
@@ -77,12 +77,11 @@ protected ServerInterceptor performBuild() throws Exception {
         final RoleVoter scopeVoter = new RoleVoter();
         scopeVoter.setRolePrefix("SCOPE_");
         securityInterceptor.setAccessDecisionManager(new AffirmativeBased(Arrays.asList(new RoleVoter(),scopeVoter, new AuthenticatedAttributeVoter())));
-        final Integer order = Optional.of(applicationContext.getBean(GRpcServerProperties.class))
+        final GRpcServerProperties.SecurityProperties.Auth authCfg = Optional.of(applicationContext.getBean(GRpcServerProperties.class))
                 .map(GRpcServerProperties::getSecurity)
                 .map(GRpcServerProperties.SecurityProperties::getAuth)
-                .map(GRpcServerProperties.SecurityProperties.Auth::getInterceptorOrder)
                 .orElse(null);
-        securityInterceptor.setOrder(order);
+        securityInterceptor.setConfig(authCfg);
         return securityInterceptor;
     }
     @SuppressWarnings("unchecked")
diff --git a/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/security/GrpcSecurityConfigurerAdapter.java b/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/security/GrpcSecurityConfigurerAdapter.java
@@ -20,6 +20,7 @@ protected GrpcSecurityConfigurerAdapter() {
     }
 
 
+
     @Autowired
     public void setApplicationContext(ApplicationContext context) throws Exception {
 
diff --git a/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/security/SecurityInterceptor.java b/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/security/SecurityInterceptor.java
diff --git a/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/validation/ValidatingInterceptor.java b/grpc-spring-boot-starter/src/main/java/org/lognet/springboot/grpc/validation/ValidatingInterceptor.java

Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,7 @@ public static class SecurityProperties {`
`86`	`86`	`@Setter`
`87`	`87`	`public static class Auth {`
`88`	`88`	`private Integer interceptorOrder;`
	`89`	`+ private boolean failFast = true;`
`89`	`90`	`}`
`90`	`91`	`}`
`91`	`92`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ protected GrpcSecurityConfigurerAdapter() {`
`20`	`20`	`}`
`21`	`21`
`22`	`22`
	`23`	`+`
`23`	`24`	`@Autowired`
`24`	`25`	`public void setApplicationContext(ApplicationContext context) throws Exception {`
`25`	`26`