Skip to content

Fix #1088 - Add support for custom credentials provider in runtime #1104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 11, 2025
Merged

Fix #1088 - Add support for custom credentials provider in runtime #1104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions ...loyment/src/main/java/io/quarkiverse/openapi/generator/deployment/GeneratorProcessor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
import io.quarkiverse.openapi.generator.providers.ApiKeyIn;
import io.quarkiverse.openapi.generator.providers.AuthProvider;
import io.quarkiverse.openapi.generator.providers.BaseCompositeAuthenticationProvider;
import io.quarkiverse.openapi.generator.providers.CredentialsProvider;
import io.quarkiverse.openapi.generator.providers.OperationAuthInfo;
import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
Expand Down Expand Up @@ -201,6 +202,7 @@ void produceBasicAuthentication(CombinedIndexBuildItem beanArchiveBuildItem,
.annotation(OpenApiSpec.class)
.addValue("openApiSpecId", openApiSpecId)
.done()
.addInjectionPoint(ClassType.create(DotName.createSimple(CredentialsProvider.class)))
.createWith(recorder.recordBasicAuthProvider(sanitizeAuthName(name), openApiSpecId, operations))
.unremovable()
.done());
Expand Down Expand Up @@ -240,6 +242,7 @@ void produceBearerAuthentication(CombinedIndexBuildItem beanArchiveBuildItem,
.annotation(OpenApiSpec.class)
.addValue("openApiSpecId", openApiSpecId)
.done()
.addInjectionPoint(ClassType.create(DotName.createSimple(CredentialsProvider.class)))
.createWith(recorder.recordBearerAuthProvider(sanitizeAuthName(name), scheme, openApiSpecId, operations))
.unremovable()
.done());
Expand Down Expand Up @@ -282,6 +285,7 @@ void produceApiKeyAuthentication(CombinedIndexBuildItem beanArchiveBuildItem,
.annotation(OpenApiSpec.class)
.addValue("openApiSpecId", openApiSpecId)
.done()
.addInjectionPoint(ClassType.create(DotName.createSimple(CredentialsProvider.class)))
.createWith(recorder.recordApiKeyAuthProvider(sanitizeAuthName(name), openApiSpecId, apiKeyIn, apiKeyName,
operations))
.unremovable()
Expand Down
10 changes: 4 additions & 6 deletions ...ava/io/quarkiverse/openapi/generator/deployment/template/QuteTemplatingEngineAdapter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package io.quarkiverse.openapi.generator.deployment.template;

import java.io.IOException;
import java.util.Map;

import org.openapitools.codegen.api.AbstractTemplatingEngineAdapter;
Expand All @@ -12,8 +11,8 @@

public class QuteTemplatingEngineAdapter extends AbstractTemplatingEngineAdapter {

public static final String IDENTIFIER = "qute";
public static final String[] INCLUDE_TEMPLATES = {
private static final String IDENTIFIER = "qute";
private static final String[] DEFAULT_TEMPLATES = {
"additionalEnumTypeAnnotations.qute",
"additionalEnumTypeUnexpectedMember.qute",
"additionalModelTypeAnnotations.qute",
Expand Down Expand Up @@ -60,8 +59,7 @@ public String[] getFileExtensions() {
}

@Override
public String compileTemplate(TemplatingExecutor executor, Map<String, Object> bundle, String templateFile)
throws IOException {
public String compileTemplate(TemplatingExecutor executor, Map<String, Object> bundle, String templateFile) {
this.cacheTemplates(executor);
Template template = engine.getTemplate(templateFile);
if (template == null) {
Expand All @@ -72,7 +70,7 @@ public String compileTemplate(TemplatingExecutor executor, Map<String, Object> b
}

public void cacheTemplates(TemplatingExecutor executor) {
for (String templateId : INCLUDE_TEMPLATES) {
for (String templateId : DEFAULT_TEMPLATES) {
Template incTemplate = engine.getTemplate(templateId);
if (incTemplate == null) {
incTemplate = engine.parse(executor.getFullTemplateContents(templateId));
Expand Down
3 changes: 2 additions & 1 deletion ...in/java/io/quarkiverse/openapi/generator/oidc/providers/OAuth2AuthenticationProvider.java
View file
Open in desktop
Copy link
Contributor

@gabriel-farache gabriel-farache Apr 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ricardozanini The ConfigCredentialsProvider is never used for the oauth2 provider, right? both its own filter method and the one of the delegate are getting the value from the header, I think a method getOauth2Bearer should be introduced in the CredentialsProvider interface. We could re-use the getBearerToken but I find it more straightforward to have a dedicated method per provider.

Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import org.slf4j.LoggerFactory;

import io.quarkiverse.openapi.generator.providers.AbstractAuthProvider;
import io.quarkiverse.openapi.generator.providers.ConfigCredentialsProvider;
import io.quarkiverse.openapi.generator.providers.OperationAuthInfo;
import io.quarkus.oidc.common.runtime.OidcConstants;

Expand All @@ -23,7 +24,7 @@ public class OAuth2AuthenticationProvider extends AbstractAuthProvider {

public OAuth2AuthenticationProvider(String name,
String openApiSpecId, OidcClientRequestFilterDelegate delegate, List<OperationAuthInfo> operations) {
super(name, openApiSpecId, operations);
super(name, openApiSpecId, operations, new ConfigCredentialsProvider());
this.delegate = delegate;
validateConfig();
}
Expand Down
12 changes: 9 additions & 3 deletions client/runtime/src/main/java/io/quarkiverse/openapi/generator/AuthenticationRecorder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import io.quarkiverse.openapi.generator.providers.BaseCompositeAuthenticationProvider;
import io.quarkiverse.openapi.generator.providers.BasicAuthenticationProvider;
import io.quarkiverse.openapi.generator.providers.BearerAuthenticationProvider;
import io.quarkiverse.openapi.generator.providers.CredentialsProvider;
import io.quarkiverse.openapi.generator.providers.OperationAuthInfo;
import io.quarkus.arc.SyntheticCreationalContext;
import io.quarkus.runtime.annotations.Recorder;
Expand All @@ -35,22 +36,27 @@ public Function<SyntheticCreationalContext<AuthProvider>, AuthProvider> recordAp
ApiKeyIn apiKeyIn,
String apiKeyName,
List<OperationAuthInfo> operations) {
return context -> new ApiKeyAuthenticationProvider(openApiSpecId, name, apiKeyIn, apiKeyName, operations);
return context -> new ApiKeyAuthenticationProvider(openApiSpecId, name, apiKeyIn,
apiKeyName, operations, context.getInjectedReference(CredentialsProvider.class));
}

public Function<SyntheticCreationalContext<AuthProvider>, AuthProvider> recordBearerAuthProvider(
String name,
String scheme,
String openApiSpecId,
List<OperationAuthInfo> operations) {
return context -> new BearerAuthenticationProvider(openApiSpecId, name, scheme, operations);
return context -> new BearerAuthenticationProvider(openApiSpecId, name, scheme,
operations, context.getInjectedReference(CredentialsProvider.class));
}

public Function<SyntheticCreationalContext<AuthProvider>, AuthProvider> recordBasicAuthProvider(
String name,
String openApiSpecId,
List<OperationAuthInfo> operations) {
return context -> new BasicAuthenticationProvider(openApiSpecId, name, operations);

return context -> new BasicAuthenticationProvider(openApiSpecId, name,
operations, context.getInjectedReference(CredentialsProvider.class));

}

}
12 changes: 10 additions & 2 deletions ...untime/src/main/java/io/quarkiverse/openapi/generator/providers/AbstractAuthProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@

public abstract class AbstractAuthProvider implements AuthProvider {

CredentialsProvider credentialsProvider;

private static final String BEARER_WITH_SPACE = "Bearer ";
private static final String CANONICAL_AUTH_CONFIG_PROPERTY_NAME = "quarkus." + RUNTIME_TIME_CONFIG_PREFIX
+ ".%s.auth.%s.%s";
Expand All @@ -24,10 +26,12 @@ public abstract class AbstractAuthProvider implements AuthProvider {
private final String name;
private final List<OperationAuthInfo> applyToOperations = new ArrayList<>();

protected AbstractAuthProvider(String name, String openApiSpecId, List<OperationAuthInfo> operations) {
protected AbstractAuthProvider(String name, String openApiSpecId, List<OperationAuthInfo> operations,
CredentialsProvider credentialsProvider) {
this.name = name;
this.openApiSpecId = openApiSpecId;
this.applyToOperations.addAll(operations);
this.credentialsProvider = credentialsProvider;
}

protected static String sanitizeBearerToken(String token) {
Expand Down Expand Up @@ -69,6 +73,10 @@ public List<OperationAuthInfo> operationsToFilter() {
}

public final String getCanonicalAuthConfigPropertyName(String authPropertyName) {
return String.format(CANONICAL_AUTH_CONFIG_PROPERTY_NAME, getOpenApiSpecId(), getName(), authPropertyName);
return getCanonicalAuthConfigPropertyName(authPropertyName, getOpenApiSpecId(), getName());
}

public static String getCanonicalAuthConfigPropertyName(String authPropertyName, String openApiSpecId, String authName) {
return String.format(CANONICAL_AUTH_CONFIG_PROPERTY_NAME, openApiSpecId, authName, authPropertyName);
}
}
33 changes: 14 additions & 19 deletions ...rc/main/java/io/quarkiverse/openapi/generator/providers/ApiKeyAuthenticationProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@
import jakarta.ws.rs.core.UriBuilder;

import org.eclipse.microprofile.config.ConfigProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import io.quarkiverse.openapi.generator.OpenApiGeneratorException;

Expand All @@ -21,50 +19,47 @@
*/
public class ApiKeyAuthenticationProvider extends AbstractAuthProvider {

private static final Logger LOGGER = LoggerFactory.getLogger(ApiKeyAuthenticationProvider.class);

static final String API_KEY = "api-key";
static final String USE_AUTHORIZATION_HEADER_VALUE = "use-authorization-header-value";

private final ApiKeyIn apiKeyIn;
private final String apiKeyName;

public ApiKeyAuthenticationProvider(final String openApiSpecId, final String name, final ApiKeyIn apiKeyIn,
final String apiKeyName, List<OperationAuthInfo> operations) {
super(name, openApiSpecId, operations);
final String apiKeyName, List<OperationAuthInfo> operations, CredentialsProvider credentialsProvider) {
super(name, openApiSpecId, operations, credentialsProvider);
this.apiKeyIn = apiKeyIn;
this.apiKeyName = apiKeyName;
validateConfig();
}

public ApiKeyAuthenticationProvider(final String openApiSpecId, final String name, final ApiKeyIn apiKeyIn,
final String apiKeyName, List<OperationAuthInfo> operations) {
this(openApiSpecId, name, apiKeyIn, apiKeyName, operations, new ConfigCredentialsProvider());
}

@Override
public void filter(ClientRequestContext requestContext) throws IOException {
switch (apiKeyIn) {
case query:
requestContext.setUri(UriBuilder.fromUri(requestContext.getUri()).queryParam(apiKeyName, getApiKey()).build());
requestContext.setUri(
UriBuilder.fromUri(requestContext.getUri()).queryParam(apiKeyName, getApiKey(requestContext)).build());
break;
case cookie:
requestContext.getHeaders().add(HttpHeaders.COOKIE, new Cookie.Builder(apiKeyName).value(getApiKey()).build());
requestContext.getHeaders().add(HttpHeaders.COOKIE,
new Cookie.Builder(apiKeyName).value(getApiKey(requestContext)).build());
break;
case header:
if (requestContext.getHeaderString("Authorization") != null
&& !requestContext.getHeaderString("Authorization").isEmpty()
&& isUseAuthorizationHeaderValue()) {
requestContext.getHeaders().putSingle(apiKeyName, requestContext.getHeaderString("Authorization"));
} else
requestContext.getHeaders().putSingle(apiKeyName, getApiKey());
requestContext.getHeaders().putSingle(apiKeyName, getApiKey(requestContext));
break;
}
}

private String getApiKey() {
final String key = ConfigProvider.getConfig()
.getOptionalValue(getCanonicalAuthConfigPropertyName(API_KEY), String.class).orElse("");
if (key.isEmpty()) {
LOGGER.warn("configured {} property (see application.properties) is empty. hint: configure it.",
getCanonicalAuthConfigPropertyName(API_KEY));
}
return key;
private String getApiKey(ClientRequestContext requestContext) {
return credentialsProvider.getApiKey(requestContext, getOpenApiSpecId(), getName());
}

private boolean isUseAuthorizationHeaderValue() {
Expand Down
24 changes: 11 additions & 13 deletions ...src/main/java/io/quarkiverse/openapi/generator/providers/BasicAuthenticationProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@
import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.core.HttpHeaders;

import org.eclipse.microprofile.config.ConfigProvider;

import io.quarkiverse.openapi.generator.OpenApiGeneratorException;

/**
Expand All @@ -19,28 +17,28 @@
*/
public class BasicAuthenticationProvider extends AbstractAuthProvider {

static final String USER_NAME = "username";
static final String PASSWORD = "password";
public BasicAuthenticationProvider(final String openApiSpecId, String name, List<OperationAuthInfo> operations,
CredentialsProvider credentialsProvider) {
super(name, openApiSpecId, operations, credentialsProvider);
validateConfig();
}

public BasicAuthenticationProvider(final String openApiSpecId, String name, List<OperationAuthInfo> operations) {
super(name, openApiSpecId, operations);
validateConfig();
this(openApiSpecId, name, operations, new ConfigCredentialsProvider());
}

private String getUsername() {
return ConfigProvider.getConfig().getOptionalValue(getCanonicalAuthConfigPropertyName(USER_NAME), String.class)
.orElse("");
private String getUsername(ClientRequestContext requestContext) {
return credentialsProvider.getBasicUsername(requestContext, getOpenApiSpecId(), getName());
}

private String getPassword() {
return ConfigProvider.getConfig().getOptionalValue(getCanonicalAuthConfigPropertyName(PASSWORD), String.class)
.orElse("");
private String getPassword(ClientRequestContext requestContext) {
return credentialsProvider.getBasicPassword(requestContext, getOpenApiSpecId(), getName());
}

@Override
public void filter(ClientRequestContext requestContext) throws IOException {
requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION,
AuthUtils.basicAuthAccessToken(getUsername(), getPassword()));
AuthUtils.basicAuthAccessToken(getUsername(requestContext), getPassword(requestContext)));
}

private void validateConfig() {
Expand Down
23 changes: 11 additions & 12 deletions ...rc/main/java/io/quarkiverse/openapi/generator/providers/BearerAuthenticationProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,42 +6,41 @@
import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.core.HttpHeaders;

import org.eclipse.microprofile.config.ConfigProvider;

/**
* Provides bearer token authentication or any other valid scheme.
*
* @see <a href="https://swagger.io/docs/specification/authentication/bearer-authentication/">Bearer Authentication</a>
*/
public class BearerAuthenticationProvider extends AbstractAuthProvider {

static final String BEARER_TOKEN = "bearer-token";

private final String scheme;

public BearerAuthenticationProvider(final String openApiSpecId, final String name, final String scheme,
List<OperationAuthInfo> operations) {
super(name, openApiSpecId, operations);
List<OperationAuthInfo> operations, CredentialsProvider credentialsProvider) {
super(name, openApiSpecId, operations, credentialsProvider);
this.scheme = scheme;
}

public BearerAuthenticationProvider(final String openApiSpecId, final String name, final String scheme,
List<OperationAuthInfo> operations) {
this(openApiSpecId, name, scheme, operations, new ConfigCredentialsProvider());
}

@Override
public void filter(ClientRequestContext requestContext) throws IOException {
String bearerToken;
if (isTokenPropagation()) {
bearerToken = getTokenForPropagation(requestContext.getHeaders());
bearerToken = sanitizeBearerToken(bearerToken);
} else {
bearerToken = getBearerToken();
bearerToken = getBearerToken(requestContext);
}
if (!bearerToken.isBlank()) {
requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION,
AuthUtils.authTokenOrBearer(this.scheme, bearerToken));
requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, AuthUtils.authTokenOrBearer(this.scheme, bearerToken));
}
}

private String getBearerToken() {
return ConfigProvider.getConfig().getOptionalValue(getCanonicalAuthConfigPropertyName(BEARER_TOKEN), String.class)
.orElse("");
private String getBearerToken(ClientRequestContext requestContext) {
return credentialsProvider.getBearerToken(requestContext, getOpenApiSpecId(), getName());
}
}
Loading