Merge pull request quarkusio#44319 from michalvavrik/feature/vertx-ht…

…tp-security-refactoring

extensions/vertx-http/deployment/src/main/java/io/quarkus/vertx/http/deployment/HttpSecurityPolicyBuildItem.java

@@ -9,7 +9,7 @@
  * @deprecated Define {@link io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy} CDI bean with {@link #name}
  *             set as the {@link HttpSecurityPolicy#name()}.
  */
-@Deprecated
+@Deprecated(since = "3.6", forRemoval = true)
 public final class HttpSecurityPolicyBuildItem extends MultiBuildItem {
 
     final String name;

extensions/vertx-http/deployment/src/main/java/io/quarkus/vertx/http/deployment/HttpSecurityProcessor.java

@@ -1,7 +1,6 @@
 package io.quarkus.vertx.http.deployment;
 
 import static io.quarkus.arc.processor.DotNames.APPLICATION_SCOPED;
-import static io.quarkus.arc.processor.DotNames.DEFAULT_BEAN;
 import static io.quarkus.arc.processor.DotNames.SINGLETON;
 import static io.quarkus.vertx.http.deployment.HttpSecurityUtils.AUTHORIZATION_POLICY;
 import static io.quarkus.vertx.http.runtime.security.HttpAuthenticator.BASIC_AUTH_ANNOTATION_DETECTED;
@@ -28,6 +27,7 @@
 
 import org.jboss.jandex.AnnotationInstance;
 import org.jboss.jandex.AnnotationTarget;
+import org.jboss.jandex.AnnotationTransformation;
 import org.jboss.jandex.ClassInfo;
 import org.jboss.jandex.DotName;
 import org.jboss.jandex.IndexView;
@@ -37,14 +37,14 @@
 import org.jboss.jandex.TypeVariable;
 import org.objectweb.asm.Opcodes;
 
+import io.quarkus.arc.DefaultBean;
 import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
 import io.quarkus.arc.deployment.AnnotationsTransformerBuildItem;
 import io.quarkus.arc.deployment.BeanContainerBuildItem;
 import io.quarkus.arc.deployment.BeanRegistrationPhaseBuildItem;
 import io.quarkus.arc.deployment.GeneratedBeanBuildItem;
 import io.quarkus.arc.deployment.GeneratedBeanGizmoAdaptor;
 import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
-import io.quarkus.arc.processor.AnnotationsTransformer;
 import io.quarkus.arc.processor.BeanInfo;
 import io.quarkus.builder.item.SimpleBuildItem;
 import io.quarkus.deployment.Capabilities;
@@ -192,10 +192,10 @@ AdditionalBeanBuildItem initBasicAuth(HttpBuildTimeConfig buildTimeConfig,
 
         if (makeBasicAuthMechDefaultBean(buildTimeConfig)) {
             //if not explicitly enabled we make this a default bean, so it is the fallback if nothing else is defined
-            annotationsTransformerProducer.produce(new AnnotationsTransformerBuildItem(AnnotationsTransformer
-                    .appliedToClass()
-                    .whenClass(cl -> BASIC_AUTH_MECH_NAME.equals(cl.name()))
-                    .thenTransform(t -> t.add(DEFAULT_BEAN))));
+            annotationsTransformerProducer.produce(new AnnotationsTransformerBuildItem(AnnotationTransformation
+                    .forClasses()
+                    .whenClass(BASIC_AUTH_MECH_NAME)
+                    .transform(ctx -> ctx.add(DefaultBean.class))));
         }
 
         if (buildTimeConfig.auth.basic.isPresent() && buildTimeConfig.auth.basic.get()) {

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/AbstractPathMatchingHttpSecurityPolicy.java

@@ -386,16 +386,7 @@ private void addAction(String action) {
         }
     }
 
-    static class HttpMatcher {
+    record HttpMatcher(String authMechanism, Set<String> methods, HttpSecurityPolicy checker) {
 
-        final String authMechanism;
-        final Set<String> methods;
-        final HttpSecurityPolicy checker;
-
-        HttpMatcher(String authMechanism, Set<String> methods, HttpSecurityPolicy checker) {
-            this.methods = methods;
-            this.checker = checker;
-            this.authMechanism = authMechanism;
-        }
     }
 }

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticationMechanism.java

@@ -45,7 +45,7 @@ default Uni<Boolean> sendChallenge(RoutingContext context) {
      *
      * May be null if this mechanism cannot interfere with other mechanisms
      */
-    @Deprecated
+    @Deprecated(since = "2.8", forRemoval = true)
     default HttpCredentialTransport getCredentialTransport() {
         throw new UnsupportedOperationException();
     }

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java

@@ -50,7 +50,7 @@
  * Class that is responsible for running the HTTP based authentication
  */
 @Singleton
-public class HttpAuthenticator {
+public final class HttpAuthenticator {
     /**
      * Special handling for the basic authentication mechanism, for user convenience, we add the mechanism when:
      * - not explicitly disabled or enabled

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthorizer.java

@@ -20,7 +20,7 @@
  * Class that is responsible for running the HTTP based permission checks
  */
 @Singleton
-public class HttpAuthorizer extends AbstractHttpAuthorizer {
+public final class HttpAuthorizer extends AbstractHttpAuthorizer {
 
     HttpAuthorizer(HttpAuthenticator httpAuthenticator, IdentityProviderManager identityProviderManager,
             AuthorizationController controller, Instance<HttpSecurityPolicy> installedPolicies,

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java

@@ -181,8 +181,7 @@ public void accept(RoutingContext event, Throwable throwable) {
             }
             throwable = extractRootCause(throwable);
             //auth failed
-            if (throwable instanceof AuthenticationFailedException) {
-                AuthenticationFailedException authenticationFailedException = (AuthenticationFailedException) throwable;
+            if (throwable instanceof AuthenticationFailedException authenticationFailedException) {
                 getAuthenticator(event).sendChallenge(event).subscribe().with(new Consumer<Boolean>() {
                     @Override
                     public void accept(Boolean aBoolean) {
@@ -200,8 +199,7 @@ public void accept(Throwable throwable) {
                 log.debug("Authentication has failed, returning HTTP status 401");
                 event.response().setStatusCode(401);
                 proceed(throwable);
-            } else if (throwable instanceof AuthenticationRedirectException) {
-                AuthenticationRedirectException redirectEx = (AuthenticationRedirectException) throwable;
+            } else if (throwable instanceof AuthenticationRedirectException redirectEx) {
                 event.response().setStatusCode(redirectEx.getCode());
                 event.response().headers().set(HttpHeaders.LOCATION, redirectEx.getRedirectUri());
                 event.response().headers().set(HttpHeaders.CACHE_CONTROL, "no-store");

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/MtlsAuthenticationMechanism.java

@@ -62,7 +62,7 @@ public Uni<SecurityIdentity> authenticate(RoutingContext context,
         context.put(HttpAuthenticationMechanism.class.getName(), this);
 
         AuthenticationRequest authRequest = new CertificateAuthenticationRequest(
-                new CertificateCredential(X509Certificate.class.cast(certificate)));
+                new CertificateCredential((X509Certificate) certificate));
         authRequest.setAttribute(ROLES_MAPPER_ATTRIBUTE, certificateToRoles);
         return identityProviderManager
                 .authenticate(HttpSecurityUtils.setRoutingContextAttribute(authRequest, context));

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/QuarkusHttpUser.java

@@ -49,6 +49,7 @@ public User isAuthorized(Authorization authority, Handler<AsyncResult<Boolean>>
     }
 
     @Override
+    @Deprecated
     public User isAuthorized(String authority, Handler<AsyncResult<Boolean>> resultHandler) {
         resultHandler.handle(Future.succeededFuture(securityIdentity.hasRole(authority)));
         return this;