-
My app has a non-trivial authorization scheme, it's not super complex but it's not as simple as a one user, many roles scheme, instead I have organizations in addition to users and roles, so that a user might have roles in different organization. There are also different types of organization, which brings us to my problem: once the user authentication is performed successfully, I need to check which organization types the user belongs to, e.g. if some of the organizations the user belongs to is of type A, I need to redirect the user to By the way, my app is server-side rendered with Qute and I'm using this form to submit the user login request: <form action="/j_security_check" method="post">
<input type="hidden" name="{inject:csrf.parameterName}" value="{inject:csrf.token}"
<label>Username</label>
<input type="text" placeholder="Username" name="j_username" required>
<label>Password</label>
<input type="password" placeholder="Password" name="j_password" required>
<button type="submit">Login</button>
</form>
# authentication
quarkus.http.auth.form.enabled=true
quarkus.http.auth.form.login-page=/login
# jdbc security
quarkus.security.jdbc.enabled=true
quarkus.security.jdbc.principal-query.sql=select u.password, rt.code as role from user_account u join user_role ur on u.id = ur.user_account_id join role_type rt on ur.role_type_id = rt.id where u.email = ?
quarkus.security.jdbc.principal-query.bcrypt-password-mapper.enabled=true
quarkus.security.jdbc.principal-query.bcrypt-password-mapper.password-index=1
quarkus.security.jdbc.principal-query.attribute-mappings.0.index=2
quarkus.security.jdbc.principal-query.attribute-mappings.0.to=groups My @Provider
@Priority(1000)
public class CustomAuthenticationFilter implements ContainerResponseFilter {
@Inject
SecurityIdentity securityIdentity;
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
System.out.println(">>> CustomAuthenticationFilter.filter");
if (requestContext.getUriInfo().getPath().equals("j_security_check")) {
for (var role : securityIdentity.getRoles()) {
System.out.println("Role: " + role);
}
}
}
} |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 9 replies
-
Can running it in the |
Beta Was this translation helpful? Give feedback.
@michalvavrik Thank you for the suggestions, I appreciate that. I'm leaning towards a simpler solution like this:
With the caveat that it has an extra redirection step but I can live with that for the moment.