Reputation: 53
TrustedAuthenticationRequest
Using Quarkus 3 with the Primefaces extension to build a JSF application. Quarkus has been set up to use form based authentication and based on review of source code, the FormAuthenticationMechanism returns credential types of UsernamePasswordAuthenticationRequest and TrustedAuthenticationRequest, both of which I've implemented.
Not sure how the TrustedAuthenticationRequest is supposed to work. When requesting a faces page, the identity provider for TrustedAuthenticationRequest is called multiple times, seems like once for every resource (css, js, etc....). The identity provider code is listed below. It sets the principal and roles each time it is called which seems excessive (one page resulted in more than 10 calls).
Is this the expected behavior or am I implementing something wrong here?
Thanks
@Override
public Uni<SecurityIdentity> authenticate(TrustedAuthenticationRequest request,
AuthenticationRequestContext authenticationRequestContext) {
if (Objects.nonNull(request.getPrincipal())) {
return Uni.createFrom().item(QuarkusSecurityIdentity.builder()
.setPrincipal(new QuarkusPrincipal(request.getPrincipal()))
.addRoles(Set.of("create", "read", "update", "delete"))
.build());
}
throw new AuthenticationFailedException("password invalid or user not found");
}
Upvotes: 3
Views: 146
Answers (0)
Related Questions
- New Keycloak Realm not providing roles for app login
- Configuring Spring Security 3.x to have multiple entry points
- Why use FormsAuthenticationTicket with Windows Authentication?
- Bridging forms authentication and OAUTH
- ASP.NET Roles Authentication - Using Roles as Activities?
- ASP.NET Forms Auth For Downstream WCF Authentication and Authorization
- How do I connect to a remote URL which requires Spring Security forms authentication (Java)?
- Webmethod authentication not passed