Comments (3)
From looking around the projects I saw that it seems like the way to do this is with a ContextFactory, this is how my code ended-up looking like, I'm still in between testing this approach but here is a snippet of my relevant code:
In my project I have an AuthenticationProvider (org.springframework.security.authentication.AuthenticationProvider) implementation it will return an "authenticated" object after it performs the JWT verification and a few other things, I see that in Spqr it appears that there doesn't seem to be a way to access the results of the AuthenticationProvider, I know that Spring Security puts it in the context holder so this context factory must be executing before the AuthenticationProvider. I'm still debugging my approach but I wonder if you had any insight into why the ContextFactory would execute after the AuthenticationProvider?
public abstract class AuthContextFactory<R> implements ContextFactory<R> {
public Object createGlobalContext(final ContextFactoryParams<R> params) {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final DefaultGlobalContext<R> ctx = new DefaultGlobalContext<>(params.getNativeRequest());
if (authentication instanceof AuthProviderJWTAuthentication) {
final AuthProviderJWTAuthentication user = (AuthProviderJWTAuthentication)authentication;
ContextUtils.saveCurrentUserKey(ctx, user.getUserKey());
} else if (authentication instanceof AuthProviderJWTAuthenticatedUser) {
// this isn't being hit right now (gets created in AuthenticationProvider)
final AuthProviderJWTAuthenticatedUser user = (AuthProviderJWTAuthenticatedUser)authentication;
ContextUtils.saveCurrentUserKey(ctx, user.getUserKey());
}
return ctx;
}
}
// These are just to get them registered as the right bean type into Spring and work with SPQR Autoconfiguration
@Component
public class AuthWebSocketContextFactory extends AuthContextFactory<WebSocketSession> implements WebSocketContextFactory {
}
@Component
public class AuthServletContextFactory extends AuthContextFactory<NativeWebRequest> implements ServletContextFactory {
}
Edit:
Stepping through with the debugger I see that AuthenticationProvider does indeed get called before the ContextFactory, but there's something going on that my ContextFactory doesn't have access to the output of the AuthenticationProvider, I assume its again something to do with this potentially happening in another thread. I'll continue to debug but for the time being this approach will work for me.
from graphql-spqr-spring-boot-starter.
Are there any solutions you managed to find?
from graphql-spqr-spring-boot-starter.
I have exactly the same issue as @csueiras, and solved it by removing the @PreAuthorize
from the methods that are receiving argument with the @GraphQLContext
annotation, but keeping the @PreAuthorize
in the origin endpoint.
I'm presuming that if I'm passing an argument with @GraphQLContext
, then I can't reach the endpoint directly without starting it by its origin call sequence, I mean with no context. I also tried to force reach it with no success.
It would be worth if if someone could give a feedback on this solution or even a better way to solve it.
from graphql-spqr-spring-boot-starter.
Related Issues (20)
- release 0.0.7 to maven central HOT 5
- Upgrade to Spring Boot v2.7.6 and SPQR v0.12.1 (graphql-java v20.0)
- Plan to update for Spring Boot 3 HOT 5
- Upgrade to 0.0.7 with springboot 2.7.6 Failing - Java Project HOT 1
- Disable introspection HOT 1
- Upgrade to graphql-spqr-spring-boot-starter:0.0.5+ and spring-boot v2.7.x fails with invalid schema issue HOT 1
- How to enable logging of exceptions
- Description for mutation parameters are empty in graphql playground HOT 3
- Spring Boot 3 Support? HOT 12
- failed to request http://localhost:8080/graphql caused by graphql.AssertException: query can't be null HOT 1
- Error starting v1.0.0 - ClassNotFoundException - SimplePerformantInstrumentation HOT 2
- How to test with GraphQlTester?
- GraphiQL 3.x integration in project HOT 2
- Failed with Spring Boot 3.2.0-RC2 HOT 5
- starter 1.0.1 - Duplicate type mappers of type .JsonArrayAdapter HOT 3
- Serialized OffsetDateTime has no time zone offset HOT 3
- GraphQLSchemaGenerator to graphqls file HOT 2
- IllegalStateException: At least one top-level operation source must be registered HOT 1
- Is graphql-spqr-spring-boot-starter 1.0.1 compatibile with spring boot 3.2.4? HOT 1
- PerConnectionApolloHandler sends wrong sub-protocol HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphql-spqr-spring-boot-starter.