ElytronPasswordIdentityProvider does not forward attributes from SecurityIdentity

[MelkorCC]

Describe the bug

In Wildfly Elytron it is possible to request additional attributes using attribute mappings. Quarkus does also enable this via the configs (example for ldap).

Quarkus SecurityIdentity interface and implementation has getAttribute and getAttributes methods available and likewise the builder used to construct it has setAttribute and setAttributes methods, however ElytronPasswordIdentityProvider does not forward the attributes from the retrieved Wildfly SecrutityIdentityto it.

Expected behavior

The attributes should be set on the builder and thus ultimately be available on the injected SecurityIdentity.

Actual behavior

The attributes are not available on injected SecurityIdentity.

How to Reproduce?

No response

Output of uname -a or ver

No response

Output of java -version

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response

[quarkus-bot]

/cc @sberyozkin (security)

[geoand]

@MelkorCC as you seem to have analyzed the code, would you be willing to contribute the necessary fix?

Thanks

[MelkorCC]

Sure, however i have two questions:

• What about ElytronTokenIdentityProvider and ElytronTrustedIdentityProvider? They also use a Wildfly SecurityIdentity and build a Quarkus SecurityIdentity from it, so in theory it would also possible to change them to pass the attributes from the Wildfly SecurityIdentity into the QuarkusSecurityIdentity.Builder. I don't know if these two would ever have any attributes, but given that the attributes would then be set to EMPTY on the Wildfly SecurityIdentity and thus not set any attributes on the QuarkusSecurityIdentity.Builder i also don't see how it would cause any problems.

• Do you have any recommendation with regards to test coverage? I am unsure how to test the authenticate method (and thus setting the attributes), when i did a quick look at other classes implementing the IdentityProvider interface i didn't see any tests for any of them (it is ofc possible that i missed them).

[MelkorCC]

So, i looked into this a bit yesterday after work. The fix is pretty trivial, as already mentioned everything is already there and i just needed to forward it to the builder. Great.

I also figured out that the IdentityProviders are covered by the integration tests rather than unittests, but this is where my problem started. I can't run the intergration tests. Every one that i tried (even the GreetingResourceTest mentioned in CONTRIBUTING.md) gave me the same error:

Caused by: java.lang.IllegalStateException: No config found for class io.quarkus.vertx.http.runtime.HttpBuildTimeConfig

Given that i was unable to find any information about this on github i feel like i missed some very obvious step when setting up the Quarkus repo locally. But i am unable to spot the step i might be missing.

[sberyozkin]

@MelkorCC Thanks for giving it a try, can you open a draft PR request, updating the main source only to copy those attributes, and I can help next week to add a test

[MelkorCC]

@sberyozkin i reverted my attempts with adding the tests for an ldap setup and created the draft pr

[sberyozkin]

Thanks @MelkorCC, I've commented in the PR, can give me a hint what to update, for example, in the DB user name and password entry, for the extra attributes be available, I'll then update one of the integration tests to verify the attribute(s) are copied

[MelkorCC]

@sberyozkin thanks again for your time and work on this issue