Comments (8)
The problem is UserImpl
makes checks (like create a User
without providing a principal) that the change allows to circumvent.
My opinion is VertxProfileManager
in Pac4j shouldn't invoke an internal constructor in UserImpl
. Instead, it should one of the creation methods in the User
interface.
from vertx-auth.
I will submit a PR
from vertx-auth.
Submitted #658
from vertx-auth.
If an instance of
UserImpl
is constructed using the default constructor
@jpenglert this should not be done by user code. The default constructor is only present because it is required for ClusterSerializable
implementations.
from vertx-auth.
@tsegismont understood that an instance of UserImpl
should not be constructed using the default constructor by user code. However, is there any harm in updating the deserializing code to be more robust by handling null
fields like the serializing code does?
from vertx-auth.
@tsegismont I made a PR for vertx-pac4j
but that project looks pretty dead. If you know anyone over there maybe you could ping them?
Seems like vertx-pac4j
may need to do a more in-depth re-work such that instead of extending UserImpl
with Pac4jUser
they use the io.vertx.ext.auth.authorization.Authorization
interface instead?
from vertx-auth.
@jpenglert sorry, I don't know any maintainers personally and I'm not familiar with vertx-pac4j
Have you tried to look at the GH profile of the committers? Maybe someone shares an email address?
from vertx-auth.
@tsegismont no worries...one of the committers responded and merged my PR. Thanks again for your help on how to resolve this.
from vertx-auth.
Related Issues (20)
- Follow: eclipse-vertx/vert.x#4452
- NullPointerException in private Constructor of OAuth2AuthHandlerImpl HOT 1
- Docs link to legacy repository HOT 1
- WebAuthn : MetadataServiceImpl parseX5c method returns emptyList when x5c is null HOT 1
- WebAuthn : Android Safetynet Integrity verdict (ctsProfileMatch, basicIntegrity) HOT 2
- OAuth2Auth: access_token fails validation if configuration has multiple audiences
- UserConverter NPE when User.authorizations() returns null HOT 4
- OAuth2AuthProvider CLIENT flow with custom data HOT 3
- OAuth2 Auth provider incorrectly validating Access Tokens HOT 12
- CSRF Handler can "trap" users HOT 7
- OAuth2AuthProviderImpl loses Access Token after introspect call HOT 2
- Add support for revoking access tokens when using KeyCloak Authenticator
- Wrong initialization of jwtOptions field in OAuth2Options HOT 2
- WebAuthn: implement hybrid transport
- Usage of PRNG can lead to blocking of thread HOT 3
- [JWT Auth provider] JWTAuthOptions creation fails when using PasswordProtection in KeyStoreOptions HOT 3
- Webauthn : iOS 17.x io.vertx.ext.auth.webauthn.impl.attestation.AttestationException: AAGUID is not 00000000-0000-0000-0000-000000000000! HOT 3
- WebAuthN: Supported Transports are not passed during registration?
- OAuth2Options reuse the same JwtOptions instance HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vertx-auth.