feat(webflux): Support setRequest for ReactiveInjectSecurityContextWebFilter (#356)

Author: Ahoo-Wang

cosec-webflux/src/main/kotlin/me/ahoo/cosec/webflux/ReactiveInjectSecurityContextWebFilter.kt

@@ -12,6 +12,7 @@
  */
 package me.ahoo.cosec.webflux
 
+import me.ahoo.cosec.context.RequestSecurityContexts.setRequest
 import me.ahoo.cosec.context.SecurityContextParser
 import me.ahoo.cosec.context.request.RequestParser
 import me.ahoo.cosec.webflux.ReactiveSecurityContexts.writeSecurityContext
@@ -32,12 +33,12 @@ import reactor.kotlin.core.publisher.toMono
 class ReactiveInjectSecurityContextWebFilter(
     private val requestParser: RequestParser<ServerWebExchange>,
     private val securityContextParser: SecurityContextParser
-) :
-    WebFilter, Ordered {
+) : WebFilter, Ordered {
 
     override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> {
         val request = requestParser.parse(exchange)
         val securityContext = securityContextParser.ensureParse(request)
+        securityContext.setRequest(request)
         exchange.mutate()
             .principal(securityContext.principal.toMono())
             .build().let {

cosec-webflux/src/main/kotlin/me/ahoo/cosec/webflux/ReactiveSecurityFilter.kt

@@ -56,8 +56,8 @@ abstract class ReactiveSecurityFilter(
             tokenVerificationException = verificationException
             SimpleSecurityContext.anonymous()
         }
-        exchange.setSecurityContext(securityContext)
         securityContext.setRequest(request)
+        exchange.setSecurityContext(securityContext)
         return authorization.authorize(request, securityContext)
             .flatMap { authorizeResult ->
                 if (authorizeResult.authorized) {

cosec-webmvc/src/main/kotlin/me/ahoo/cosec/servlet/AbstractAuthorizationInterceptor.kt

@@ -51,10 +51,9 @@ abstract class AbstractAuthorizationInterceptor(
             tokenVerificationException = verificationException
             SimpleSecurityContext.anonymous()
         }
-
+        securityContext.setRequest(request)
         SecurityContextHolder.setContext(securityContext)
         servletRequest.setSecurityContext(securityContext)
-        securityContext.setRequest(request)
         return authorization.authorize(request, securityContext)
             .map {
                 if (!it.authorized) {

cosec-webmvc/src/main/kotlin/me/ahoo/cosec/servlet/InjectSecurityContextFilter.kt

@@ -19,6 +19,7 @@ import jakarta.servlet.ServletRequest
 import jakarta.servlet.ServletResponse
 import jakarta.servlet.http.HttpServletRequest
 import me.ahoo.cosec.api.context.SecurityContext
+import me.ahoo.cosec.context.RequestSecurityContexts.setRequest
 import me.ahoo.cosec.context.SecurityContextHolder
 import me.ahoo.cosec.context.SecurityContextParser
 import me.ahoo.cosec.context.request.RequestParser
@@ -47,6 +48,7 @@ class InjectSecurityContextFilter(
         val httpServletRequest = servletRequest as HttpServletRequest
         val request = requestParser.parse(servletRequest)
         val securityContext: SecurityContext = securityContextParser.ensureParse(request)
+        securityContext.setRequest(request)
         SecurityContextHolder.setContext(securityContext)
         httpServletRequest.setSecurityContext(securityContext)
     }

gradle.properties

@@ -11,7 +11,7 @@
 # limitations under the License.
 #
 group=me.ahoo.cosec
-version=2.7.2
+version=2.7.3
 description=RBAC-based And Policy-based Multi-Tenant Reactive Security Framework.
 website=https://github.com/Ahoo-Wang/CoSec
 issues=https://github.com/Ahoo-Wang/CoSec/issues