Skip to content

Remove ActiveRolesProvider #2390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Remove ActiveRolesProvider #2390

wants to merge 1 commit into from

Conversation

adutra
Copy link
Contributor

@adutra adutra commented Aug 19, 2025

Summary of changes:

  • As proposed on the ML, ActiveRolesProvider is removed, and DefaultActiveRolesProvider is merged into DefaultAuthenticator. ActiveRolesAugmentor is also merged into AuthenticatingAugmentor.

  • The implicit convention that "no roles in credentials" == "all roles requested" is removed, as it is ambiguous. From now on, credentials must explicitly include the PRINCIPAL_ROLE:ALL pseudo-role in order to request all roles.

  • PersistedPolarisPrincipal is removed. It existed merely as a means of passing the PrincipalEntity from the authenticator to the roles provider. This is not necessary anymore.

@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Aug 19, 2025
@adutra
Copy link
Contributor Author

adutra commented Aug 19, 2025
edited
Loading

@flyrain @collado-mike @dennishuo FYI

As discussed in the ML, I know that ActiveRolesProvider is listed as an extension point.

My ask is for you to assess whether you can refactor your own roles provider impl from this:

@RequestScoped class MyAuthenticator implements Authenticator {}
@RequestScoped class MyActiveRolesProvider implements ActiveRolesProvider {}

to this:

@RequestScoped class MyAuthenticator implements Authenticator {
  @Inject MyActiveRolesProvider rolesProvider;
}

That is, make your own impl of ActiveRolesProvider a sub-component of your Authenticator impl.

I created several protected methods in DefaultAuthenticator that can be used to facilitate this migration:

  • resolvePrincipalEntity : mostly what was already in this class
  • resolvePrincipalRoles : mostly code from DefaultActiveRolesProvider, also calls two methods:
    • extractRequestedRoles: decodes the token roles and handles the PRINCIPAL_ROLES:ALL stuff
    • loadPrincipalGrants: loads the principal grants

But you are also free of course to use a different Authenticator impl if that's easier.

@adutra adutra mentioned this pull request Aug 20, 2025
Merged
dennishuo
dennishuo previously approved these changes Aug 26, 2025
View reviewed changes
Copy link
Contributor

@dennishuo dennishuo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the mailing list discussion and your notes about compatibility and how any service providers with custom impls can easily migrate; it provides a good example to follow in general for SPI evolution PRs.

@github-project-automation github-project-automation bot moved this from PRs In Progress to Ready to merge in Basic Kanban Board Aug 26, 2025
@adutra
Remove ActiveRolesProvider
13b2199 
Summary of changes:

- As proposed on the ML, `ActiveRolesProvider` is removed, and `DefaultActiveRolesProvider` is merged into `DefaultAuthenticator`. `ActiveRolesAugmentor` is also merged into `AuthenticatingAugmentor`.

- The implicit convention that no roles in credentials == all roles requested is removed as it is ambiguous. Credentials must explicitly include the `PRINCIPAL_ROLE:ALL` pseudo-role to request all roles available.

- PersistedPolarisPrincipal is removed. It existed merely as a means of passing the `PrincipalEntity` from the authenticator to the roles provider. This is not necessary anymore.
@adutra adutra force-pushed the auth-roles-refactor branch from a805ead to 13b2199 Compare August 26, 2025 17:16
@adutra adutra added this to the 1.2.0 milestone Aug 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dennishuo dennishuo dennishuo left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@adutra @dennishuo