Use custom CDI extension for injecting Principals (#5883)

This is to avoid dependencies on CDI driven by
javax.ws.rs.core.Context and resolve `Principal` suppliers at the
Weld / test extension level.

Overall, this reduced interference from external libs on the class
path when running NessieJaxRsExtension.

compatibility/jersey/src/main/java/org/projectnessie/tools/compatibility/jersey/JerseyServer.java

@@ -62,6 +62,7 @@ public JerseyServer(Supplier<DatabaseAdapter> databaseAdapterSupplier) throws Ex
     weld.addPackages(true, RestConfigResource.class);
     weld.addPackages(true, TreeApiImpl.class);
     // Inject external beans
+    weld.addExtension(new PrincipalExtension());
     weld.addExtension(new ServerConfigExtension());
     weld.addExtension(PersistVersionStoreExtension.forDatabaseAdapter(databaseAdapterSupplier));
     weld.addExtension(authzExtension());

compatibility/jersey/src/main/java/org/projectnessie/tools/compatibility/jersey/PrincipalExtension.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2023 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.projectnessie.tools.compatibility.jersey;
+
+import java.security.Principal;
+import java.util.function.Supplier;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Default;
+import javax.enterprise.inject.spi.AfterBeanDiscovery;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.Extension;
+import javax.enterprise.util.TypeLiteral;
+
+/**
+ * A CDI extension that always produces {@code null} {@link Principal} objects simulating execution
+ * without authentication.
+ */
+public class PrincipalExtension implements Extension {
+  @SuppressWarnings("unused")
+  public void afterBeanDiscovery(@Observes AfterBeanDiscovery abd, BeanManager bm) {
+    Supplier<Principal> principal = () -> null;
+
+    abd.addBean()
+        .addType(new TypeLiteral<Supplier<Principal>>() {})
+        .addQualifier(Default.Literal.INSTANCE)
+        .scope(RequestScoped.class)
+        .produceWith(i -> principal);
+  }
+}

servers/jax-rs-testextension/src/main/java/org/projectnessie/jaxrs/ext/ContextPrincipalExtension.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2023 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.projectnessie.jaxrs.ext;
+
+import java.security.Principal;
+import java.util.function.Supplier;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Default;
+import javax.enterprise.inject.spi.AfterBeanDiscovery;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.Extension;
+import javax.enterprise.util.TypeLiteral;
+import javax.ws.rs.core.SecurityContext;
+
+public class ContextPrincipalExtension implements Extension {
+  private final Supplier<Principal> principal;
+
+  public ContextPrincipalExtension(Supplier<SecurityContext> securityContext) {
+    this.principal =
+        () -> {
+          SecurityContext context = securityContext.get();
+          return context == null ? null : context.getUserPrincipal();
+        };
+  }
+
+  @SuppressWarnings("unused")
+  public void afterBeanDiscovery(@Observes AfterBeanDiscovery abd, BeanManager bm) {
+    abd.addBean()
+        .addType(new TypeLiteral<Supplier<Principal>>() {})
+        .addQualifier(Default.Literal.INSTANCE)
+        .scope(RequestScoped.class)
+        .produceWith(i -> principal);
+  }
+}

servers/jax-rs-testextension/src/main/java/org/projectnessie/jaxrs/ext/NessieJaxRsExtension.java

@@ -22,7 +22,6 @@
 import java.util.function.Function;
 import java.util.function.Supplier;
 import javax.enterprise.inject.spi.Extension;
-import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.core.Application;
 import javax.ws.rs.core.SecurityContext;
 import org.glassfish.jersey.message.DeflateEncoder;
@@ -219,6 +218,7 @@ public EnvHolder(Extension versionStoreExtension) throws Exception {
       weld.addPackages(true, RestConfigResource.class);
       weld.addPackages(true, TreeApiImpl.class);
       // Inject external beans
+      weld.addExtension(new ContextPrincipalExtension(() -> securityContext));
       weld.addExtension(new ServerConfigExtension());
       weld.addExtension(versionStoreExtension);
       weld.addExtension(new AuthorizerExtension().setAccessCheckerSupplier(this::createNewChecker));
@@ -250,13 +250,6 @@ protected Application configure() {
               config.register(EncodingFilter.class);
               config.register(GZipEncoder.class);
               config.register(DeflateEncoder.class);
-              config.register(
-                  (ContainerRequestFilter)
-                      requestContext -> {
-                        if (securityContext != null) {
-                          requestContext.setSecurityContext(securityContext);
-                        }
-                      });
 
               // Use a dynamically allocated port, not a static default (80/443) or statically
               // configured port.