OK, so I’ve been able to isolate this issue. It turns out that the subscription queries don’t seem to be honoring my message interceptor configuration. My project has the following configuration:
`
@Configuration
public class AxonMessageInterceptorsConfig {
@Autowired
public void registerInterceptors(CommandBus commandBus, QueryBus queryBus) {
Assert.notNull(commandBus, “Invalid configuration, commandBus is null!”);
Assert.notNull(queryBus, “Invalid configuration, queryBus is null!”);
if (AxonServerCommandBus.class.isAssignableFrom(commandBus.getClass())) {
AxonServerCommandBus.class.cast(commandBus).registerDispatchInterceptor(authorizationDispatchInterceptor());
AxonServerCommandBus.class.cast(commandBus).registerHandlerInterceptor(authorizationHandlerInterceptor());
}
if (AxonServerQueryBus.class.isAssignableFrom(queryBus.getClass())) {
AxonServerQueryBus.class.cast(queryBus).registerDispatchInterceptor(authorizationDispatchInterceptor());
AxonServerQueryBus.class.cast(queryBus).registerHandlerInterceptor(authorizationHandlerInterceptor());
}
}
private MessageDispatchInterceptor<? super Message<?>> authorizationDispatchInterceptor() {
return list -> {
AuthToken auth = (AuthToken) SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
UserInfo userInfo = auth.getPrincipal();
userInfo.validate();
return (index, message) -> message.andMetaData(Collections.singletonMap(USER_INFO, userInfo));
}
return (index, message) -> message;
};
}
private MessageHandlerInterceptor<? super Message<?>> authorizationHandlerInterceptor() {
return (unitOfWork, interceptorChain) -> {
UserInfo userInfo = (UserInfo) unitOfWork.getMessage().getMetaData().get(USER_INFO);
if (userInfo == null) {
throw new SecurityException(“User information not available!”);
}
return interceptorChain.proceed();
};
}
}
`
So, as you can see from this configuration, I am adding a UserInfo into the metadata in the “dispatch interceptor”. Then, in the “handler interceptor” I look for this object and when it’s not present I throw a security exception.
In my debugging, when I execute a subscription query, the dispatch handler is not triggered. However, the handler interceptor is triggered. This means that the handler will produce a security exception. The problem is compounded then by the fact that the security exception is swallowed (seems like a log would be very helpful here because the debugging required to get into the execution stack to find this exception was very unintuitive).
So am I missing something about the configuration of the dispatch handler for subscription queries?
Thanks,
Troy