Security context propagation in Tools using non-blocking APIs #1418
Description
Hello,
I'm trying to get a SecurityIdentity injected into one of my AI tools but keeps coming as Anonymous. I'm wondering if it's something I'm doing wrong, or if there is an alternative way to go about it?
AI service:
@SessionScoped
@RegisterAiService (tools = DeviceTools.class)
public interface ChatbotAgentService {
Multi<String> chat(@MemoryId String memoryId, @UserMessage String userMessage);
}
WebSocket:
@BearerTokenAuthentication
@WebSocket(path = "/api/v1")
public class ChatboxWebSocketV1 {
@Inject SecurityIdentity securityIdentity;
@Inject ChatbotAgentService chatbotAgentService;
...
@OnTextMessage
@RolesAllowed(AppConstants.ROLE_USER)
public Multi<ChatbotMessageDTO> onTextMessage(ChatbotMessageDTO message) {
return chatbotAgentService.chat(securityIdentity.getPrincipal().getName(),
message.getMessage()).map(
reply -> new ChatbotMessageDTO()
.setMessage(reply)
);
}
}
Tool:
@ApplicationScoped
public class DeviceTools {
@Inject SecurityIdentity securityIdentity;
@Tool("find the number of devices assigned to a specific status")
public Uni<Long> devicesStatus(String status) {
...
}
In ChatboxWebSocketV1 SecurityIdentity is properly populated, whereas in DeviceTools it's not (it produces an AnonymousIdentityProvider).
Thanks!