Skip to content

Remove req, res params — use RequestContext/ResponseContext#56

Merged
kainovaii merged 1 commit intomainfrom
dev
Mar 19, 2026
Merged

Remove req, res params — use RequestContext/ResponseContext#56
kainovaii merged 1 commit intomainfrom
dev

Conversation

@kainovaii
Copy link
Member

@kainovaii kainovaii commented Mar 19, 2026

Pull Request: Remove req, res params — use RequestContext/ResponseContext

Summary

Removes explicit Request/Response parameter passing from all auth methods. Every method now reads from RequestContext.get() / ResponseContext.get() internally, consistent with the ThreadLocal pattern introduced in v2.6.0.

Changes

1. Auth — requireLogin() simplified

Modified: security/auth/Auth.java

  • requireLogin(Request req, Response res)requireLogin() (no-arg)
  • Uses RequestContext.get() for session/path info and ResponseContext.get() for redirect
  • Added import ResponseContext

2. TokenAuth — all methods now no-arg

Modified: security/auth/TokenAuth.java

  • userFromToken(Request)userFromToken()
  • isAuthenticated(Request)isAuthenticated()
  • requireToken(Request, Response)requireToken()
  • requireTokenRole(Request, Response, String)requireTokenRole(String)
  • Uses RequestContext.get() for headers/attributes and ResponseContext.get() for status/halt
  • Added import RequestContext and import ResponseContext

3. RoleChecker — updated calls

Modified: security/role/RoleChecker.java

  • TokenAuth.requireToken(req, res)TokenAuth.requireToken()
  • TokenAuth.requireTokenRole(req, res, role)TokenAuth.requireTokenRole(role)
  • Auth.requireLogin(req, res)Auth.requireLogin()

4. BaseController — updated delegation

Modified: http/controller/BaseController.java

  • Auth.requireLogin(req, res)Auth.requireLogin()

5. Tests fixed

Modified: AuthTest.java

  • Added import RequestContext and import AfterEach
  • Added RequestContext.set(req) in @BeforeEach setUp()
  • Added @AfterEach tearDown() with RequestContext.clear()

Modified: TokenAuthTest.java

  • Calls updated to match no-arg signatures: userFromToken(), isAuthenticated()

Breaking Changes

  • Auth.requireLogin(Request, Response)Auth.requireLogin()
  • TokenAuth.requireToken(Request, Response)TokenAuth.requireToken()
  • TokenAuth.requireTokenRole(Request, Response, String)TokenAuth.requireTokenRole(String)
  • TokenAuth.userFromToken(Request)TokenAuth.userFromToken()
  • TokenAuth.isAuthenticated(Request)TokenAuth.isAuthenticated()

@kainovaii kainovaii merged commit 214c3fb into main Mar 19, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kainovaii