Description

In relation to issue #44046.

In OASFilters registered via @OpenApiFilter annotation, for RUN phase, which additionally have a declared CDI scope like @ApplicationScoped (or even @RequestScoped) should be instantiated by CDI / Arc instead of just registering them as classname on the smallrye openapi library which does a Class.forName.

Part of it is simple enough since Smallrye's openapi builder allows for registration of an instance of Filter instead of it's classname

SmallryeOpenApi.Builder via it's addFilter(OASFilter filterInstance)

One example I was trying to implement was to dinamically filter the openapi spec based on the current user accessing it and his permissions / roles.

The other part might be a little more tricky since the other issue I faced when trying to implement this is that the request context is not activated when the filter is ran.

I tried many different approaches for this.

1. Tried @Inject SecurityIdentity in my OASFilter : doesn't work because OASFilter's are not CDI objects but rather instantiated through smallrye openapi library via a Class.forName
2. Tried using CDI.current().select(SecurityIdentity.class) but it also doesn't work because request context is not activated
3. Tried activating Request context programmatically via CDI.current().select(RequestContextController.class).get().activate() and then the previous select. It does work (I do get a securityidentity back) but it is anonymous and not the previously authenticated user...

Implementation ideas

No response