JWT+REST Client+OT: SecurityIdentityProxy exception popping up

[Karm]

Describe the bug

When I migrated a small test app from Jaeger to OpenTelemetry, a new exception has started to pop up in the log. Note that this is a tiny test app, mushing together client and server, initiating a REST Client call from within an already ongoing request. Perhaps that could be a part of the issue. I am fine refactoring the app, but it's not obvious to me if this is indeed an expected behavior. Despite "Security" keyword in the exception, I do not thing there is any immediate security implication at hand.

Expected behavior

There is no error in the log.

Actual behavior

ERROR [org.jbo.thr.errors] (executor-thread-1) Thread Thread[#36,executor-thread-1,5,main] threw an uncaught exception: jakarta.enterprise.context.ContextNotActiveException: RequestScoped context was not active when trying to obtain a bean instance for a client proxy of CLASS bean [class=io.quarkus.security.runtime.SecurityIdentityProxy, id=U3fuB4yO9MSr82V2xU36xFn98dk]
    - you can activate the request context for a specific method using the @ActivateRequestContext interceptor binding
    at io.quarkus.arc.impl.ClientProxies.notActive(ClientProxies.java:70)
    at io.quarkus.arc.impl.ClientProxies.getSingleContextDelegate(ClientProxies.java:30)
    at io.quarkus.security.runtime.SecurityIdentityProxy_ClientProxy.arc$delegate(Unknown Source)
    at io.quarkus.security.runtime.SecurityIdentityProxy_ClientProxy.isAnonymous(Unknown Source)
    at io.quarkus.opentelemetry.runtime.exporter.otlp.EndUserSpanProcessor.lambda$onStart$0(EndUserSpanProcessor.java:31)
    at io.smallrye.context.impl.wrappers.SlowContextualRunnable.run(SlowContextualRunnable.java:19)
    at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:587)
    at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
    at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
    at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:1583)

How to Reproduce?

$ git clone https://github.com/Karm/dev-null
$ cd dev-null/reproducer87326/
$ mvn clean package
$ java -jar target/quarkus-app/quarkus-run.jar 

Then in a separate terminal, trivial, one client connection at a time:

$ while [ 1 ];do curl http://0.0.0.0:8080/secured/test;done 

You can run the OT collector too, but it doesn't seem to be necessary to see the issue:

$ docker run -p 127.0.0.1:4317:4317   -p 127.0.0.1:55679:55679 otel/opentelemetry-collector:0.96.0 

The correct expected result of the call is:

Claim value within JWT of 'custom-value' : PROTECTED: My value

Note that the call works fine, it's the exception in the log that is...unexpected.

Output of uname -a or ver

Linux amd64, 5.14.0-425.el9.x86_64

Output of java -version

21.0.1

Quarkus version or git rev

3.8.0, 3.8.3, 3.9.0

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae) Maven home: /home/karm/Tools/apache-maven-3.9.6 Java version: 21.0.1-beta, vendor: Eclipse Adoptium, runtime: /var/X/JDKs/jdk-21.0.1+12 Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "5.14.0-425.el9.x86_64", arch: "amd64", family: "unix"

Additional information

No response

[quarkus-bot[bot]]

/cc @cescoffier (rest-client), @geoand (rest-client), @sberyozkin (jwt,security)

[sberyozkin]

This is probably related to #39563, where a context issue is also reported in the OT attempting to access the security identity, @michalvavrik FYI

[michalvavrik]

Absolutely, thanks for reporting it. I have fix in progress and @brunobat is planning to remove the feature with #39648

[michalvavrik]

fixed https://github.com/quarkusio/quarkus/pull/40466