quarkus: Quarkus Security: @RolesAllowed causes crash on class but works on method when using CompletionStage

Describe the bug We are using the quarkus-elytron-security-properties-file extension and added the @RolesAllowed annotation to a the GreetingResource from the quarkus kotlin example. At first this works fine. However, as soon as you return a CompletionStage<Response> instead of the response directly, the exception below is thrown.

However, if you attach the @RolesAllowed annotation to the hello() method, the code works just fine.

Exception:

2020-02-20 09:57:00,833 ERROR [org.jbo.res.res.i18n] (executor-thread-2) RESTEASY002020: Unhandled asynchronous exception, sending back 500: javax.enterprise.context.ContextNotActiveException: interface javax.enterprise.context.RequestScoped
        at io.quarkus.security.runtime.SecurityIdentityProxy_ClientProxy.arc$delegate(SecurityIdentityProxy_ClientProxy.zig:368)
        at io.quarkus.security.runtime.SecurityIdentityProxy_ClientProxy.getRoles(SecurityIdentityProxy_ClientProxy.zig:459)
        at io.quarkus.security.runtime.interceptor.check.RolesAllowedCheck.apply(RolesAllowedCheck.java:54)
        at io.quarkus.security.runtime.interceptor.SecurityConstrainer.check(SecurityConstrainer.java:27)
        at io.quarkus.security.runtime.interceptor.SecurityHandler.handle(SecurityHandler.java:23)
        at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor.intercept(RolesAllowedInterceptor.java:23)
        at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor_Bean.intercept(RolesAllowedInterceptor_Bean.zig:144)
        at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
        at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
        at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
        at org.acme.rest.GreetingResource_Subclass.getService(GreetingResource_Subclass.zig:408)
        at org.acme.rest.GreetingResource$hello$1.get(GreetingResource.kt:26)
        at org.acme.rest.GreetingResource$hello$1.get(GreetingResource.kt:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1771)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1763)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:177)

Expected behavior When the class is annotated with the @RolesAllowed annotation it should behave as when every method in the class is annotated with this method. Furthermore, it should behave the same with and without using a CompletionStage in the result.

Actual behavior It crashes when you use @RolesAllowed on the class with CompletionStage results in the methods but works if you annotate the methods or do not use async results.

To Reproduce Steps to reproduce the behavior:

1. Download the reproducer project rest-security-bug.zip and unzip it.
2. Start the application by calling ./mvnw compile quarkus:dev in the project`s diretory.
3. Make a GET request to http://localhost:8080/greeting with basic auth credentials: user: scott, password: test
4. The request should fail with the exception shown above.
5. If you comment out line GreetingResource:16 and comment in line GreetingResource:24 and run the request again, the code should work.

Environment (please complete the following information):

• macOS, Windows 10
• java 8, java 11
• Quarkus 1.2.0.Final, 1.2.1.Final, 1.3.0.Alpha2