This is an automated email from the ASF dual-hosted git repository.
arina pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
The following commit(s) were added to refs/heads/master by this push:
new 3b3c4af DRILL-7648: Scrypt j_security_check works without security
headers
3b3c4af is described below
commit 3b3c4af39fdc26f255cc17d66c55eb7565552a7d
Author: Igor Guzenko <[email protected]>
AuthorDate: Fri Mar 20 19:07:25 2020 +0200
DRILL-7648: Scrypt j_security_check works without security headers
1. Added callback for setting headers in DrillHttpSecurityHandlerProvider,
since ResponseHeadersSettingFilter doesn't covers this flow.
---
.../exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java
index 36a9863..fb10ac1 100644
---
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java
+++
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java
@@ -17,6 +17,7 @@
*/
package org.apache.drill.exec.server.rest.auth;
+import org.apache.drill.exec.server.rest.header.ResponseHeadersSettingFilter;
import org.apache.drill.shaded.guava.com.google.common.base.Preconditions;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.common.exceptions.DrillException;
@@ -54,11 +55,14 @@ public class DrillHttpSecurityHandlerProvider extends
ConstraintSecurityHandler
private final Map<String, DrillHttpConstraintSecurityHandler>
securityHandlers =
CaseInsensitiveMap.newHashMapWithExpectedSize(2);
+ private final Map<String, String> responseHeaders;
+
@SuppressWarnings("unchecked")
public DrillHttpSecurityHandlerProvider(DrillConfig config, DrillbitContext
drillContext)
throws DrillbitStartupException {
Preconditions.checkState(config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED));
+ this.responseHeaders =
ResponseHeadersSettingFilter.retrieveResponseHeaders(config);
final Set<String> configuredMechanisms = getHttpAuthMechanisms(config);
final ScanResult scan = drillContext.getClasspathScan();
@@ -122,7 +126,7 @@ public class DrillHttpSecurityHandlerProvider extends
ConstraintSecurityHandler
throws IOException, ServletException {
Preconditions.checkState(securityHandlers.size() > 0);
-
+ responseHeaders.forEach(response::setHeader);
HttpSession session = request.getSession(true);
SessionAuthentication authentication =
(SessionAuthentication)
session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
