clintropolis closed pull request #6700: [Backport] Use PasswordProvider for
basic HTTP escalator (#6650)
URL: https://github.com/apache/incubator-druid/pull/6700
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/docs/content/development/extensions-core/druid-basic-security.md
b/docs/content/development/extensions-core/druid-basic-security.md
index 9b466ed4d2e..59d74c13b89 100644
--- a/docs/content/development/extensions-core/druid-basic-security.md
+++ b/docs/content/development/extensions-core/druid-basic-security.md
@@ -93,7 +93,7 @@ druid.escalator.authorizerName=MyBasicAuthorizer
|Property|Description|Default|required|
|--------|-----------|-------|--------|
|`druid.escalator.internalClientUsername`|The escalator will use this username
for requests made as the internal systerm user.|n/a|Yes|
-|`druid.escalator.internalClientPassword`|The escalator will use this password
for requests made as the internal system user.|n/a|Yes|
+|`druid.escalator.internalClientPassword`|The escalator will use this
[Password Provider](../../operations/password-provider.html) for requests made
as the internal system user.|n/a|Yes|
|`druid.escalator.authorizerName`|Authorizer that requests should be directed
to.|n/a|Yes|
diff --git
a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPEscalator.java
b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPEscalator.java
index 1ac3363c6c8..dc84ab162f0 100644
---
a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPEscalator.java
+++
b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPEscalator.java
@@ -25,6 +25,7 @@
import org.apache.druid.java.util.http.client.CredentialedHttpClient;
import org.apache.druid.java.util.http.client.HttpClient;
import org.apache.druid.java.util.http.client.auth.BasicCredentials;
+import org.apache.druid.metadata.PasswordProvider;
import org.apache.druid.server.security.AuthenticationResult;
import org.apache.druid.server.security.Escalator;
@@ -32,14 +33,14 @@
public class BasicHTTPEscalator implements Escalator
{
private final String internalClientUsername;
- private final String internalClientPassword;
+ private final PasswordProvider internalClientPassword;
private final String authorizerName;
@JsonCreator
public BasicHTTPEscalator(
@JsonProperty("authorizerName") String authorizerName,
@JsonProperty("internalClientUsername") String internalClientUsername,
- @JsonProperty("internalClientPassword") String internalClientPassword
+ @JsonProperty("internalClientPassword") PasswordProvider
internalClientPassword
)
{
this.authorizerName = authorizerName;
@@ -51,7 +52,7 @@ public BasicHTTPEscalator(
public HttpClient createEscalatedClient(HttpClient baseClient)
{
return new CredentialedHttpClient(
- new BasicCredentials(internalClientUsername, internalClientPassword),
+ new BasicCredentials(internalClientUsername,
internalClientPassword.getPassword()),
baseClient
);
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
