jacek-jablonski opened a new issue #6922: Authorizer is never executed after passing from Authenticator URL: https://github.com/apache/incubator-druid/issues/6922 Hi, I am developing OAuth security plugin for Druid. I've got some troubles getting Authorizer to work. Here is my current security config: ``` # # Authentication # druid.auth.allowUnauthenticatedHttpOptions=True druid.auth.authenticatorChain=["oauth"] druid.auth.authenticator.oauth.type=oauth druid.auth.authenticator.oauth.oauthHost=*** druid.auth.authenticator.oauth.oauthClient=druid druid.auth.authenticator.oauth.oauthSecret=*** druid.auth.authenticator.oauth.introspectionPath=/auth/oauth/check_token druid.auth.authenticator.oauth.authorizerName=oauth # # Authorization # druid.auth.authorizers=["oauth"] druid.auth.authorizer.oauth.type=oauth ``` Inside my Filter's class, I am sure that authorizerName gets passed to AuthenticationResult: ``` @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException ... log.debug("authorizer name: " + authorizerName); // here "authorizer name: oauth" is printed AuthenticationResult authenticationResult = new AuthenticationResult(username, authorizerName, name, null); servletRequest.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, authenticationResult); if (filterChain != null) { filterChain.doFilter(servletRequest, servletResponse); } } ``` and my simple Authorizer that should deny all: ``` @JsonTypeName("oauth") public class OAuthAuthorizer implements Authorizer { private static final Logger log = new Logger(OAuthAuthorizer.class); @JsonCreator public OAuthAuthorizer( @JsonProperty("name") String name ) { log.debug("OAuth Authorizer created"); // this gets printed on startup } @Override public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) { Log.debug("authorize called"); // never gets called if (authenticationResult == null) { throw new IAE("WTF? authenticationResult should never be null."); } return new Access(false); } } ``` From above Authorizer code, Request should never get passed, but it does (authorize method is never called). Even without any configuration regarding security (default AllowAllAuthenticator) in logs I can see: ``` io.druid.java.util.common.ISE: Request did not have an authorization check performed. ``` Do you have any clue what might cause this situation?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
