[GitHub] [druid] abhishekagarwal87 commented on a diff in pull request #13071: Redesign QueryContext class

Wed, 12 Oct 2022 22:30:36 -0700 


abhishekagarwal87 commented on code in PR #13071:
URL: https://github.com/apache/druid/pull/13071#discussion_r994148369


##########
server/src/main/java/org/apache/druid/server/security/AuthConfig.java:
##########
@@ -82,6 +81,44 @@ public AuthConfig(
   @JsonProperty
   private final boolean authorizeQueryContextParams;
 
+  /**
+   * The set of query context keys that are allowed, even when security is
+   * enabled. A null value is the same as an empty set.
+   */
+  @JsonProperty
+  private final Set<String> unsecuredContextKeys;
+
+  /**
+   * The set of query context keys to secure, when context security is
+   * enabled. Null has a special meaning: it means to ignore this set.
+   * Else, only the keys in this set are subject to security. If set,
+   * the unsecured list is ignored.
+   */
+  @JsonProperty
+  private final Set<String> securedContextKeys;
+
+  @JsonCreator
+  public AuthConfig(
+      @JsonProperty("authenticatorChain") List<String> authenticatorChain,
+      @JsonProperty("authorizers") List<String> authorizers,
+      @JsonProperty("unsecuredPaths") List<String> unsecuredPaths,
+      @JsonProperty("allowUnauthenticatedHttpOptions") boolean 
allowUnauthenticatedHttpOptions,
+      @JsonProperty("authorizeQueryContextParams") boolean 
authorizeQueryContextParams,
+      @JsonProperty("unsecuredContextKeys") Set<String> unsecuredContextKeys,
+      @JsonProperty("securedContextKeys") Set<String> securedContextKeys
+  )
+  {
+    this.authenticatorChain = authenticatorChain;
+    this.authorizers = authorizers;
+    this.unsecuredPaths = unsecuredPaths == null ? Collections.emptyList() : 
unsecuredPaths;
+    this.allowUnauthenticatedHttpOptions = allowUnauthenticatedHttpOptions;
+    this.authorizeQueryContextParams = authorizeQueryContextParams;
+    this.unsecuredContextKeys = unsecuredContextKeys == null
+        ? Collections.emptySet()
+        : unsecuredContextKeys;
+    this.securedContextKeys = securedContextKeys;

Review Comment:
   should this be initialized as empty map like unsecuredContextKeys? 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to