Re: [PR] Adjusting `SqlStatementResource` and `SqlTaskResource` to set request attribute via a new method. (druid)

Sun, 20 Aug 2023 23:00:57 -0700 


LakshSingla commented on code in PR #14878:
URL: https://github.com/apache/druid/pull/14878#discussion_r1299642638


##########
server/src/main/java/org/apache/druid/server/security/AuthorizationUtils.java:
##########
@@ -175,6 +175,23 @@ public static Access authorizeAllResourceActions(
     return access;
   }
 
+  /**
+   * Sets the {@link AuthConfig#DRUID_AUTHORIZATION_CHECKED} attribute in the 
{@link HttpServletRequest} to true. This method is generally used
+   * when no {@link ResourceAction} need to be checked for the API. If 
resources are present, users should call
+   * {@link AuthorizationUtils#authorizeAllResourceActions(HttpServletRequest, 
Iterable, AuthorizerMapper)}
+   */
+  public static void setRequestAuthorizationAttributeIfNeeded(final 
HttpServletRequest request)
+  {
+    if (request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH) != null) {
+      // do nothing
+      return;
+    }
+    if (request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED) != null) {
+      throw new ISE("Request already had authorization check.");

Review Comment:
   ```suggestion
         throw DruidException.defensive("Request already had authorization 
check.");
   ```



##########
server/src/main/java/org/apache/druid/server/security/AuthorizationUtils.java:
##########
@@ -175,6 +175,23 @@ public static Access authorizeAllResourceActions(
     return access;
   }
 
+  /**
+   * Sets the {@link AuthConfig#DRUID_AUTHORIZATION_CHECKED} attribute in the 
{@link HttpServletRequest} to true. This method is generally used
+   * when no {@link ResourceAction} need to be checked for the API. If 
resources are present, users should call
+   * {@link AuthorizationUtils#authorizeAllResourceActions(HttpServletRequest, 
Iterable, AuthorizerMapper)}
+   */
+  public static void setRequestAuthorizationAttributeIfNeeded(final 
HttpServletRequest request)
+  {
+    if (request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH) != null) {
+      // do nothing

Review Comment:
   Seems shallow, can you please expand on this or remove the comment?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to