Pankaj260100 commented on code in PR #15753:
URL: https://github.com/apache/druid/pull/15753#discussion_r1466061118
##########
extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java:
##########
@@ -110,11 +110,11 @@ public void doFilter(ServletRequest servletRequest,
ServletResponse servletRespo
return profiles.iterator().next().getId();
}
},
- NOOP_HTTP_ACTION_ADAPTER,
- null, null, null, null);
Review Comment:
Changed the Authorizer from null to "none". In the older version, if it is
null, it simply returns `authenticated and authorized -> grant access`. But in
the 4.5.7 pac4j version, it uses CsrfAuthorizer as default, And because of
this, I was getting 403 in a API calls. So, I have set it to "none".
##########
extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java:
##########
@@ -110,11 +110,11 @@ public void doFilter(ServletRequest servletRequest,
ServletResponse servletRespo
return profiles.iterator().next().getId();
}
},
- NOOP_HTTP_ACTION_ADAPTER,
- null, null, null, null);
Review Comment:
Changed the Authorizer from null to "none". In the older version, if it is
null, it simply returns `authenticated and authorized -> grant access`. But in
the 4.5.7 pac4j version, it uses CsrfAuthorizer as default, And because of
this, I was getting 403 in API calls. So, I have set it to "none".
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
