Re: [PR] pacj4: add UserProfile attributes to AuthenticationResult context (druid)

Wed, 20 Mar 2024 04:46:49 -0700 


abhishekagarwal87 commented on code in PR #16109:
URL: https://github.com/apache/druid/pull/16109#discussion_r1531801805


##########
extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java:
##########
@@ -96,24 +97,24 @@ public void doFilter(ServletRequest servletRequest, 
ServletResponse servletRespo
           "/",
           true, false, false, null);
     } else {
-      Object uid = securityLogic.perform(
+      OidcProfile profile = (OidcProfile) securityLogic.perform(

Review Comment:
   can you use `UserProfile` interface that the iterator is returning? 



##########
extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java:
##########
@@ -96,24 +97,24 @@ public void doFilter(ServletRequest servletRequest, 
ServletResponse servletRespo
           "/",
           true, false, false, null);
     } else {
-      Object uid = securityLogic.perform(
+      OidcProfile profile = (OidcProfile) securityLogic.perform(
           context,
           pac4jConfig,
           (JEEContext ctx, Collection<UserProfile> profiles, Object... 
parameters) -> {
             if (profiles.isEmpty()) {
               LOGGER.warn("No profiles found after OIDC auth.");
               return null;
             } else {
-              return profiles.iterator().next().getId();
+              return profiles.iterator().next();
             }
           },
           JEEHttpActionAdapter.INSTANCE,
           null, "none", null, null);
       // Changed the Authorizer from null to "none".
       // In the older version, if it is null, it simply grant access and 
returns authorized.
       // But in the newer pac4j version, it uses CsrfAuthorizer as default, 
And because of this, It was returning 403 in API calls.
-      if (uid != null) {
-        AuthenticationResult authenticationResult = new 
AuthenticationResult(uid.toString(), authorizerName, name, null);
+      if (profile != null) {

Review Comment:
   ```suggestion
         if (profile != null && profile.get() != null) {
   ```
   To preserve the old behaviour.. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to