jerqi commented on code in PR #9788:
URL: https://github.com/apache/gravitino/pull/9788#discussion_r2730024671
##########
server-common/src/main/java/org/apache/gravitino/server/authentication/StaticSignKeyValidator.java:
##########
@@ -97,7 +104,10 @@ public Principal validateToken(String token, String
serviceAudience) {
throw new UnauthorizedException(
"Audiences in token is not in expected format: %s",
audienceObject);
}
- return new UserPrincipal(jwt.getBody().getSubject());
+
+ // Use principal mapper to extract username
+ Principal mappedPrincipal =
principalMapper.map(jwt.getBody().getSubject());
Review Comment:
Could u reuse the config options `OAuthConfig.PRINCIPAL_FIELDS` here? Now,
it's a fixed field `sub`.
##########
server-common/src/main/java/org/apache/gravitino/server/authentication/OAuthConfig.java:
##########
@@ -144,4 +144,26 @@ public interface OAuthConfig {
.version(ConfigConstants.VERSION_1_0_0)
.stringConf()
.createWithDefault("org.apache.gravitino.server.authentication.StaticSignKeyValidator");
+
+ ConfigEntry<String> PRINCIPAL_MAPPER_TYPE =
+ new ConfigBuilder(OAUTH_CONFIG_PREFIX + "principalMapperType")
+ .doc(
+ "Type of principal mapper to use for OAuth/JWT principals. "
+ + "Built-in value: 'regex' (uses regex pattern to extract
username). "
+ + "Default pattern '^(.*)$' keeps the principal unchanged. "
+ + "Can also be a fully qualified class name implementing
PrincipalMapper for custom logic.")
+ .version(ConfigConstants.VERSION_1_2_0)
+ .stringConf()
+ .createWithDefault("regex");
+
+ ConfigEntry<String> PRINCIPAL_MAPPER_REGEX_PATTERN =
+ new ConfigBuilder(OAUTH_CONFIG_PREFIX + "principalMapper.regex.pattern")
Review Comment:
`principalMapper.regex.pattern` -> `principalMapperRegexPattern`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
