vvysotskyi commented on a change in pull request #2037: DRILL-7648: Scrypt
j_security_check works without security headers
URL: https://github.com/apache/drill/pull/2037#discussion_r396491824
##########
File path:
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebServer.java
##########
@@ -219,9 +220,11 @@ private ServletContextHandler
createServletContextHandler(final boolean authEnab
servletContextHandler.addServlet(dynamicHolder, "/dynamic/*");
}
+ final Map<String, String> responseHeaders =
ResponseHeadersSettingFilter.retrieveResponseHeaders(config);
if (authEnabled) {
//DrillSecurityHandler is used to support SPNEGO and FORM authentication
together
- servletContextHandler.setSecurityHandler(new
DrillHttpSecurityHandlerProvider(config, workManager.getContext()));
+ servletContextHandler.setSecurityHandler(new
DrillHttpSecurityHandlerProvider(config, workManager.getContext(),
+ (req, resp) -> responseHeaders.forEach(resp::setHeader)));
Review comment:
Looks like the response is used here only. Is it possible to use and pass
`Consumer` instead of `BiConsumer`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
