GitHub user dosubot[bot] added a comment to the discussion: How to use two jwt
headers one for normal flow "Authorization" and second for service to service
"X-Service-Authorization"
<!-- Answer -->
To automatically assign the admin role to a user upon successful
authentication, you can extend your custom `SecurityManager` to include logic
for assigning roles. Here's how you can modify your `CustomSecurityManager` to
assign the admin role:
1. **Modify the SecurityManager**: After validating the service token, assign
the admin role to the user.
```python
# custom_security_manager.py
from superset.security import SupersetSecurityManager
from flask_appbuilder.security.sqla.models import Role
class CustomSecurityManager(SupersetSecurityManager):
def is_user_authenticated(self):
# Check for the standard Authorization header
if super().is_user_authenticated():
return True
# Check for the custom service token
service_token = request.environ.get('SERVICE_AUTH_TOKEN')
if service_token:
# Validate the service token (e.g., using Kubernetes TokenReview
API)
if self.validate_service_token(service_token):
# Assign the admin role to the user
self.assign_admin_role()
return True
return False
def validate_service_token(self, token):
# Implement your token validation logic here
# For example, using Kubernetes TokenReview API
return True # Return True if valid, False otherwise
def assign_admin_role(self):
# Get the admin role
admin_role = self.find_role("Admin")
if admin_role:
# Assign the admin role to the current user
user = self.get_user_by_id(self.get_user_id())
if user and admin_role not in user.roles:
user.roles.append(admin_role)
self.update_user(user)
```
This code snippet assumes that you have a method `get_user_by_id` to retrieve
the current user and `update_user` to save changes to the user object. Adjust
these methods as necessary to fit your implementation.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
---
<sup>Help Dosu learn! Give it feedback: [Great
Response](https://app.dosu.dev/response-feedback/ecf65162-4e62-4112-a4d7-ecc18b4eba44?feedback_type=great_response)
| [Irrelevant
Answer](https://app.dosu.dev/response-feedback/ecf65162-4e62-4112-a4d7-ecc18b4eba44?feedback_type=irrelevant_answer)
| [Incorrect
Sources](https://app.dosu.dev/response-feedback/ecf65162-4e62-4112-a4d7-ecc18b4eba44?feedback_type=incorrect_sources)
| [Too
Verbose](https://app.dosu.dev/response-feedback/ecf65162-4e62-4112-a4d7-ecc18b4eba44?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/ecf65162-4e62-4112-a4d7-ecc18b4eba44?feedback_type=hallucination)
| [Bug
Report](https://app.dosu.dev/response-feedback/ecf65162-4e62-4112-a4d7-ecc18b4eba44?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/ecf65162-4e62-4112-a4d7-ecc18b4eba44?feedback_type=other)</sup>
GitHub link:
https://github.com/apache/superset/discussions/33131#discussioncomment-12840706
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
