This is an automated email from the ASF dual-hosted git repository. himanshug pushed a commit to branch 0.18.0 in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.18.0 by this push: new 0a8552a druid-pac4j:add custom SSL handling to com.nimbusds.oauth2.sdk.http.HTTPRequest objects (#9695) (#9708) 0a8552a is described below commit 0a8552ad12990df4157ebbc6f0755d75ec31c223 Author: Jihoon Son <jihoon...@apache.org> AuthorDate: Wed Apr 15 19:30:47 2020 -0700 druid-pac4j:add custom SSL handling to com.nimbusds.oauth2.sdk.http.HTTPRequest objects (#9695) (#9708) Co-authored-by: Himanshu <g.himan...@gmail.com> --- extensions-core/druid-pac4j/pom.xml | 12 +++++++++++- .../org/apache/druid/security/pac4j/Pac4jAuthenticator.java | 10 ++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml index 9d7960b..577ee03 100644 --- a/extensions-core/druid-pac4j/pom.xml +++ b/extensions-core/druid-pac4j/pom.xml @@ -35,6 +35,10 @@ <properties> <pac4j.version>3.8.3</pac4j.version> + + <!-- Following must be updated along with any updates to pac4j version --> + <nimbus.jose.jwt.version>7.9</nimbus.jose.jwt.version> + <oauth2.oidc.sdk.version>6.5</oauth2.oidc.sdk.version> </properties> <dependencies> @@ -60,10 +64,16 @@ <artifactId>pac4j-oidc</artifactId> <version>${pac4j.version}</version> </dependency> + <dependency> <groupId>com.nimbusds</groupId> <artifactId>nimbus-jose-jwt</artifactId> - <version>7.9</version> + <version>${nimbus.jose.jwt.version}</version> + </dependency> + <dependency> + <groupId>com.nimbusds</groupId> + <artifactId>oauth2-oidc-sdk</artifactId> + <version>${oauth2.oidc.sdk.version}</version> </dependency> <dependency> diff --git a/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java b/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java index c0473ce..2ca5000 100644 --- a/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java +++ b/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java @@ -25,7 +25,9 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonTypeName; import com.google.common.base.Supplier; import com.google.common.base.Suppliers; +import com.google.common.primitives.Ints; import com.google.inject.Provider; +import com.nimbusds.oauth2.sdk.http.HTTPRequest; import org.apache.druid.server.security.AuthenticationResult; import org.apache.druid.server.security.Authenticator; import org.pac4j.core.config.Config; @@ -130,7 +132,10 @@ public class Pac4jAuthenticator implements Authenticator oidcConf.setDiscoveryURI(oidcConfig.getDiscoveryURI()); oidcConf.setExpireSessionWithToken(true); oidcConf.setUseNonce(true); + oidcConf.setReadTimeout(Ints.checkedCast(pac4jCommonConfig.getReadTimeout().getMillis())); + oidcConf.setResourceRetriever( + // ResourceRetriever is used to get Auth server configuration from "discoveryURI" new CustomSSLResourceRetriever(pac4jCommonConfig.getReadTimeout().getMillis(), sslSocketFactory) ); @@ -138,6 +143,11 @@ public class Pac4jAuthenticator implements Authenticator oidcClient.setUrlResolver(new DefaultUrlResolver(true)); oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver()); + // This is used by OidcClient in various places to make HTTPrequests. + if (sslSocketFactory != null) { + HTTPRequest.setDefaultSSLSocketFactory(sslSocketFactory); + } + return new Config(Pac4jCallbackResource.SELF_URL, oidcClient); } } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For additional commands, e-mail: commits-h...@druid.apache.org