This is an automated email from the ASF dual-hosted git repository.
himanshug pushed a commit to branch 0.18.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.18.0 by this push:
new 0a8552a druid-pac4j:add custom SSL handling to
com.nimbusds.oauth2.sdk.http.HTTPRequest objects (#9695) (#9708)
0a8552a is described below
commit 0a8552ad12990df4157ebbc6f0755d75ec31c223
Author: Jihoon Son <jihoon...@apache.org>
AuthorDate: Wed Apr 15 19:30:47 2020 -0700
druid-pac4j:add custom SSL handling to
com.nimbusds.oauth2.sdk.http.HTTPRequest objects (#9695) (#9708)
Co-authored-by: Himanshu <g.himan...@gmail.com>
---
extensions-core/druid-pac4j/pom.xml | 12 +++++++++++-
.../org/apache/druid/security/pac4j/Pac4jAuthenticator.java | 10 ++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/extensions-core/druid-pac4j/pom.xml
b/extensions-core/druid-pac4j/pom.xml
index 9d7960b..577ee03 100644
--- a/extensions-core/druid-pac4j/pom.xml
+++ b/extensions-core/druid-pac4j/pom.xml
@@ -35,6 +35,10 @@
<properties>
<pac4j.version>3.8.3</pac4j.version>
+
+ <!-- Following must be updated along with any updates to pac4j version -->
+ <nimbus.jose.jwt.version>7.9</nimbus.jose.jwt.version>
+ <oauth2.oidc.sdk.version>6.5</oauth2.oidc.sdk.version>
</properties>
<dependencies>
@@ -60,10 +64,16 @@
<artifactId>pac4j-oidc</artifactId>
<version>${pac4j.version}</version>
</dependency>
+
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
- <version>7.9</version>
+ <version>${nimbus.jose.jwt.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>oauth2-oidc-sdk</artifactId>
+ <version>${oauth2.oidc.sdk.version}</version>
</dependency>
<dependency>
diff --git
a/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java
b/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java
index c0473ce..2ca5000 100644
---
a/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java
+++
b/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java
@@ -25,7 +25,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
+import com.google.common.primitives.Ints;
import com.google.inject.Provider;
+import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import org.apache.druid.server.security.AuthenticationResult;
import org.apache.druid.server.security.Authenticator;
import org.pac4j.core.config.Config;
@@ -130,7 +132,10 @@ public class Pac4jAuthenticator implements Authenticator
oidcConf.setDiscoveryURI(oidcConfig.getDiscoveryURI());
oidcConf.setExpireSessionWithToken(true);
oidcConf.setUseNonce(true);
+
oidcConf.setReadTimeout(Ints.checkedCast(pac4jCommonConfig.getReadTimeout().getMillis()));
+
oidcConf.setResourceRetriever(
+ // ResourceRetriever is used to get Auth server configuration from
"discoveryURI"
new
CustomSSLResourceRetriever(pac4jCommonConfig.getReadTimeout().getMillis(),
sslSocketFactory)
);
@@ -138,6 +143,11 @@ public class Pac4jAuthenticator implements Authenticator
oidcClient.setUrlResolver(new DefaultUrlResolver(true));
oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
+ // This is used by OidcClient in various places to make HTTPrequests.
+ if (sslSocketFactory != null) {
+ HTTPRequest.setDefaultSSLSocketFactory(sslSocketFactory);
+ }
+
return new Config(Pac4jCallbackResource.SELF_URL, oidcClient);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org
For additional commands, e-mail: commits-h...@druid.apache.org
