This is an automated email from the ASF dual-hosted git repository. arina pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/drill.git
The following commit(s) were added to refs/heads/master by this push: new 3b3c4af DRILL-7648: Scrypt j_security_check works without security headers 3b3c4af is described below commit 3b3c4af39fdc26f255cc17d66c55eb7565552a7d Author: Igor Guzenko <ihor.huzenko....@gmail.com> AuthorDate: Fri Mar 20 19:07:25 2020 +0200 DRILL-7648: Scrypt j_security_check works without security headers 1. Added callback for setting headers in DrillHttpSecurityHandlerProvider, since ResponseHeadersSettingFilter doesn't covers this flow. --- .../exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java index 36a9863..fb10ac1 100644 --- a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java +++ b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillHttpSecurityHandlerProvider.java @@ -17,6 +17,7 @@ */ package org.apache.drill.exec.server.rest.auth; +import org.apache.drill.exec.server.rest.header.ResponseHeadersSettingFilter; import org.apache.drill.shaded.guava.com.google.common.base.Preconditions; import org.apache.drill.common.config.DrillConfig; import org.apache.drill.common.exceptions.DrillException; @@ -54,11 +55,14 @@ public class DrillHttpSecurityHandlerProvider extends ConstraintSecurityHandler private final Map<String, DrillHttpConstraintSecurityHandler> securityHandlers = CaseInsensitiveMap.newHashMapWithExpectedSize(2); + private final Map<String, String> responseHeaders; + @SuppressWarnings("unchecked") public DrillHttpSecurityHandlerProvider(DrillConfig config, DrillbitContext drillContext) throws DrillbitStartupException { Preconditions.checkState(config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED)); + this.responseHeaders = ResponseHeadersSettingFilter.retrieveResponseHeaders(config); final Set<String> configuredMechanisms = getHttpAuthMechanisms(config); final ScanResult scan = drillContext.getClasspathScan(); @@ -122,7 +126,7 @@ public class DrillHttpSecurityHandlerProvider extends ConstraintSecurityHandler throws IOException, ServletException { Preconditions.checkState(securityHandlers.size() > 0); - + responseHeaders.forEach(response::setHeader); HttpSession session = request.getSession(true); SessionAuthentication authentication = (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);