(polaris) branch main updated: Remove getCurrentContext from JWTBroker (#2202)

Wed, 30 Jul 2025 14:40:01 -0700 

This is an automated email from the ASF dual-hosted git repository.

dimas pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git


The following commit(s) were added to refs/heads/main by this push:
     new 4d94745db Remove getCurrentContext from JWTBroker (#2202)
4d94745db is described below

commit 4d94745db36c5d4907cf34d749a3a2690f8e4fff
Author: Christopher Lambert <[email protected]>
AuthorDate: Wed Jul 30 23:39:47 2025 +0200

    Remove getCurrentContext from JWTBroker (#2202)
---
 .../service/auth/DefaultOAuth2ApiService.java      |  7 ++-
 .../org/apache/polaris/service/auth/JWTBroker.java |  4 +-
 .../service/auth/NoneTokenBrokerFactory.java       |  1 +
 .../apache/polaris/service/auth/TokenBroker.java   | 50 +---------------------
 4 files changed, 10 insertions(+), 52 deletions(-)

diff --git 
a/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java
 
b/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java
index fb2fb5750..22aa301a3 100644
--- 
a/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java
+++ 
b/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java
@@ -110,7 +110,12 @@ public class DefaultOAuth2ApiService implements 
IcebergRestOAuth2ApiService {
     } else if (subjectToken != null) {
       tokenResponse =
           tokenBroker.generateFromToken(
-              subjectTokenType, subjectToken, grantType, scope, 
requestedTokenType);
+              subjectTokenType,
+              subjectToken,
+              grantType,
+              scope,
+              callContext.getPolarisCallContext(),
+              requestedTokenType);
     } else {
       return 
OAuthUtils.getResponseFromError(OAuthTokenErrorResponse.Error.invalid_request);
     }
diff --git 
a/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java 
b/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java
index c0ce0b471..48d5735a1 100644
--- 
a/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java
+++ 
b/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java
@@ -31,7 +31,6 @@ import java.util.UUID;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.iceberg.exceptions.NotAuthorizedException;
 import org.apache.polaris.core.PolarisCallContext;
-import org.apache.polaris.core.context.CallContext;
 import org.apache.polaris.core.entity.PolarisEntityType;
 import org.apache.polaris.core.entity.PrincipalEntity;
 import org.apache.polaris.core.persistence.PolarisMetaStoreManager;
@@ -101,6 +100,7 @@ public abstract class JWTBroker implements TokenBroker {
       String subjectToken,
       String grantType,
       String scope,
+      PolarisCallContext polarisCallContext,
       TokenType requestedTokenType) {
     if (requestedTokenType != null && 
!TokenType.ACCESS_TOKEN.equals(requestedTokenType)) {
       return new TokenResponse(OAuthTokenErrorResponse.Error.invalid_request);
@@ -119,7 +119,7 @@ public abstract class JWTBroker implements TokenBroker {
     }
     EntityResult principalLookup =
         metaStoreManager.loadEntity(
-            CallContext.getCurrentContext().getPolarisCallContext(),
+            polarisCallContext,
             0L,
             Objects.requireNonNull(decodedToken.getPrincipalId()),
             PolarisEntityType.PRINCIPAL);
diff --git 
a/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java
 
b/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java
index a35215937..5744cef2e 100644
--- 
a/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java
+++ 
b/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java
@@ -58,6 +58,7 @@ public class NoneTokenBrokerFactory implements 
TokenBrokerFactory {
             String subjectToken,
             String grantType,
             String scope,
+            PolarisCallContext polarisCallContext,
             TokenType requestedTokenType) {
           return null;
         }
diff --git 
a/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java 
b/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java
index b5d242070..010490dc0 100644
--- 
a/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java
+++ 
b/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java
@@ -35,35 +35,9 @@ public interface TokenBroker {
 
   boolean supportsRequestedTokenType(TokenType tokenType);
 
-  /**
-   * Generate a token from client secrets without specifying the requested 
token type
-   *
-   * @param clientId
-   * @param clientSecret
-   * @param grantType
-   * @param scope
-   * @return the response indicating an error or the requested token
-   * @deprecated - use the method with the requested token type
-   */
-  @Deprecated
-  default TokenResponse generateFromClientSecrets(
-      final String clientId,
-      final String clientSecret,
-      final String grantType,
-      final String scope,
-      PolarisCallContext polarisCallContext) {
-    return generateFromClientSecrets(
-        clientId, clientSecret, grantType, scope, polarisCallContext, 
TokenType.ACCESS_TOKEN);
-  }
-
   /**
    * Generate a token from client secrets
    *
-   * @param clientId
-   * @param clientSecret
-   * @param grantType
-   * @param scope
-   * @param requestedTokenType
    * @return the response indicating an error or the requested token
    */
   TokenResponse generateFromClientSecrets(
@@ -74,32 +48,9 @@ public interface TokenBroker {
       PolarisCallContext polarisCallContext,
       TokenType requestedTokenType);
 
-  /**
-   * Generate a token from an existing token of a specified type without 
specifying the requested
-   * token type
-   *
-   * @param subjectTokenType
-   * @param subjectToken
-   * @param grantType
-   * @param scope
-   * @return the response indicating an error or the requested token
-   * @deprecated - use the method with the requested token type
-   */
-  @Deprecated
-  default TokenResponse generateFromToken(
-      TokenType subjectTokenType, String subjectToken, final String grantType, 
final String scope) {
-    return generateFromToken(
-        subjectTokenType, subjectToken, grantType, scope, 
TokenType.ACCESS_TOKEN);
-  }
-
   /**
    * Generate a token from an existing token of a specified type
    *
-   * @param subjectTokenType
-   * @param subjectToken
-   * @param grantType
-   * @param scope
-   * @param requestedTokenType
    * @return the response indicating an error or the requested token
    */
   TokenResponse generateFromToken(
@@ -107,6 +58,7 @@ public interface TokenBroker {
       String subjectToken,
       final String grantType,
       final String scope,
+      PolarisCallContext polarisCallContext,
       TokenType requestedTokenType);
 
   DecodedToken verify(String token);

Reply via email to