janhoy commented on code in PR #890:
URL: https://github.com/apache/solr/pull/890#discussion_r967868800
##########
solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTAuthPlugin.java:
##########
@@ -598,12 +599,48 @@ protected JWTAuthenticationResponse authenticate(String
authorizationHeader) {
} else {
// Pull roles from separate claim, either as whitespace
separated list or as JSON
// array
- Object rolesObj = jwtClaims.getClaimValue(rolesClaim);
+ Object rolesObj;
+ if (rolesClaim.indexOf('.') > 0) {
Review Comment:
Note that if someone uses `.` in a claim name, e.g. `my.roles` then we won't
be able to configure it, since this code will look for `"my":{"roles":[]}`
instead. Shold we first attempt fething the verbatim claim, and if not found,
interpret it as nested? My gut feeling is that it is not that common to
dot-separate claim names, it's more common with dash or underscore separators...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
