druid-pac4j:add custom SSL handling to com.nimbusds.oauth2.sdk.http.HTTPRequest objects (#9695)

2020-04-15 15:59:24 -07:00 · 2020-04-15 15:59:24 -07:00 · b082262a2a
parent 8328d91b30
commit b082262a2a
2 changed files with 21 additions and 1 deletions
--- a/extensions-core/druid-pac4j/pom.xml
+++ b/extensions-core/druid-pac4j/pom.xml
@ -35,6 +35,10 @@

  <properties>
    <pac4j.version>3.8.3</pac4j.version>
+
+    <!-- Following must be updated along with any updates to pac4j version -->
+    <nimbus.jose.jwt.version>7.9</nimbus.jose.jwt.version>
+    <oauth2.oidc.sdk.version>6.5</oauth2.oidc.sdk.version>
  </properties>

  <dependencies>
@ -60,10 +64,16 @@
      <artifactId>pac4j-oidc</artifactId>
      <version>${pac4j.version}</version>
    </dependency>
+
    <dependency>
      <groupId>com.nimbusds</groupId>
      <artifactId>nimbus-jose-jwt</artifactId>
-      <version>7.9</version>
+      <version>${nimbus.jose.jwt.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.nimbusds</groupId>
+      <artifactId>oauth2-oidc-sdk</artifactId>
+      <version>${oauth2.oidc.sdk.version}</version>
    </dependency>

    <dependency>
--- a/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java
+++ b/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jAuthenticator.java
@ -25,7 +25,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeName;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
+import com.google.common.primitives.Ints;
 import com.google.inject.Provider;
+import com.nimbusds.oauth2.sdk.http.HTTPRequest;
 import org.apache.druid.server.security.AuthenticationResult;
 import org.apache.druid.server.security.Authenticator;
 import org.pac4j.core.config.Config;
@ -130,7 +132,10 @@ public class Pac4jAuthenticator implements Authenticator
    oidcConf.setDiscoveryURI(oidcConfig.getDiscoveryURI());
    oidcConf.setExpireSessionWithToken(true);
    oidcConf.setUseNonce(true);
+    oidcConf.setReadTimeout(Ints.checkedCast(pac4jCommonConfig.getReadTimeout().getMillis()));
+
    oidcConf.setResourceRetriever(
+        // ResourceRetriever is used to get Auth server configuration from "discoveryURI"
        new CustomSSLResourceRetriever(pac4jCommonConfig.getReadTimeout().getMillis(), sslSocketFactory)
    );

@ -138,6 +143,11 @@ public class Pac4jAuthenticator implements Authenticator
    oidcClient.setUrlResolver(new DefaultUrlResolver(true));
    oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());

+    // This is used by OidcClient in various places to make HTTPrequests.
+    if (sslSocketFactory != null) {
+      HTTPRequest.setDefaultSSLSocketFactory(sslSocketFactory);
+    }
+
    return new Config(Pac4jCallbackResource.SELF_URL, oidcClient);
  }
 }