druid-pac4j:add custom SSL handling to com.nimbusds.oauth2.sdk.http.HTTPRequest objects (#9695)

This commit is contained in:
Himanshu 2020-04-15 15:59:24 -07:00 committed by GitHub
parent 8328d91b30
commit b082262a2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 1 deletions

View File

@ -35,6 +35,10 @@
<properties> <properties>
<pac4j.version>3.8.3</pac4j.version> <pac4j.version>3.8.3</pac4j.version>
<!-- Following must be updated along with any updates to pac4j version -->
<nimbus.jose.jwt.version>7.9</nimbus.jose.jwt.version>
<oauth2.oidc.sdk.version>6.5</oauth2.oidc.sdk.version>
</properties> </properties>
<dependencies> <dependencies>
@ -60,10 +64,16 @@
<artifactId>pac4j-oidc</artifactId> <artifactId>pac4j-oidc</artifactId>
<version>${pac4j.version}</version> <version>${pac4j.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.nimbusds</groupId> <groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId> <artifactId>nimbus-jose-jwt</artifactId>
<version>7.9</version> <version>${nimbus.jose.jwt.version}</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
<version>${oauth2.oidc.sdk.version}</version>
</dependency> </dependency>
<dependency> <dependency>

View File

@ -25,7 +25,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName; import com.fasterxml.jackson.annotation.JsonTypeName;
import com.google.common.base.Supplier; import com.google.common.base.Supplier;
import com.google.common.base.Suppliers; import com.google.common.base.Suppliers;
import com.google.common.primitives.Ints;
import com.google.inject.Provider; import com.google.inject.Provider;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import org.apache.druid.server.security.AuthenticationResult; import org.apache.druid.server.security.AuthenticationResult;
import org.apache.druid.server.security.Authenticator; import org.apache.druid.server.security.Authenticator;
import org.pac4j.core.config.Config; import org.pac4j.core.config.Config;
@ -130,7 +132,10 @@ public class Pac4jAuthenticator implements Authenticator
oidcConf.setDiscoveryURI(oidcConfig.getDiscoveryURI()); oidcConf.setDiscoveryURI(oidcConfig.getDiscoveryURI());
oidcConf.setExpireSessionWithToken(true); oidcConf.setExpireSessionWithToken(true);
oidcConf.setUseNonce(true); oidcConf.setUseNonce(true);
oidcConf.setReadTimeout(Ints.checkedCast(pac4jCommonConfig.getReadTimeout().getMillis()));
oidcConf.setResourceRetriever( oidcConf.setResourceRetriever(
// ResourceRetriever is used to get Auth server configuration from "discoveryURI"
new CustomSSLResourceRetriever(pac4jCommonConfig.getReadTimeout().getMillis(), sslSocketFactory) new CustomSSLResourceRetriever(pac4jCommonConfig.getReadTimeout().getMillis(), sslSocketFactory)
); );
@ -138,6 +143,11 @@ public class Pac4jAuthenticator implements Authenticator
oidcClient.setUrlResolver(new DefaultUrlResolver(true)); oidcClient.setUrlResolver(new DefaultUrlResolver(true));
oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver()); oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
// This is used by OidcClient in various places to make HTTPrequests.
if (sslSocketFactory != null) {
HTTPRequest.setDefaultSSLSocketFactory(sslSocketFactory);
}
return new Config(Pac4jCallbackResource.SELF_URL, oidcClient); return new Config(Pac4jCallbackResource.SELF_URL, oidcClient);
} }
} }