mirror of https://github.com/apache/druid.git
druid-pac4j:add custom SSL handling to com.nimbusds.oauth2.sdk.http.HTTPRequest objects (#9695)
This commit is contained in:
parent
8328d91b30
commit
b082262a2a
|
@ -35,6 +35,10 @@
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<pac4j.version>3.8.3</pac4j.version>
|
<pac4j.version>3.8.3</pac4j.version>
|
||||||
|
|
||||||
|
<!-- Following must be updated along with any updates to pac4j version -->
|
||||||
|
<nimbus.jose.jwt.version>7.9</nimbus.jose.jwt.version>
|
||||||
|
<oauth2.oidc.sdk.version>6.5</oauth2.oidc.sdk.version>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
|
@ -60,10 +64,16 @@
|
||||||
<artifactId>pac4j-oidc</artifactId>
|
<artifactId>pac4j-oidc</artifactId>
|
||||||
<version>${pac4j.version}</version>
|
<version>${pac4j.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.nimbusds</groupId>
|
<groupId>com.nimbusds</groupId>
|
||||||
<artifactId>nimbus-jose-jwt</artifactId>
|
<artifactId>nimbus-jose-jwt</artifactId>
|
||||||
<version>7.9</version>
|
<version>${nimbus.jose.jwt.version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.nimbusds</groupId>
|
||||||
|
<artifactId>oauth2-oidc-sdk</artifactId>
|
||||||
|
<version>${oauth2.oidc.sdk.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
|
|
|
@ -25,7 +25,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
import com.fasterxml.jackson.annotation.JsonTypeName;
|
import com.fasterxml.jackson.annotation.JsonTypeName;
|
||||||
import com.google.common.base.Supplier;
|
import com.google.common.base.Supplier;
|
||||||
import com.google.common.base.Suppliers;
|
import com.google.common.base.Suppliers;
|
||||||
|
import com.google.common.primitives.Ints;
|
||||||
import com.google.inject.Provider;
|
import com.google.inject.Provider;
|
||||||
|
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
|
||||||
import org.apache.druid.server.security.AuthenticationResult;
|
import org.apache.druid.server.security.AuthenticationResult;
|
||||||
import org.apache.druid.server.security.Authenticator;
|
import org.apache.druid.server.security.Authenticator;
|
||||||
import org.pac4j.core.config.Config;
|
import org.pac4j.core.config.Config;
|
||||||
|
@ -130,7 +132,10 @@ public class Pac4jAuthenticator implements Authenticator
|
||||||
oidcConf.setDiscoveryURI(oidcConfig.getDiscoveryURI());
|
oidcConf.setDiscoveryURI(oidcConfig.getDiscoveryURI());
|
||||||
oidcConf.setExpireSessionWithToken(true);
|
oidcConf.setExpireSessionWithToken(true);
|
||||||
oidcConf.setUseNonce(true);
|
oidcConf.setUseNonce(true);
|
||||||
|
oidcConf.setReadTimeout(Ints.checkedCast(pac4jCommonConfig.getReadTimeout().getMillis()));
|
||||||
|
|
||||||
oidcConf.setResourceRetriever(
|
oidcConf.setResourceRetriever(
|
||||||
|
// ResourceRetriever is used to get Auth server configuration from "discoveryURI"
|
||||||
new CustomSSLResourceRetriever(pac4jCommonConfig.getReadTimeout().getMillis(), sslSocketFactory)
|
new CustomSSLResourceRetriever(pac4jCommonConfig.getReadTimeout().getMillis(), sslSocketFactory)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -138,6 +143,11 @@ public class Pac4jAuthenticator implements Authenticator
|
||||||
oidcClient.setUrlResolver(new DefaultUrlResolver(true));
|
oidcClient.setUrlResolver(new DefaultUrlResolver(true));
|
||||||
oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
|
oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
|
||||||
|
|
||||||
|
// This is used by OidcClient in various places to make HTTPrequests.
|
||||||
|
if (sslSocketFactory != null) {
|
||||||
|
HTTPRequest.setDefaultSSLSocketFactory(sslSocketFactory);
|
||||||
|
}
|
||||||
|
|
||||||
return new Config(Pac4jCallbackResource.SELF_URL, oidcClient);
|
return new Config(Pac4jCallbackResource.SELF_URL, oidcClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue