Hi, Here is the first PR then:
https://github.com/apache/polaris/pull/1373 I will start working on the second PR, but since it builds on top of the first one, we'd need to review & approve it first. Thanks, Alex On Tue, Apr 15, 2025 at 12:49 PM Robert Stupp <sn...@snazy.de> wrote: > +1 > > The plan is sound! > > On 14.04.25 23:15, Dmitri Bourlatchkov wrote: > > This plan SGTM! Thanks for working on this, Alex! > > > > Cheers, > > Dmitri. > > > > On Mon, Apr 14, 2025 at 4:52 PM Alex Dutra <alex.du...@dremio.com.invalid > > > > wrote: > > > >> Hi all, > >> > >> A recently-reported bug [1] uncovered some serious issues with the > JAX-RS > >> authentication filters. Fixing this bug requires replacing the > incriminated > >> filters with proper Quarkus Security mechanisms. > >> > >> In parallel to that, support for external identity providers has been > >> requested many times, see [2], [3] and [4]. We know however that this > >> feature can only be delivered by implementing similar mechanisms. > >> > >> There might be an opportunity here to kill two birds with one stone. I > >> would like therefore to make the following proposal: > >> > >> 1. In a first PR, *replace the current authentication filters* by > >> Quarkus Security. This PR should be transparent to users and should > not > >> change the current behavior of Polaris, nor its configuration > options. > >> 2. In a second PR, *implement support for external identity > providers*. > >> This shall be done by implementing a new > HttpAuthenticationMechanism > >> that will pick the right authentication mechanism (internal token > >> broker vs > >> external IdP) based on the runtime configuration. > >> > >> If you agree with this proposal, I'm happy to start working on the > first > >> PR. > >> > >> Thanks, > >> > >> Alex > >> > >> [1]: https://github.com/apache/polaris/issues/1345 > >> [2]: https://github.com/apache/polaris/issues/336 > >> [3]: https://github.com/apache/polaris/issues/976 > >> [4]: https://github.com/apache/polaris/issues/1327 > >> > -- > Robert Stupp > @snazy > >
