difin commented on PR #6327:
URL: https://github.com/apache/hive/pull/6327#issuecomment-4000281124
> to support OAuth / JWT Authentication don't we need SecurityConfig?
>
> ```
> @EnableWebSecurity
> public class SecurityConfig extends WebSecurityConfigurerAdapter {
> @Override
> protected void configure(HttpSecurity http) throws Exception {
> http.oauth2ResourceServer()
> .jwt(); // validate JWT tokens
> }
> }
> ```
We don’t need Spring Security for JWT/OAuth2 here. Auth is handled by the
Hive metastore’s `ServletSecurity`, which wraps the Iceberg REST Catalog
servlet in `HMSCatalogFactory`. That layer extracts the Bearer token and
validates it with `SimpleJWTAuthenticator` (JWT) or `OAuth2Authenticator`
(OAuth2). This is the same path used by the embedded HMS REST catalog, so the
standalone server reuses that logic instead of introducing a separate Spring
Security filter chain. Adding Spring Security would duplicate and potentially
conflict with the existing auth handling.
I also added JWT integration tests for the Standalone REST Catalog server in
TestStandaloneRESTCatalogServerJwtAuth, using Keycloak (Testcontainers) as the
token issuer and the same ServletSecurity / SimpleJWTAuthenticator pipeline as
the embedded HMS REST catalog.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
