dimas-b commented on code in PR #3999:
URL: https://github.com/apache/polaris/pull/3999#discussion_r3079638347
##########
polaris-core/src/main/java/org/apache/polaris/core/auth/AuthorizationRequest.java:
##########
@@ -75,18 +79,36 @@ default List<PolarisSecurable> getTargets() {
@Nonnull
@Value.Derived
default List<PolarisSecurable> getSecondaries() {
- List<PolarisSecurable> secondaries = new ArrayList<>();
- for (AuthorizationTargetBinding targetBinding : getTargetBindings()) {
- if (targetBinding.getSecondary() != null) {
- secondaries.add(targetBinding.getSecondary());
- }
- }
- return secondaries;
+ return getTargetBindings().stream()
+ .map(AuthorizationTargetBinding::getSecondary)
+ .filter(Objects::nonNull)
+ .toList();
+ }
+
+ /**
+ * Returns a stable debug string for authorization messages.
+ *
+ * <p>Includes the operation, principal name, formatted targets, and
formatted secondaries.
+ */
+ @Nonnull
+ default String formatForAuthorizationMessage() {
+ return String.format(
+ "operation=%s principal=%s targets=%s secondaries=%s",
Review Comment:
> [...] wouldn't a denied user already know what targets, and secondaries
they are trying to access, and what operation, and principal they are using?
Partially. I did not review the message in depth, but the client operates on
names, but the message might contain IDs, etc. My concern is about about
legitimate clients, but about malicious clients.
Re: principal, if the auth token is stolen, the malicious client will not
know the principal name, but may discover it via this message.
It's not a critical issue, though, IMHO, just trying to be proactive in
tightening security :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
