Re: Switch to Quarkus Security

2025-04-18 Thread Alex Dutra
Hi, Thanks to all of you who reviewed PR 1! Here is PR 2, introducing support for external IDPs: https://github.com/apache/polaris/pull/1397 I included detailed explanations and examples in the PR. Thanks, Alex On Thu, Apr 17, 2025 at 12:42 AM Michael Collado wrote: > Very slick. Thanks fo

Re: Switch to Quarkus Security

2025-04-16 Thread Michael Collado
Very slick. Thanks for the extra flexibility. Looking forward to the PR Mike On Wed, Apr 16, 2025 at 12:54 PM Alex Dutra wrote: > Hi again, > > As a follow-up, I was able today to make it possible for each realm to be > dynamically authenticated by either the internal token endpoint, or any of

Re: Switch to Quarkus Security

2025-04-16 Thread Alex Dutra
Hi again, As a follow-up, I was able today to make it possible for each realm to be dynamically authenticated by either the internal token endpoint, or any of the configured OIDC tenants. So, I take back my previous statement about the impossibility to mix internal and external authentication for

Re: Switch to Quarkus Security

2025-04-16 Thread Alex Dutra
Hi Mike, My current work makes it possible to define if the authentication is *internal* (using the internal token endpoint + custom auth mechanism) or *external* (using an external IDP + Quarkus OIDC extension). Furthermore, the authentication can be defined on a global level, *then overridden o

Re: Switch to Quarkus Security

2025-04-15 Thread Michael Collado
Hi Alex I'm going through the PR now and I think the Quarkus security approach seems fine. I was actually thinking of working on this previously myself. > This shall be done by implementing a new HttpAuthenticationMechanism that will pick the right authentication mechanism (internal token broker

Re: Switch to Quarkus Security

2025-04-15 Thread Alex Dutra
Hi, Here is the first PR then: https://github.com/apache/polaris/pull/1373 I will start working on the second PR, but since it builds on top of the first one, we'd need to review & approve it first. Thanks, Alex On Tue, Apr 15, 2025 at 12:49 PM Robert Stupp wrote: > +1 > > The plan is sound

Re: Switch to Quarkus Security

2025-04-15 Thread Jean-Baptiste Onofré
Hi Alex, It sounds like a good plan :) Thanks ! Regards JB On Mon, Apr 14, 2025 at 10:50 PM Alex Dutra wrote: > > Hi all, > > A recently-reported bug [1] uncovered some serious issues with the JAX-RS > authentication filters. Fixing this bug requires replacing the incriminated > filters with pr

Re: Switch to Quarkus Security

2025-04-15 Thread Robert Stupp
+1 The plan is sound! On 14.04.25 23:15, Dmitri Bourlatchkov wrote: This plan SGTM! Thanks for working on this, Alex! Cheers, Dmitri. On Mon, Apr 14, 2025 at 4:52 PM Alex Dutra wrote: Hi all, A recently-reported bug [1] uncovered some serious issues with the JAX-RS authentication filters.

Switch to Quarkus Security

2025-04-14 Thread Alex Dutra
Hi all, A recently-reported bug [1] uncovered some serious issues with the JAX-RS authentication filters. Fixing this bug requires replacing the incriminated filters with proper Quarkus Security mechanisms. In parallel to that, support for external identity providers has been requested many times

Re: Switch to Quarkus Security

2025-04-14 Thread Dmitri Bourlatchkov
This plan SGTM! Thanks for working on this, Alex! Cheers, Dmitri. On Mon, Apr 14, 2025 at 4:52 PM Alex Dutra wrote: > Hi all, > > A recently-reported bug [1] uncovered some serious issues with the JAX-RS > authentication filters. Fixing this bug requires replacing the incriminated > filters wit