From da94002bd1d86a5aecd8e22afdfba8798733e66d Mon Sep 17 00:00:00 2001 From: Alexandre Dutra Date: Mon, 14 Apr 2025 22:08:55 +0200 Subject: [PATCH 1/2] Replace authentication filters with Quarkus Security --- .../src/main/resources/application.properties | 2 + quarkus/service/build.gradle.kts | 1 + .../quarkus/auth/ActiveRolesAugmentor.java | 67 ++++++++++++++ .../auth/PolarisAuthenticationMechanism.java | 92 +++++++++++++++++++ .../quarkus/auth/PolarisIdentityProvider.java | 80 ++++++++++++++++ server-templates/api.mustache | 3 +- .../auth/DefaultActiveRolesProvider.java | 7 +- .../PolarisPrincipalAuthenticatorFilter.java | 89 ------------------ .../PolarisPrincipalRolesProviderFilter.java | 79 ---------------- .../config/PolarisFilterPriorities.java | 2 - 10 files changed, 247 insertions(+), 175 deletions(-) create mode 100644 quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/ActiveRolesAugmentor.java create mode 100644 quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java create mode 100644 quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisIdentityProvider.java delete mode 100644 service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalAuthenticatorFilter.java delete mode 100644 service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalRolesProviderFilter.java diff --git a/quarkus/defaults/src/main/resources/application.properties b/quarkus/defaults/src/main/resources/application.properties index 0cd79eadae..f7535f3231 100644 --- a/quarkus/defaults/src/main/resources/application.properties +++ b/quarkus/defaults/src/main/resources/application.properties @@ -39,6 +39,8 @@ quarkus.config.mapping.validate-unknown=true quarkus.http.access-log.enabled=true # quarkus.http.access-log.pattern=common +# Cannot use proactive authentication since Polaris requires CDI request context for authentication +quarkus.http.auth.proactive=false quarkus.http.body.handle-file-uploads=false quarkus.http.limits.max-body-size=10240K diff --git a/quarkus/service/build.gradle.kts b/quarkus/service/build.gradle.kts index 025a8156f0..32d7ab421b 100644 --- a/quarkus/service/build.gradle.kts +++ b/quarkus/service/build.gradle.kts @@ -53,6 +53,7 @@ dependencies { implementation("io.quarkus:quarkus-micrometer") implementation("io.quarkus:quarkus-micrometer-registry-prometheus") implementation("io.quarkus:quarkus-opentelemetry") + implementation("io.quarkus:quarkus-security") implementation("io.quarkus:quarkus-smallrye-context-propagation") implementation(libs.jakarta.enterprise.cdi.api) diff --git a/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/ActiveRolesAugmentor.java b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/ActiveRolesAugmentor.java new file mode 100644 index 0000000000..b19c93e39c --- /dev/null +++ b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/ActiveRolesAugmentor.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.service.quarkus.auth; + +import io.quarkus.security.AuthenticationFailedException; +import io.quarkus.security.identity.AuthenticationRequestContext; +import io.quarkus.security.identity.SecurityIdentity; +import io.quarkus.security.identity.SecurityIdentityAugmentor; +import io.quarkus.security.runtime.QuarkusSecurityIdentity; +import io.smallrye.mutiny.Uni; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import java.util.Set; +import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; +import org.apache.polaris.service.auth.ActiveRolesProvider; + +/** + * A custom {@link SecurityIdentityAugmentor} that adds active roles to the {@link + * SecurityIdentity}. This is used to augment the identity with active roles after authentication. + */ +@ApplicationScoped +public class ActiveRolesAugmentor implements SecurityIdentityAugmentor { + + @Inject ActiveRolesProvider activeRolesProvider; + + @Override + public Uni augment( + SecurityIdentity identity, AuthenticationRequestContext context) { + if (identity.isAnonymous()) { + return Uni.createFrom().item(identity); + } + return context.runBlocking(() -> augmentWithActiveRoles(identity)); + } + + private SecurityIdentity augmentWithActiveRoles(SecurityIdentity identity) { + AuthenticatedPolarisPrincipal polarisPrincipal = + identity.getPrincipal(AuthenticatedPolarisPrincipal.class); + if (polarisPrincipal == null) { + throw new AuthenticationFailedException("No Polaris principal found"); + } + Set validRoleNames = activeRolesProvider.getActiveRoles(polarisPrincipal); + return QuarkusSecurityIdentity.builder() + .setAnonymous(false) + .setPrincipal(polarisPrincipal) + .addRoles(validRoleNames) + .addCredentials(identity.getCredentials()) + .addAttributes(identity.getAttributes()) + .addPermissionChecker(identity::checkPermission) + .build(); + } +} diff --git a/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java new file mode 100644 index 0000000000..e00d05c303 --- /dev/null +++ b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.service.quarkus.auth; + +import io.netty.handler.codec.http.HttpHeaderNames; +import io.netty.handler.codec.http.HttpResponseStatus; +import io.quarkus.security.credential.TokenCredential; +import io.quarkus.security.identity.IdentityProviderManager; +import io.quarkus.security.identity.SecurityIdentity; +import io.quarkus.security.identity.request.AuthenticationRequest; +import io.quarkus.security.identity.request.TokenAuthenticationRequest; +import io.quarkus.vertx.http.runtime.security.ChallengeData; +import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism; +import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport; +import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils; +import io.smallrye.mutiny.Uni; +import io.vertx.ext.web.RoutingContext; +import jakarta.annotation.Priority; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.enterprise.inject.Alternative; +import java.util.Collections; +import java.util.Set; + +/** A custom {@link HttpAuthenticationMechanism} that handles Polaris token authentication. */ +@ApplicationScoped +@Alternative +@Priority(1) +public class PolarisAuthenticationMechanism implements HttpAuthenticationMechanism { + + private static final String BEARER = "Bearer"; + + @Override + public Uni authenticate( + RoutingContext context, IdentityProviderManager identityProviderManager) { + + String authHeader = context.request().getHeader("Authorization"); + if (authHeader == null) { + return Uni.createFrom().nullItem(); + } + + int spaceIdx = authHeader.indexOf(' '); + if (spaceIdx <= 0 || !authHeader.substring(0, spaceIdx).equalsIgnoreCase(BEARER)) { + return Uni.createFrom().nullItem(); + } + + String credential = authHeader.substring(spaceIdx + 1); + return identityProviderManager.authenticate( + HttpSecurityUtils.setRoutingContextAttribute( + new TokenAuthenticationRequest(new PolarisTokenCredential(credential)), context)); + } + + @Override + public Uni getChallenge(RoutingContext context) { + ChallengeData result = + new ChallengeData( + HttpResponseStatus.UNAUTHORIZED.code(), HttpHeaderNames.WWW_AUTHENTICATE, BEARER); + return Uni.createFrom().item(result); + } + + @Override + public Set> getCredentialTypes() { + return Collections.singleton(TokenAuthenticationRequest.class); + } + + @Override + public Uni getCredentialTransport(RoutingContext context) { + return Uni.createFrom() + .item(new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, BEARER)); + } + + static class PolarisTokenCredential extends TokenCredential { + PolarisTokenCredential(String credential) { + super(credential, "bearer"); + } + } +} diff --git a/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisIdentityProvider.java b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisIdentityProvider.java new file mode 100644 index 0000000000..c3994a9ea6 --- /dev/null +++ b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisIdentityProvider.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.service.quarkus.auth; + +import io.quarkus.security.AuthenticationFailedException; +import io.quarkus.security.identity.AuthenticationRequestContext; +import io.quarkus.security.identity.IdentityProvider; +import io.quarkus.security.identity.SecurityIdentity; +import io.quarkus.security.identity.request.TokenAuthenticationRequest; +import io.quarkus.security.runtime.QuarkusSecurityIdentity; +import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils; +import io.smallrye.mutiny.Uni; +import io.vertx.ext.web.RoutingContext; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.ws.rs.NotAuthorizedException; +import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; +import org.apache.polaris.service.auth.Authenticator; +import org.apache.polaris.service.quarkus.auth.PolarisAuthenticationMechanism.PolarisTokenCredential; + +/** A custom {@link IdentityProvider} that handles Polaris token authentication requests. */ +@ApplicationScoped +public class PolarisIdentityProvider implements IdentityProvider { + + @Inject Authenticator authenticator; + + @Override + public Class getRequestType() { + return TokenAuthenticationRequest.class; + } + + @Override + public Uni authenticate( + TokenAuthenticationRequest request, AuthenticationRequestContext context) { + if (!(request.getToken() instanceof PolarisTokenCredential)) { + return Uni.createFrom().nullItem(); + } + return context.runBlocking(() -> createSecurityIdentity(request, authenticator)); + } + + public SecurityIdentity createSecurityIdentity( + TokenAuthenticationRequest request, + Authenticator authenticator) { + try { + AuthenticatedPolarisPrincipal principal = + authenticator + .authenticate(request.getToken().getToken()) + .orElseThrow(() -> new NotAuthorizedException("Authentication failed")); + QuarkusSecurityIdentity.Builder builder = + QuarkusSecurityIdentity.builder() + .setPrincipal(principal) + .addCredential(request.getToken()) + .addRoles(principal.getActivatedPrincipalRoleNames()) + .addAttribute(SecurityIdentity.USER_ATTRIBUTE, principal); + RoutingContext routingContext = HttpSecurityUtils.getRoutingContextAttribute(request); + if (routingContext != null) { + builder.addAttribute(RoutingContext.class.getName(), routingContext); + } + return builder.build(); + } catch (RuntimeException e) { + throw new AuthenticationFailedException(e); + } + } +} diff --git a/server-templates/api.mustache b/server-templates/api.mustache index c0d2c06cce..c5f8123d86 100644 --- a/server-templates/api.mustache +++ b/server-templates/api.mustache @@ -105,7 +105,8 @@ public class {{classname}} { @{{httpMethod}}{{#subresourceOperation}} @Path("{{{path}}}"){{/subresourceOperation}}{{#hasConsumes}} @Consumes({ {{#consumes}}"{{{mediaType}}}"{{^-last}}, {{/-last}}{{/consumes}} }){{/hasConsumes}}{{#hasProduces}} - @Produces({ {{#produces}}"{{{mediaType}}}"{{^-last}}, {{/-last}}{{/produces}} }){{/hasProduces}} + @Produces({ {{#produces}}"{{{mediaType}}}"{{^-last}}, {{/-last}}{{/produces}} }){{/hasProduces}}{{#hasAuthMethods}} + {{#authMethods}}{{#isOAuth}}@RolesAllowed("**"){{/isOAuth}}{{/authMethods}}{{/hasAuthMethods}} @Timed("{{metricsPrefix}}.{{baseName}}.{{nickname}}") public Response {{nickname}}({{#isMultipart}}MultipartFormDataInput input,{{/isMultipart}}{{#allParams}}{{>queryParams}}{{>pathParams}}{{>headerParams}}{{>bodyParams}}{{^isMultipart}}{{>formParams}},{{/isMultipart}}{{#isMultipart}}{{^isFormParam}},{{/isFormParam}}{{/isMultipart}}{{/allParams}}@Context @MeterTag(key="realm_id",expression="realmIdentifier") RealmContext realmContext,@Context SecurityContext securityContext) { {{! Don't log form or header params in case there are secrets, e.g., OAuth tokens }} diff --git a/service/common/src/main/java/org/apache/polaris/service/auth/DefaultActiveRolesProvider.java b/service/common/src/main/java/org/apache/polaris/service/auth/DefaultActiveRolesProvider.java index ba0444ac36..43d960c414 100644 --- a/service/common/src/main/java/org/apache/polaris/service/auth/DefaultActiveRolesProvider.java +++ b/service/common/src/main/java/org/apache/polaris/service/auth/DefaultActiveRolesProvider.java @@ -29,7 +29,6 @@ import org.apache.polaris.core.PolarisCallContext; import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; import org.apache.polaris.core.context.CallContext; -import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.entity.PolarisEntity; import org.apache.polaris.core.entity.PolarisEntityType; import org.apache.polaris.core.entity.PrincipalRoleEntity; @@ -51,7 +50,7 @@ public class DefaultActiveRolesProvider implements ActiveRolesProvider { private static final Logger LOGGER = LoggerFactory.getLogger(DefaultActiveRolesProvider.class); - @Inject RealmContext realmContext; + @Inject CallContext callContext; @Inject MetaStoreManagerFactory metaStoreManagerFactory; @Override @@ -60,13 +59,13 @@ public Set getActiveRoles(AuthenticatedPolarisPrincipal principal) { loadActivePrincipalRoles( principal.getActivatedPrincipalRoleNames(), principal.getPrincipalEntity(), - metaStoreManagerFactory.getOrCreateMetaStoreManager(realmContext)); + metaStoreManagerFactory.getOrCreateMetaStoreManager(callContext.getRealmContext())); return activeRoles.stream().map(PrincipalRoleEntity::getName).collect(Collectors.toSet()); } protected List loadActivePrincipalRoles( Set tokenRoles, PolarisEntity principal, PolarisMetaStoreManager metaStoreManager) { - PolarisCallContext polarisContext = CallContext.getCurrentContext().getPolarisCallContext(); + PolarisCallContext polarisContext = callContext.getPolarisCallContext(); LoadGrantsResult principalGrantResults = metaStoreManager.loadGrantsToGrantee(polarisContext, principal); polarisContext diff --git a/service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalAuthenticatorFilter.java b/service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalAuthenticatorFilter.java deleted file mode 100644 index 27fc6d312b..0000000000 --- a/service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalAuthenticatorFilter.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.polaris.service.auth; - -import jakarta.annotation.Priority; -import jakarta.enterprise.context.ApplicationScoped; -import jakarta.inject.Inject; -import jakarta.ws.rs.NotAuthorizedException; -import jakarta.ws.rs.container.ContainerRequestContext; -import jakarta.ws.rs.container.ContainerRequestFilter; -import jakarta.ws.rs.container.PreMatching; -import jakarta.ws.rs.core.SecurityContext; -import jakarta.ws.rs.ext.Provider; -import java.security.Principal; -import java.util.Optional; -import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; -import org.apache.polaris.service.config.PolarisFilterPriorities; - -@PreMatching -@Priority(PolarisFilterPriorities.AUTHENTICATOR_FILTER) -@ApplicationScoped -@Provider -public class PolarisPrincipalAuthenticatorFilter implements ContainerRequestFilter { - - @Inject Authenticator authenticator; - - @Override - public void filter(ContainerRequestContext requestContext) { - - // anonymous paths - if (requestContext.getUriInfo().getPath().equals("/api/catalog/v1/oauth/tokens")) { - return; - } - - String authHeader = requestContext.getHeaderString("Authorization"); - - if (authHeader == null) { - throw new NotAuthorizedException("Authorization header is missing"); - } - int spaceIdx = authHeader.indexOf(' '); - if (spaceIdx <= 0 || !authHeader.substring(0, spaceIdx).equalsIgnoreCase("Bearer")) { - throw new NotAuthorizedException("Authorization header is not a Bearer token"); - } - String credential = authHeader.substring(spaceIdx + 1); - Optional principal = authenticator.authenticate(credential); - if (principal.isEmpty()) { - throw new NotAuthorizedException("Unable to authenticate"); - } - SecurityContext securityContext = requestContext.getSecurityContext(); - requestContext.setSecurityContext( - new SecurityContext() { - @Override - public Principal getUserPrincipal() { - return principal.get(); - } - - @Override - public boolean isUserInRole(String role) { - return securityContext.isUserInRole(role); - } - - @Override - public boolean isSecure() { - return securityContext.isSecure(); - } - - @Override - public String getAuthenticationScheme() { - return securityContext.getAuthenticationScheme(); - } - }); - } -} diff --git a/service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalRolesProviderFilter.java b/service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalRolesProviderFilter.java deleted file mode 100644 index 255f9b222f..0000000000 --- a/service/common/src/main/java/org/apache/polaris/service/auth/PolarisPrincipalRolesProviderFilter.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.polaris.service.auth; - -import jakarta.annotation.Priority; -import jakarta.enterprise.context.RequestScoped; -import jakarta.inject.Inject; -import jakarta.ws.rs.container.ContainerRequestContext; -import jakarta.ws.rs.container.ContainerRequestFilter; -import jakarta.ws.rs.container.PreMatching; -import jakarta.ws.rs.core.SecurityContext; -import jakarta.ws.rs.ext.Provider; -import java.security.Principal; -import java.util.Set; -import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; -import org.apache.polaris.service.config.PolarisFilterPriorities; - -@PreMatching -@Priority(PolarisFilterPriorities.ROLES_PROVIDER_FILTER) -@RequestScoped -@Provider -public class PolarisPrincipalRolesProviderFilter implements ContainerRequestFilter { - - @Inject ActiveRolesProvider activeRolesProvider; - - @Override - public void filter(ContainerRequestContext requestContext) { - AuthenticatedPolarisPrincipal polarisPrincipal = - (AuthenticatedPolarisPrincipal) requestContext.getSecurityContext().getUserPrincipal(); - if (polarisPrincipal == null) { - return; - } - SecurityContext securityContext = - createSecurityContext(requestContext.getSecurityContext(), polarisPrincipal); - requestContext.setSecurityContext(securityContext); - } - - public SecurityContext createSecurityContext( - SecurityContext ctx, AuthenticatedPolarisPrincipal principal) { - Set validRoleNames = activeRolesProvider.getActiveRoles(principal); - return new SecurityContext() { - @Override - public Principal getUserPrincipal() { - return principal; - } - - @Override - public boolean isUserInRole(String role) { - return validRoleNames.contains(role); - } - - @Override - public boolean isSecure() { - return ctx.isSecure(); - } - - @Override - public String getAuthenticationScheme() { - return ctx.getAuthenticationScheme(); - } - }; - } -} diff --git a/service/common/src/main/java/org/apache/polaris/service/config/PolarisFilterPriorities.java b/service/common/src/main/java/org/apache/polaris/service/config/PolarisFilterPriorities.java index 621da3e3cc..ecce24e026 100644 --- a/service/common/src/main/java/org/apache/polaris/service/config/PolarisFilterPriorities.java +++ b/service/common/src/main/java/org/apache/polaris/service/config/PolarisFilterPriorities.java @@ -22,7 +22,5 @@ public final class PolarisFilterPriorities { public static final int REALM_CONTEXT_FILTER = Priorities.AUTHENTICATION - 100; - public static final int AUTHENTICATOR_FILTER = Priorities.AUTHENTICATION; - public static final int ROLES_PROVIDER_FILTER = Priorities.AUTHENTICATION + 1; public static final int RATE_LIMITER_FILTER = Priorities.USER; } From a0d94e00842c7c0f428d79ed2c4a7f9e16548b46 Mon Sep 17 00:00:00 2001 From: Alexandre Dutra Date: Wed, 16 Apr 2025 16:18:05 +0200 Subject: [PATCH 2/2] review --- .../service/quarkus/auth/PolarisAuthenticationMechanism.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java index e00d05c303..e52e8b9f5b 100644 --- a/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java +++ b/quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/PolarisAuthenticationMechanism.java @@ -31,16 +31,12 @@ import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils; import io.smallrye.mutiny.Uni; import io.vertx.ext.web.RoutingContext; -import jakarta.annotation.Priority; import jakarta.enterprise.context.ApplicationScoped; -import jakarta.enterprise.inject.Alternative; import java.util.Collections; import java.util.Set; /** A custom {@link HttpAuthenticationMechanism} that handles Polaris token authentication. */ @ApplicationScoped -@Alternative -@Priority(1) public class PolarisAuthenticationMechanism implements HttpAuthenticationMechanism { private static final String BEARER = "Bearer";