Add Config Resource filter to lookup introspection endpoint#6928
Add Config Resource filter to lookup introspection endpoint#6928a2l007 wants to merge 4 commits intoapache:masterfrom
Conversation
|
Good, the resource filter did its job! |
| package org.apache.druid.query.lookup; | ||
|
|
||
| import com.google.inject.Inject; | ||
| import com.sun.jersey.spi.container.ResourceFilters; |
There was a problem hiding this comment.
This import is unused, and is probably related to the CI failure.
There was a problem hiding this comment.
This is actually being used for the ResourceFilters annotation below.
|
It looks like the JerseyTest for |
|
This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 1 week if no further activity occurs. If you think that’s incorrect or this pull request requires a review, please simply write any comment. If closed, you can revive the PR at any time and @mention a reviewer or discuss it on the dev@druid.apache.org list. Thank you for your contributions. |
|
Oops, I didn't realize this PR existed and also fixed this issue in #7222 which has been merged, so this PR can probably be closed. Sorry about that! |
|
No worries. I'm happy that the changes are in. Thanks! |
3 participants
The
/druid/v1/lookups/introspect/{lookupId}endpoint is presently not secured with any ResourceFilter so every request to this endpoint within a secured cluster would result in the following error:io.druid.java.util.common.ISE: Request did not have an authorization check performed.This PR fixes the issue.