From 27b35c6948ce954653045c2c3f891f248d6442ac Mon Sep 17 00:00:00 2001 From: Himanshu Gupta Date: Sat, 4 Apr 2020 18:05:15 -0700 Subject: [PATCH] pac4j: be noop if a previous authenticator in chain has successfully authenticated --- .../java/org/apache/druid/security/pac4j/Pac4jFilter.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java b/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java index 7a9eff76b03d..4463e43ca29d 100644 --- a/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java +++ b/extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java @@ -79,6 +79,13 @@ public void init(FilterConfig filterConfig) public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + // If there's already an auth result, then we have authenticated already, skip this or else caller + // could get HTTP redirect even if one of the druid authenticators in chain has successfully authenticated. + if (servletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT) != null) { + filterChain.doFilter(servletRequest, servletResponse); + return; + } + HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse; J2EContext context = new J2EContext(httpServletRequest, httpServletResponse, sessionStore);