roryqi commented on code in PR #10586:
URL: https://github.com/apache/gravitino/pull/10586#discussion_r3031275253
##########
core/src/main/java/org/apache/gravitino/utils/PrincipalUtils.java:
##########
@@ -31,11 +33,18 @@
@SuppressWarnings("removal")
public class PrincipalUtils {
-
private static final Logger LOG =
LoggerFactory.getLogger(PrincipalUtils.class);
private PrincipalUtils() {}
+ public static final Principal ANONYMOUS_PRINCIPAL =
+ new UserPrincipal(
+ AuthConstants.ANONYMOUS_USER,
+ AuthConstants.AUTHORIZATION_BASIC_HEADER
Review Comment:
Anonymous requests are only allowed in the simple mode. The simple mode
isn't safe. So it's ok to send a fabricated auth header.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
