lasdf1234 opened a new pull request, #10974: URL: https://github.com/apache/gravitino/pull/10974
### What changes were proposed in this pull request? This PR adds local group resolution for the Basic authentication flow. After the local user is authenticated successfully, Gravitino now loads the user active groups from built-in IdP metadata and stores them in the authenticated `UserPrincipal` for later authorization decisions. ### Why are the changes needed? The local authentication epic needs authenticated local users to carry group information into the existing authorization pipeline. Without this step, later authorization checks cannot evaluate group-based ownership or privileges for Basic-authenticated users. Fix: #10965 ### Does this PR introduce _any_ user-facing change? When local Basic authentication is enabled, authenticated users now carry their resolved local groups into subsequent authorization checks. ### How was this patch tested? ``` export JAVA_HOME=/Library/Java/JavaVirtualMachines/microsoft-17.jdk/Contents/Home export PATH="$JAVA_HOME/bin:$PATH" ./gradlew :server-common:test --tests org.apache.gravitino.server.authentication.TestBasicAuthenticator --tests org.apache.gravitino.server.authentication.TestAuthenticationFilter :core:test --tests org.apache.gravitino.storage.relational.service.TestIdpUserMetaService --tests org.apache.gravitino.storage.relational.service.TestIdpGroupMetaService -PskipITs -PskipDockerTests=true ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
