dongxiaoman commented on code in PR #9391:
URL: https://github.com/apache/pinot/pull/9391#discussion_r972167421
##########
pinot-broker/src/main/java/org/apache/pinot/broker/api/AccessControl.java:
##########
@@ -47,4 +47,13 @@ default boolean hasAccess(RequesterIdentity
requesterIdentity) {
* @return {@code true} if authorized, {@code false} otherwise
*/
boolean hasAccess(RequesterIdentity requesterIdentity, BrokerRequest
brokerRequest);
+
+ /**
+ * Determine whether authentication is required for annotated (controller)
endpoints only
Review Comment:
Broker endpoints like `client/sql` (the one taking SQL queries) are doing
access controls inside the endpoint. The endpoints takes one
AccessControlFactory, and then calls AccessControl interface actively to verify.
There is no need for those endpoints to be verified twice since they have
access control baked in it already.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
