adutra commented on code in PR #1373:
URL: https://github.com/apache/polaris/pull/1373#discussion_r2047042114
##########
server-templates/api.mustache:
##########
@@ -105,7 +105,8 @@ public class {{classname}} {
@{{httpMethod}}{{#subresourceOperation}}
@Path("{{{path}}}"){{/subresourceOperation}}{{#hasConsumes}}
@Consumes({ {{#consumes}}"{{{mediaType}}}"{{^-last}},
{{/-last}}{{/consumes}} }){{/hasConsumes}}{{#hasProduces}}
- @Produces({ {{#produces}}"{{{mediaType}}}"{{^-last}},
{{/-last}}{{/produces}} }){{/hasProduces}}
+ @Produces({ {{#produces}}"{{{mediaType}}}"{{^-last}},
{{/-last}}{{/produces}} }){{/hasProduces}}{{#hasAuthMethods}}
+
{{#authMethods}}{{#isOAuth}}@RolesAllowed("**"){{/isOAuth}}{{/authMethods}}{{/hasAuthMethods}}
Review Comment:
These are imho different things.
You can return a failed Uni holding an unauthorized error from an auth
mechanism, but that means no other auth mechanism will be attempted. This may
not be desired in Polaris, because imho we are heading towards having many auth
mechanisms, so even if mechanism A cannot authenticate, maybe mechanism B can.
`@RolesAllowed("**")` is a way to say: please authenticate the caller before
invoking this endpoint. Since proactive auth is disabled, no authentication
would happen without this annotation when the endpoint is invoked.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
