adutra commented on code in PR #1397:
URL: https://github.com/apache/polaris/pull/1397#discussion_r2050627200
##########
service/common/src/main/java/org/apache/polaris/service/auth/DefaultActiveRolesProvider.java:
##########
@@ -82,7 +82,9 @@ protected List<PrincipalRoleEntity> loadActivePrincipalRoles(
principal.getId());
throw new NotAuthorizedException("Unable to authenticate");
}
- boolean allRoles =
tokenRoles.contains(BasePolarisAuthenticator.PRINCIPAL_ROLE_ALL);
+
+ // By convention, an empty set means all roles are activated
+ boolean allRoles = tokenRoles.isEmpty();
Review Comment:
As far as I understand this logic, I believe that the old code:
`tokenRoles.contains(BasePolarisAuthenticator.PRINCIPAL_ROLE_ALL)` wasn't
correct, because it is impossible that `tokenRoles` would contain
`"PRINCIPAL_ROLE:ALL"`, since when this pseudo-role is present in the token,
this translates into an empty set.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
