Skip to content

Prefer PolarisPrincipal over SecurityContext #2932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 4, 2025
Merged

Prefer PolarisPrincipal over SecurityContext #2932

merged 1 commit into from
Nov 4, 2025

Conversation

@XN137
Copy link
Contributor

@XN137 XN137 commented Oct 29, 2025
edited
Loading

Follow-up to #2925

The general idea is that SecurityContext comes from jakarta.ws.rs and
there is no reason for non-REST related classes to rely on those details.
Instead, once preprocessing of a REST-request has inferred the
PolarisPrincipal all inner/core code should rely on only that.

Note that this simplifies a bunch of tests that had to create their own
SecurityContext around the principal that they wanted to use, thus
having to decide how to implement isUserInRole and the other methods.

@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Oct 29, 2025
@XN137 XN137 force-pushed the prefer-PolarisPrincipal-over-SecurityContext branch 2 times, most recently from f887829 to 6af7b28 Compare October 31, 2025 10:38
@XN137 XN137 marked this pull request as ready for review October 31, 2025 10:56
dimas-b
dimas-b previously approved these changes Oct 31, 2025
View reviewed changes
Copy link
Contributor

@dimas-b dimas-b left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SecurityContext is an rs-api (Web / REST framework) class, indeed. Consolidating polaris-core dependencies to just PolarisPrincipal looks very reasonable to me 👍

@github-project-automation github-project-automation bot moved this from PRs In Progress to Ready to merge in Basic Kanban Board Oct 31, 2025
@XN137 XN137 force-pushed the prefer-PolarisPrincipal-over-SecurityContext branch from 6af7b28 to c50f042 Compare November 3, 2025 16:47
@XN137
Copy link
Contributor Author

XN137 commented Nov 3, 2025

rebased after trivial merge conflict in:

runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java

dimas-b
dimas-b previously approved these changes Nov 3, 2025
View reviewed changes
@XN137
Prefer PolarisPrincipal over SecurityContext
b162544 
The general idea is that `SecurityContext` comes from `jakarta.ws.rs` and
there is no reason for non-REST related classes to rely on those details.
Instead, once preprocessing of a REST-request has inferred the
`PolarisPrincipal` all inner/core code should rely on only that.

Note that this simplifies a bunch of tests that had to create their own
`SecurityContext` around the principal that they wanted to use, thus
having to decide how to implement `isUserInRole` and the other methods.
@XN137 XN137 force-pushed the prefer-PolarisPrincipal-over-SecurityContext branch from c50f042 to b162544 Compare November 3, 2025 16:56
snazy
snazy approved these changes Nov 3, 2025
View reviewed changes
Copy link
Member

@snazy snazy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Boring - I like it :)

adnanhemani
adnanhemani approved these changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@adnanhemani adnanhemani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@adutra adutra merged commit f934443 into apache:main Nov 4, 2025
15 checks passed
@github-project-automation github-project-automation bot moved this from Ready to merge to Done in Basic Kanban Board Nov 4, 2025
@XN137 XN137 deleted the prefer-PolarisPrincipal-over-SecurityContext branch November 4, 2025 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@snazy snazy snazy approved these changes

@dimas-b dimas-b dimas-b approved these changes

@dennishuo dennishuo Awaiting requested review from dennishuo

@collado-mike collado-mike Awaiting requested review from collado-mike

+1 more reviewer

@adnanhemani adnanhemani adnanhemani approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@XN137 @snazy @adnanhemani @dimas-b @adutra