Security definition is missing, if auth enabled swagger API's won't work

apache / pinot

Apache Pinot - A realtime distributed OLAP datastore

https://pinot.apache.org/

Apache License 2.0

5.31k stars 1.24k forks source link

Security definition is missing, if auth enabled swagger API's won't work #7805

Open kautshukla opened 2 years ago

kautshukla commented 2 years ago

https://github.com/apache/pinot/blob/6b33448da58992773ee23b863da029650e9ec37f/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java#L111

Sol:

ApiKeyAuthDefinition apiKeyAuthDefinition = new ApiKeyAuthDefinition("Authorization", In.HEADER); beanConfig.getSwagger().setSecurityDefinitions(Collections.singletonMap("bearerAuth", apiKeyAuthDefinition));

Jackie-Jiang commented 2 years ago

@apucher Can you please take a look and see if this is the correct fix?

apucher commented 2 years ago

we'll need this in every single starter. I'll look into it

kautshukla commented 2 years ago

@apucher : It just that if auth token is enabled you has to enable security definition on swagger that's in a single place. Because you are expecting headers and resolving through request context but not passing it as didn't added a security context on ControllerAdminApiApplication.java class.

pjpringle commented 11 months ago

Any fix for this? been taking swagger generated curl commands into the console to add the auth token for a year or so now.

Jackie-Jiang commented 11 months ago

@apucher ^^