pac4j: fix incompatible dependencies + authorization regression

extensions-core/druid-pac4j/pom.xml

@@ -38,8 +38,8 @@
 
     <!-- Following must be updated along with any updates to pac4j version -->
     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
-    <nimbus.jose.jwt.version>7.9</nimbus.jose.jwt.version>
-    <oauth2.oidc.sdk.version>6.5</oauth2.oidc.sdk.version>
+    <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
+    <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
   </properties>
 
   <dependencies>

extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java

@@ -29,8 +29,8 @@
 import org.pac4j.core.engine.DefaultCallbackLogic;
 import org.pac4j.core.engine.DefaultSecurityLogic;
 import org.pac4j.core.engine.SecurityLogic;
-import org.pac4j.core.exception.http.HttpAction;
 import org.pac4j.core.http.adapter.HttpActionAdapter;
+import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
 import org.pac4j.core.profile.UserProfile;
 
 import javax.servlet.Filter;
@@ -48,11 +48,12 @@ public class Pac4jFilter implements Filter
 {
   private static final Logger LOGGER = new Logger(Pac4jFilter.class);
 
-  private static final HttpActionAdapter<String, JEEContext> NOOP_HTTP_ACTION_ADAPTER = (HttpAction code, JEEContext ctx) -> null;
+  // JEE_HTTP_ACTION_ADAPTER updates the response in the context according to the HTTPAction.
+  private static final HttpActionAdapter<Object, JEEContext> JEE_HTTP_ACTION_ADAPTER = new JEEHttpActionAdapter();
 
   private final Config pac4jConfig;
-  private final SecurityLogic<String, JEEContext> securityLogic;
-  private final CallbackLogic<String, JEEContext> callbackLogic;
+  private final SecurityLogic<Object, JEEContext> securityLogic;
+  private final CallbackLogic<Object, JEEContext> callbackLogic;
   private final SessionStore<JEEContext> sessionStore;
 
   private final String name;
@@ -95,11 +96,11 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
       callbackLogic.perform(
           context,
           pac4jConfig,
-          NOOP_HTTP_ACTION_ADAPTER,
+          JEE_HTTP_ACTION_ADAPTER,
           "/",
           true, false, false, null);
     } else {
-      String uid = securityLogic.perform(
+      Object uid = securityLogic.perform(
           context,
           pac4jConfig,
           (JEEContext ctx, Collection<UserProfile> profiles, Object... parameters) -> {
@@ -110,11 +111,11 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
               return profiles.iterator().next().getId();
             }
           },
-          NOOP_HTTP_ACTION_ADAPTER,
-          null, null, null, null);
+          JEE_HTTP_ACTION_ADAPTER,
+          null, "none", null, null);
 
       if (uid != null) {
-        AuthenticationResult authenticationResult = new AuthenticationResult(uid, authorizerName, name, null);
+        AuthenticationResult authenticationResult = new AuthenticationResult(uid.toString(), authorizerName, name, null);
         servletRequest.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, authenticationResult);
         filterChain.doFilter(servletRequest, servletResponse);
       }

licenses.yaml

@@ -809,7 +809,7 @@ name: com.nimbusds nimbus-jose-jwt
 license_category: binary
 module: extensions/druid-pac4j
 license_name: Apache License version 2.0
-version: 7.9
+version: 8.22.1
 libraries:
   - com.nimbusds: nimbus-jose-jwt
 
@@ -819,7 +819,7 @@ name: com.nimbusds oauth2-oidc-sdk
 license_category: binary
 module: extensions/druid-pac4j
 license_name: Apache License version 2.0
-version: 6.5
+version: 8.22
 libraries:
   - com.nimbusds: oauth2-oidc-sdk