pac4j: fix incompatible dependencies + authorization regression

extensions-core/druid-pac4j/pom.xml

@@ -38,8 +38,8 @@
 
     <!-- Following must be updated along with any updates to pac4j version -->
     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
-    <nimbus.jose.jwt.version>7.9</nimbus.jose.jwt.version>
-    <oauth2.oidc.sdk.version>6.5</oauth2.oidc.sdk.version>
+    <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
+    <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
   </properties>
 
   <dependencies>

extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java

@@ -29,7 +29,11 @@
 import org.pac4j.core.engine.DefaultCallbackLogic;
 import org.pac4j.core.engine.DefaultSecurityLogic;
 import org.pac4j.core.engine.SecurityLogic;
+import org.pac4j.core.exception.TechnicalException;
 import org.pac4j.core.exception.http.HttpAction;
+import org.pac4j.core.exception.http.RedirectionAction;
+import org.pac4j.core.exception.http.WithContentAction;
+import org.pac4j.core.exception.http.WithLocationAction;
 import org.pac4j.core.http.adapter.HttpActionAdapter;
 import org.pac4j.core.profile.UserProfile;
 
@@ -48,7 +52,29 @@ public class Pac4jFilter implements Filter
 {
   private static final Logger LOGGER = new Logger(Pac4jFilter.class);
 
-  private static final HttpActionAdapter<String, JEEContext> NOOP_HTTP_ACTION_ADAPTER = (HttpAction code, JEEContext ctx) -> null;
+  private static final HttpActionAdapter<String, JEEContext> HTTP_ACTION_ADAPTER = (HttpAction action, JEEContext context) -> {
+    if (action instanceof RedirectionAction) {
+      int code = action.getCode();
+      HttpServletResponse response = context.getNativeResponse();
+      response.setStatus(code);
+      if (action instanceof WithLocationAction) {
+        WithLocationAction withLocationAction = (WithLocationAction) action;
+        context.setResponseHeader("Location", withLocationAction.getLocation());
+      } else if (action instanceof WithContentAction) {
+        WithContentAction withContentAction = (WithContentAction) action;
+        String content = withContentAction.getContent();
+        if (content != null) {
+          try {
+            response.getWriter().write(content);
+          }
+          catch (IOException var8) {
+            throw new TechnicalException(var8);
+          }
+        }
+      }
+    }
+    return null;
+  };
 
   private final Config pac4jConfig;
   private final SecurityLogic<String, JEEContext> securityLogic;
@@ -95,7 +121,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
       callbackLogic.perform(
           context,
           pac4jConfig,
-          NOOP_HTTP_ACTION_ADAPTER,
+          HTTP_ACTION_ADAPTER,
           "/",
           true, false, false, null);
     } else {
@@ -110,7 +136,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
               return profiles.iterator().next().getId();
             }
           },
-          NOOP_HTTP_ACTION_ADAPTER,
+          HTTP_ACTION_ADAPTER,
           null, null, null, null);
 
       if (uid != null) {

licenses.yaml

@@ -809,7 +809,7 @@ name: com.nimbusds nimbus-jose-jwt
 license_category: binary
 module: extensions/druid-pac4j
 license_name: Apache License version 2.0
-version: 7.9
+version: 8.22.1
 libraries:
   - com.nimbusds: nimbus-jose-jwt
 
@@ -819,7 +819,7 @@ name: com.nimbusds oauth2-oidc-sdk
 license_category: binary
 module: extensions/druid-pac4j
 license_name: Apache License version 2.0
-version: 6.5
+version: 8.22
 libraries:
   - com.nimbusds: oauth2-oidc-sdk