apache
diff --git a/‎runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java‎
Lines changed: 4 additions & 0 deletions b/‎runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java‎
Lines changed: 6 additions & 85 deletions b/‎runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java‎
Lines changed: 6 additions & 85 deletions
@@ -24,6 +24,8 @@
 import com.google.common.base.Strings;
 import jakarta.annotation.Nonnull;
 import jakarta.annotation.Nullable;
+import jakarta.enterprise.context.RequestScoped;
+import jakarta.inject.Inject;
 import jakarta.validation.constraints.NotNull;
 import jakarta.ws.rs.core.SecurityContext;
 import java.util.ArrayList;
@@ -135,6 +137,7 @@
  * provide different implementations of PolarisEntityManager to abstract away the implementation of
  * the persistence layer.
  */
+@RequestScoped
 public class PolarisAdminService {
   private static final Logger LOGGER = LoggerFactory.getLogger(PolarisAdminService.class);
 
@@ -151,6 +154,7 @@ public class PolarisAdminService {
   // Initialized in the authorize methods.
   private PolarisResolutionManifest resolutionManifest = null;
 
+  @Inject
   public PolarisAdminService(
       @NotNull PolarisDiagnostics diagnostics,
       @NotNull CallContext callContext,
 
@@ -27,9 +27,7 @@
 import java.util.Locale;
 import org.apache.iceberg.catalog.Namespace;
 import org.apache.iceberg.catalog.TableIdentifier;
-import org.apache.iceberg.exceptions.NotAuthorizedException;
 import org.apache.iceberg.rest.responses.ErrorResponse;
-import org.apache.polaris.core.PolarisDiagnostics;
 import org.apache.polaris.core.admin.model.AddGrantRequest;
 import org.apache.polaris.core.admin.model.AuthenticationParameters;
 import org.apache.polaris.core.admin.model.AwsStorageConfigInfo;
@@ -64,24 +62,16 @@
 import org.apache.polaris.core.admin.model.UpdatePrincipalRequest;
 import org.apache.polaris.core.admin.model.UpdatePrincipalRoleRequest;
 import org.apache.polaris.core.admin.model.ViewGrant;
-import org.apache.polaris.core.auth.PolarisAuthorizer;
-import org.apache.polaris.core.auth.PolarisPrincipal;
 import org.apache.polaris.core.config.FeatureConfiguration;
 import org.apache.polaris.core.config.RealmConfig;
-import org.apache.polaris.core.context.CallContext;
 import org.apache.polaris.core.context.RealmContext;
 import org.apache.polaris.core.entity.CatalogEntity;
 import org.apache.polaris.core.entity.CatalogRoleEntity;
 import org.apache.polaris.core.entity.PolarisPrivilege;
 import org.apache.polaris.core.entity.PrincipalEntity;
 import org.apache.polaris.core.entity.PrincipalRoleEntity;
-import org.apache.polaris.core.persistence.MetaStoreManagerFactory;
-import org.apache.polaris.core.persistence.PolarisMetaStoreManager;
 import org.apache.polaris.core.persistence.dao.entity.BaseResult;
 import org.apache.polaris.core.persistence.dao.entity.PrivilegeResult;
-import org.apache.polaris.core.persistence.resolver.ResolutionManifestFactory;
-import org.apache.polaris.core.secrets.UserSecretsManager;
-import org.apache.polaris.core.secrets.UserSecretsManagerFactory;
 import org.apache.polaris.service.admin.api.PolarisCatalogsApiService;
 import org.apache.polaris.service.admin.api.PolarisPrincipalRolesApiService;
 import org.apache.polaris.service.admin.api.PolarisPrincipalsApiService;
@@ -99,57 +89,21 @@ public class PolarisServiceImpl
         PolarisPrincipalsApiService,
         PolarisPrincipalRolesApiService {
   private static final Logger LOGGER = LoggerFactory.getLogger(PolarisServiceImpl.class);
-  private final PolarisDiagnostics diagnostics;
-  private final ResolutionManifestFactory resolutionManifestFactory;
-  private final PolarisAuthorizer polarisAuthorizer;
-  private final MetaStoreManagerFactory metaStoreManagerFactory;
-  private final UserSecretsManagerFactory userSecretsManagerFactory;
-  private final CallContext callContext;
   private final RealmConfig realmConfig;
   private final ReservedProperties reservedProperties;
   private final PolarisEventListener polarisEventListener;
+  private final PolarisAdminService adminService;
 
   @Inject
   public PolarisServiceImpl(
-      PolarisDiagnostics diagnostics,
-      ResolutionManifestFactory resolutionManifestFactory,
-      MetaStoreManagerFactory metaStoreManagerFactory,
-      UserSecretsManagerFactory userSecretsManagerFactory,
-      PolarisAuthorizer polarisAuthorizer,
-      CallContext callContext,
+      RealmConfig realmConfig,
       ReservedProperties reservedProperties,
-      PolarisEventListener polarisEventListener) {
-    this.diagnostics = diagnostics;
-    this.resolutionManifestFactory = resolutionManifestFactory;
-    this.metaStoreManagerFactory = metaStoreManagerFactory;
-    this.userSecretsManagerFactory = userSecretsManagerFactory;
-    this.polarisAuthorizer = polarisAuthorizer;
-    this.callContext = callContext;
-    this.realmConfig = callContext.getRealmConfig();
+      PolarisEventListener polarisEventListener,
+      PolarisAdminService adminService) {
+    this.realmConfig = realmConfig;
     this.reservedProperties = reservedProperties;
     this.polarisEventListener = polarisEventListener;
-  }
-
-  private PolarisAdminService newAdminService(
-      RealmContext realmContext, SecurityContext securityContext) {
-    PolarisPrincipal authenticatedPrincipal = (PolarisPrincipal) securityContext.getUserPrincipal();
-    if (authenticatedPrincipal == null) {
-      throw new NotAuthorizedException("Failed to find authenticatedPrincipal in SecurityContext");
-    }
-
-    PolarisMetaStoreManager metaStoreManager =
-        metaStoreManagerFactory.getOrCreateMetaStoreManager(realmContext);
-    UserSecretsManager userSecretsManager =
-        userSecretsManagerFactory.getOrCreateUserSecretsManager(realmContext);
-    return new PolarisAdminService(
-        diagnostics,
-        callContext,
-        resolutionManifestFactory,
-        metaStoreManager,
-        userSecretsManager,
-        securityContext,
-        polarisAuthorizer,
-        reservedProperties);
+    this.adminService = adminService;
   }
 
   private static Response toResponse(BaseResult result, Response.Status successStatus) {
@@ -172,7 +126,6 @@ private static Response toResponse(BaseResult result, Response.Status successSta
   @Override
   public Response createCatalog(
       CreateCatalogRequest request, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     Catalog catalog = request.getCatalog();
     validateStorageConfig(catalog.getStorageConfigInfo());
     validateExternalCatalog(catalog);
@@ -259,7 +212,6 @@ private void validateAuthenticationParameters(AuthenticationParameters authentic
   @Override
   public Response deleteCatalog(
       String catalogName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     adminService.deleteCatalog(catalogName);
     return Response.status(Response.Status.NO_CONTENT).build();
   }
@@ -268,7 +220,6 @@ public Response deleteCatalog(
   @Override
   public Response getCatalog(
       String catalogName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(adminService.getCatalog(catalogName).asCatalog()).build();
   }
 
@@ -279,7 +230,6 @@ public Response updateCatalog(
       UpdateCatalogRequest updateRequest,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     if (updateRequest.getStorageConfigInfo() != null) {
       validateStorageConfig(updateRequest.getStorageConfigInfo());
     }
@@ -289,7 +239,6 @@ public Response updateCatalog(
   /** From PolarisCatalogsApiService */
   @Override
   public Response listCatalogs(RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<Catalog> catalogList = adminService.listCatalogs();
     Catalogs catalogs = new Catalogs(catalogList);
     LOGGER.debug("listCatalogs returning: {}", catalogs);
@@ -300,7 +249,6 @@ public Response listCatalogs(RealmContext realmContext, SecurityContext security
   @Override
   public Response createPrincipal(
       CreatePrincipalRequest request, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrincipalEntity principal =
         new PrincipalEntity.Builder()
             .setName(request.getPrincipal().getName())
@@ -334,7 +282,6 @@ public Response resetCredentials(
     if (safeResetPrincipalRequest.getClientSecret() != null) {
       validateClientSecret(safeResetPrincipalRequest.getClientSecret());
     }
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(adminService.resetCredentials(principalName, safeResetPrincipalRequest))
         .build();
   }
@@ -343,7 +290,6 @@ public Response resetCredentials(
   @Override
   public Response deletePrincipal(
       String principalName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     adminService.deletePrincipal(principalName);
     return Response.status(Response.Status.NO_CONTENT).build();
   }
@@ -352,7 +298,6 @@ public Response deletePrincipal(
   @Override
   public Response getPrincipal(
       String principalName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(adminService.getPrincipal(principalName).asPrincipal()).build();
   }
 
@@ -363,7 +308,6 @@ public Response updatePrincipal(
       UpdatePrincipalRequest updateRequest,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(adminService.updatePrincipal(principalName, updateRequest).asPrincipal())
         .build();
   }
@@ -372,14 +316,12 @@ public Response updatePrincipal(
   @Override
   public Response rotateCredentials(
       String principalName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(adminService.rotateCredentials(principalName)).build();
   }
 
   /** From PolarisPrincipalsApiService */
   @Override
   public Response listPrincipals(RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<Principal> principalList = adminService.listPrincipals();
     Principals principals = new Principals(principalList);
     LOGGER.debug("listPrincipals returning: {}", principals);
@@ -392,7 +334,6 @@ public Response createPrincipalRole(
       CreatePrincipalRoleRequest request,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrincipalRoleEntity entity =
         new PrincipalRoleEntity.Builder()
             .setName(request.getPrincipalRole().getName())
@@ -410,7 +351,6 @@ public Response createPrincipalRole(
   @Override
   public Response deletePrincipalRole(
       String principalRoleName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     adminService.deletePrincipalRole(principalRoleName);
     return Response.status(Response.Status.NO_CONTENT).build();
   }
@@ -419,7 +359,6 @@ public Response deletePrincipalRole(
   @Override
   public Response getPrincipalRole(
       String principalRoleName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(adminService.getPrincipalRole(principalRoleName).asPrincipalRole()).build();
   }
 
@@ -430,7 +369,6 @@ public Response updatePrincipalRole(
       UpdatePrincipalRoleRequest updateRequest,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(
             adminService.updatePrincipalRole(principalRoleName, updateRequest).asPrincipalRole())
         .build();
@@ -439,7 +377,6 @@ public Response updatePrincipalRole(
   /** From PolarisPrincipalRolesApiService */
   @Override
   public Response listPrincipalRoles(RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<PrincipalRole> principalRoleList = adminService.listPrincipalRoles();
     PrincipalRoles principalRoles = new PrincipalRoles(principalRoleList);
     LOGGER.debug("listPrincipalRoles returning: {}", principalRoles);
@@ -453,7 +390,6 @@ public Response createCatalogRole(
       CreateCatalogRoleRequest request,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     CatalogRoleEntity entity =
         new CatalogRoleEntity.Builder()
             .setName(request.getCatalogRole().getName())
@@ -474,7 +410,6 @@ public Response deleteCatalogRole(
       String catalogRoleName,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     adminService.deleteCatalogRole(catalogName, catalogRoleName);
     return Response.status(Response.Status.NO_CONTENT).build();
   }
@@ -486,7 +421,6 @@ public Response getCatalogRole(
       String catalogRoleName,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(adminService.getCatalogRole(catalogName, catalogRoleName).asCatalogRole())
         .build();
   }
@@ -499,7 +433,6 @@ public Response updateCatalogRole(
       UpdateCatalogRoleRequest updateRequest,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     return Response.ok(
             adminService
                 .updateCatalogRole(catalogName, catalogRoleName, updateRequest)
@@ -511,7 +444,6 @@ public Response updateCatalogRole(
   @Override
   public Response listCatalogRoles(
       String catalogName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<CatalogRole> catalogRoleList = adminService.listCatalogRoles(catalogName);
     CatalogRoles catalogRoles = new CatalogRoles(catalogRoleList);
     LOGGER.debug("listCatalogRoles returning: {}", catalogRoles);
@@ -529,7 +461,6 @@ public Response assignPrincipalRole(
         "Assigning principalRole {} to principal {}",
         request.getPrincipalRole().getName(),
         principalName);
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrivilegeResult result =
         adminService.assignPrincipalRole(principalName, request.getPrincipalRole().getName());
     return toResponse(result, Response.Status.CREATED);
@@ -543,7 +474,6 @@ public Response revokePrincipalRole(
       RealmContext realmContext,
       SecurityContext securityContext) {
     LOGGER.info("Revoking principalRole {} from principal {}", principalRoleName, principalName);
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrivilegeResult result = adminService.revokePrincipalRole(principalName, principalRoleName);
     return toResponse(result, Response.Status.NO_CONTENT);
   }
@@ -552,7 +482,6 @@ public Response revokePrincipalRole(
   @Override
   public Response listPrincipalRolesAssigned(
       String principalName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<PrincipalRole> principalRoleList =
         adminService.listPrincipalRolesAssigned(principalName).stream()
             .map(PrincipalRoleEntity::new)
@@ -576,7 +505,6 @@ public Response assignCatalogRoleToPrincipalRole(
         request.getCatalogRole().getName(),
         catalogName,
         principalRoleName);
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrivilegeResult result =
         adminService.assignCatalogRoleToPrincipalRole(
             principalRoleName, catalogName, request.getCatalogRole().getName());
@@ -596,7 +524,6 @@ public Response revokeCatalogRoleFromPrincipalRole(
         catalogRoleName,
         catalogName,
         principalRoleName);
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrivilegeResult result =
         adminService.revokeCatalogRoleFromPrincipalRole(
             principalRoleName, catalogName, catalogRoleName);
@@ -607,7 +534,6 @@ public Response revokeCatalogRoleFromPrincipalRole(
   @Override
   public Response listAssigneePrincipalsForPrincipalRole(
       String principalRoleName, RealmContext realmContext, SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<Principal> principalList =
         adminService.listAssigneePrincipalsForPrincipalRole(principalRoleName).stream()
             .map(PrincipalEntity::new)
@@ -625,7 +551,6 @@ public Response listCatalogRolesForPrincipalRole(
       String catalogName,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<CatalogRole> catalogRoleList =
         adminService.listCatalogRolesForPrincipalRole(principalRoleName, catalogName).stream()
             .map(CatalogRoleEntity::new)
@@ -649,7 +574,6 @@ public Response addGrantToCatalogRole(
         grantRequest,
         catalogRoleName,
         catalogName);
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrivilegeResult result;
     switch (grantRequest.getGrant()) {
       // The per-securable-type Privilege enums must be exact String match for a subset of all
@@ -744,7 +668,6 @@ public Response revokeGrantFromCatalogRole(
       return Response.status(501).build(); // not implemented
     }
 
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     PrivilegeResult result;
     switch (grantRequest.getGrant()) {
       // The per-securable-type Privilege enums must be exact String match for a subset of all
@@ -828,7 +751,6 @@ public Response listAssigneePrincipalRolesForCatalogRole(
       String catalogRoleName,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<PrincipalRole> principalRoleList =
         adminService.listAssigneePrincipalRolesForCatalogRole(catalogName, catalogRoleName).stream()
             .map(PrincipalRoleEntity::new)
@@ -846,7 +768,6 @@ public Response listGrantsForCatalogRole(
       String catalogRoleName,
       RealmContext realmContext,
       SecurityContext securityContext) {
-    PolarisAdminService adminService = newAdminService(realmContext, securityContext);
     List<GrantResource> grantList =
         adminService.listGrantsForCatalogRole(catalogName, catalogRoleName);
     GrantResources grantResources = new GrantResources(grantList);