securityLogic fixes

extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/Pac4jFilter.java

@@ -43,7 +43,6 @@
 import javax.servlet.http.HttpServletResponse;
 
 import java.io.IOException;
-import java.util.Collection;
 
 public class Pac4jFilter implements Filter
 {
@@ -101,17 +100,9 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
       UserProfile profile = (UserProfile) securityLogic.perform(
           context,
           sessionStore,
-          pac4jConfig,
-          (JEEContext ctx, Collection<UserProfile> profiles, Object... parameters) -> {
-            if (profiles.isEmpty()) {
-              LOGGER.warn("No profiles found after OIDC auth.");
-              return null;
-            } else {
-              return profiles.iterator().next();
-            }
-          },
+          pac4jConfig, null,
           JEEHttpActionAdapter.INSTANCE,
-          null, "none", null, null);
+          null, "none", null);
       // Changed the Authorizer from null to "none".
       // In the older version, if it is null, it simply grant access and returns authorized.
       // But in the newer pac4j version, it uses CsrfAuthorizer as default, And because of this, It was returning 403 in API calls.

extensions-core/druid-pac4j/src/test/java/org/apache/druid/security/pac4j/Pac4jFilterTest.java

@@ -26,11 +26,11 @@
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnitRunner;
-import org.pac4j.jee.context.JEEContext;
 import org.pac4j.core.exception.http.ForbiddenAction;
 import org.pac4j.core.exception.http.FoundAction;
 import org.pac4j.core.exception.http.HttpAction;
 import org.pac4j.core.exception.http.WithLocationAction;
+import org.pac4j.jee.context.JEEContext;
 import org.pac4j.jee.http.adapter.JEEHttpActionAdapter;
 
 import javax.servlet.http.HttpServletRequest;