This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
The following commit(s) were added to refs/heads/master by this push:
new a6a8ec4 Don't auth check when not required.
new c37c1b6 This closes #1189
a6a8ec4 is described below
commit a6a8ec49bb00d9da3ff958f11b078d040b1325e6
Author: Duncan Grant <[email protected]>
AuthorDate: Wed Jun 23 10:58:47 2021 +0100
Don't auth check when not required.
Previously we checked each call and if it was authenticated we did
returned without filtering. As the logic for initialising some security
providers has changed this means that there can be a long delay before we
return data for calls that don't need to be authenticated.
Instead we now first check whether a resource needs authorisation before
authenticating. This speeds up the response in the above case at the
cost of some calls taking slightly longer when the user is logged in.
---
.../filter/BrooklynSecurityProviderFilterHelper.java | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
index f64cc9f..007bbfd 100644
---
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
+++
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
@@ -106,15 +106,6 @@ public class BrooklynSecurityProviderFilterHelper {
abort(e.getResponse());
}
- final HttpSession preferredSession1 = preferredSessionWrapper==null ?
null : preferredSessionWrapper.getPreferredSession();
-
- if (log.isTraceEnabled()) {
- log.trace("{} checking {}", this,
MultiSessionAttributeAdapter.info(webRequest));
- }
- if (provider.isAuthenticated(preferredSession1)) {
- log.trace("{} already authenticated - {}", this,
preferredSession1);
- return;
- }
String unauthenticatedEndpoints =
mgmt.getConfig().getConfig(UNAUTHENTICATED_ENDPOINTS);
if (Strings.isNonBlank(unauthenticatedEndpoints)) {
@@ -126,6 +117,17 @@ public class BrooklynSecurityProviderFilterHelper {
}
}
+ final HttpSession preferredSession1 = preferredSessionWrapper==null ?
null : preferredSessionWrapper.getPreferredSession();
+
+ if (log.isTraceEnabled()) {
+ log.trace("{} checking {}", this,
MultiSessionAttributeAdapter.info(webRequest));
+ }
+ if (provider.isAuthenticated(preferredSession1)) {
+ log.trace("{} already authenticated - {}", this,
preferredSession1);
+ return;
+ }
+
+
String user = null, pass = null;
if (provider.requiresUserPass()) {
String authorization = webRequest.getHeader("Authorization");
