Re: [PR] [#4056] improvement(server-common): Support multiple authentication at the same time on the server side [gravitino]

Thu, 18 Jul 2024 01:25:04 -0700 


yuqi1129 commented on code in PR #4160:
URL: https://github.com/apache/gravitino/pull/4160#discussion_r1682377681


##########
integration-test-common/src/test/java/org/apache/gravitino/integration/test/MiniGravitino.java:
##########
@@ -115,19 +117,17 @@ public void start() throws Exception {
     this.host = jettyServerConfig.getHost();
     this.port = jettyServerConfig.getHttpPort();
     String URI = String.format("http://%s:%d";, host, port);
-    if (AuthenticatorType.OAUTH
-        .name()
-        .toLowerCase()
-        .equals(context.customConfig.get(Configs.AUTHENTICATOR.getKey()))) {
+    if (COMMA

Review Comment:
   So, If the server supports `oauth` and `Kerberos` authentication at the same 
time, client will use `aouth` to connect to it?



##########
server-common/src/main/java/org/apache/gravitino/server/authentication/AuthenticationFilter.java:
##########
@@ -54,22 +55,36 @@ public void init(FilterConfig filterConfig) throws 
ServletException {}
   public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain)
       throws IOException, ServletException {
     try {
-      Authenticator authenticator;
-      if (filterAuthenticator == null) {
-        authenticator = ServerAuthenticator.getInstance().authenticator();
+      List<Authenticator> authenticators;
+      if (filterAuthenticators == null || filterAuthenticators.isEmpty()) {
+        authenticators = ServerAuthenticator.getInstance().authenticators();
       } else {
-        authenticator = filterAuthenticator;
+        authenticators = filterAuthenticators;
       }
       HttpServletRequest req = (HttpServletRequest) request;
       Enumeration<String> headerData = 
req.getHeaders(AuthConstants.HTTP_HEADER_AUTHORIZATION);
       byte[] authData = null;
       if (headerData.hasMoreElements()) {
         authData = headerData.nextElement().getBytes(StandardCharsets.UTF_8);
       }
-      if (authenticator.isDataFromToken()) {
-        Principal principal = authenticator.authenticateToken(authData);
-        
request.setAttribute(AuthConstants.AUTHENTICATED_PRINCIPAL_ATTRIBUTE_NAME, 
principal);
+
+      Principal principal = null;
+      for (Authenticator authenticator : authenticators) {
+        if (!authenticator.supports(authData)) {
+          continue;
+        }
+        if (authenticator.isDataFromToken()) {

Review Comment:
   if (authenticator.supports(authData) && authenticator.isDataFromToken())



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to