Re: [PR] [#7753] improve error messages when auth fails [gravitino]

Sun, 20 Jul 2025 11:39:31 -0700 


yunchipang commented on code in PR #7762:
URL: https://github.com/apache/gravitino/pull/7762#discussion_r2217911766


##########
server/src/main/java/org/apache/gravitino/server/web/filter/GravitinoInterceptionService.java:
##########
@@ -117,24 +121,53 @@ public Object invoke(MethodInvocation methodInvocation) 
throws Throwable {
             NameIdentifier accessMetadataName =
                 metadataContext.get(Entity.EntityType.valueOf(type.name()));
             String errorMessage = expressionAnnotation.errorMessage();
-            return buildNoAuthResponse(errorMessage, accessMetadataName);
+            String currentUser = PrincipalUtils.getCurrentUserName();
+            String methodName = method.getName();
+
+            LOG.warn(
+                "Authorization failed - User: {}, Operation: {}, Metadata: {}, 
Expression: {}",
+                currentUser,
+                methodName,
+                accessMetadataName,
+                expression);
+
+            return buildNoAuthResponse(errorMessage, accessMetadataName, 
currentUser, methodName);
           }
         }
         return methodInvocation.proceed();
       } catch (Exception ex) {
-        return Utils.forbidden("Can not access metadata. Cause by: " + 
ex.getMessage(), ex);
+        String currentUser = PrincipalUtils.getCurrentUserName();
+        String methodName = methodInvocation.getMethod().getName();
+
+        LOG.error(
+            "System internal error during authorization - User: {}, Operation: 
{}",
+            currentUser,
+            methodName,
+            ex);
+        return Utils.forbidden(
+            "Authorization failed due to system internal error. Please contact 
administrator.",
+            null);
       }
     }
 
-    private Response buildNoAuthResponse(String errorMessage, NameIdentifier 
accessMetadataName) {
+    private Response buildNoAuthResponse(
+        String errorMessage,
+        NameIdentifier accessMetadataName,
+        String currentUser,
+        String methodName) {
+      String contextualMessage;
       if (StringUtils.isNotBlank(errorMessage)) {
-        return Utils.forbidden(
-            errorMessage,
-            new ForbiddenException("Can not access metadata, cause by: %s", 
errorMessage));
+        contextualMessage =

Review Comment:
   fixed! thanks



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to