blackfaced opened a new issue, #8434: URL: https://github.com/apache/gravitino/issues/8434
### Describe the feature In the authentication process, both the client and server need access to the complete request object (including method, path, headers, and body) in order to generate and verify signatures. This helps prevent man-in-the-middle attacks by ensuring the integrity of the request. Additionally, depending on the signature method used by the client, some extra headers may be added to the request and need to be passed to the server for verification. ### Motivation Currently, the authentication process may not cover the entire request object, which could leave room for certain types of attacks (e.g., replay or tampering). By signing the full request and verifying it on the server side, we can greatly improve security and ensure that the request has not been altered in transit. Supporting additional headers for different signature schemes also increases flexibility for clients. ### Describe the solution _No response_ ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
