[I] [Improvement] Iceberg REST server returns HTML instead of JSON error body for 401 Unauthorized responses [gravitino]

Thu, 02 Apr 2026 21:18:00 -0700 


laserninja opened a new issue, #10667:
URL: https://github.com/apache/gravitino/issues/10667

   ### What would you like to be improved?
   
   The Gravitino Iceberg REST server returns non-JSON (HTML) error responses 
when authentication fails, violating the Iceberg REST API specification.
   
   **Problem:**
   When authentication fails, the `AuthenticationFilter` calls 
`resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, message)` 
([AuthenticationFilter.java#L102-L105](https://github.com/apache/gravitino/blob/main/server-common/src/main/java/org/apache/gravitino/server/authentication/AuthenticationFilter.java#L102-L105)).
 This happens at the servlet filter level — **before** the request reaches 
JAX-RS — so the `IcebergExceptionMapper` is never invoked. Instead, Jetty's 
default `ErrorHandler` 
([JettyServer.java#L101](https://github.com/apache/gravitino/blob/main/server-common/src/main/java/org/apache/gravitino/server/web/JettyServer.java#L101))
 produces an HTML error page.
   
   **Expected behavior per the Iceberg REST spec:**
   All error responses (including 401) must return a JSON body with the 
`IcebergErrorResponse` schema:
   ```json
   {
     "error": {
       "message": "Not authorized to make this request",
       "type": "NotAuthorizedException",
       "code": 401
     }
   }
   ```
   
   **Actual behavior:**
   Jetty returns its default HTML error page (or plain text), which causes 
Iceberg REST clients (e.g., the Java `RESTCatalog`) to fail with a secondary 
JSON parse error, masking the real authentication failure.
   
   ### How should we improve?
   
   Replace the `sendError()` calls in the filter with writing a proper JSON 
`IcebergErrorResponse` body directly to the response output stream, setting 
`Content-Type: application/json` and the 401 status code. Alternatively, 
register a custom Jetty `ErrorHandler` for the Iceberg REST server that formats 
errors as JSON.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to