mchades commented on PR #11618: URL: https://github.com/apache/gravitino/pull/11618#issuecomment-4706146475
**[P2] Custom filters can bypass audit trail** **Files affected:** - `server/src/main/java/org/apache/gravitino/server/GravitinoServer.java` line 190-193 - `iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/RESTService.java` line 208-212 - `lance/lance-rest-server/src/main/java/org/apache/gravitino/lance/LanceRESTService.java` line 95-98 **Issue:** HttpAuditFilter is registered AFTER `server.addCustomFilters()`. A custom filter that returns 401/403/5xx without calling `chain.doFilter()` can bypass HttpAuditFilter entirely, emitting no audit event. **Recommended fix:** Reorder filters so HttpAuditFilter comes BEFORE custom filters. For the main server (GravitinoServer), suggested order: 1. RequestContextFilter (ThreadLocal initialization) 2. HttpAuditFilter 3. Custom filters 4. VersioningFilter 5. System filters Iceberg and Lance REST servers should follow the same pattern: HttpAuditFilter before custom filters. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
