hongkunxu commented on code in PR #17242:
URL: https://github.com/apache/pinot/pull/17242#discussion_r2642637080
##########
pinot-broker/src/main/java/org/apache/pinot/broker/broker/ZkBasicAuthAccessControlFactory.java:
##########
@@ -122,24 +122,39 @@ public TableAuthorizationResult
authorize(RequesterIdentity requesterIdentity, S
private Optional<ZkBasicAuthPrincipal> getPrincipalAuth(RequesterIdentity
requesterIdentity) {
Collection<String> tokens =
extractAuthorizationTokens(requesterIdentity);
- if (tokens.isEmpty()) {
+ if (tokens == null || tokens.isEmpty()) {
return Optional.empty();
}
- _name2principal =
BasicAuthUtils.extractBasicAuthPrincipals(_userCache.getAllBrokerUserConfig()).stream()
- .collect(Collectors.toMap(BasicAuthPrincipal::getName, p -> p));
+ Map<String, ZkBasicAuthPrincipal> name2principal =
+
BasicAuthUtils.extractBasicAuthPrincipals(_userCache.getAllBrokerUserConfig()).stream()
+ .collect(Collectors.toMap(BasicAuthPrincipal::getName, p -> p));
Review Comment:
This behavior is consistent with the previous logic, and it has been running
in the production environment without any issues, even under peak traffic of up
to 300 QPS and daily traffic exceeding 1 million requests.
Although this tip has limited practical impact from an engineering
perspective, it still makes sense to apply it from a code-quality standpoint.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
