[GitHub] erenavsarogullari commented on a change in pull request #3239: [Pulsar-Broker-Common] Refactor AuthenticationProviderToken

[GitBox]

erenavsarogullari commented on a change in pull request #3239: 
[Pulsar-Broker-Common] Refactor AuthenticationProviderToken
URL: https://github.com/apache/pulsar/pull/3239#discussion_r243736016
 
 

 ##########
 File path: 
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java
 ##########
 @@ -57,33 +59,47 @@ public void initialize(ServiceConfiguration config) throws 
IOException {
 
     @Override
     public String getAuthMethodName() {
-        return "token";
+        return TOKEN;
     }
 
     @Override
     public String authenticate(AuthenticationDataSource authData) throws 
AuthenticationException {
-        String token = null;
+        // Get Token
+        String token = getToken(authData);
+
+        // Parse Token by validating
+        return parseToken(token);
+    }
 
+    private String getToken(AuthenticationDataSource authData) throws 
AuthenticationException {
         if (authData.hasDataFromCommand()) {
             // Authenticate Pulsar binary connection
-            token = authData.getCommandData();
+            return authData.getCommandData();
         } else if (authData.hasDataFromHttp()) {
             // Authentication HTTP request. The format here should be 
compliant to RFC-6750
-            // (https://tools.ietf.org/html/rfc6750#section-2.1). Eg:
-            //
-            // Authorization: Bearer xxxxxxxxxxxxx
+            // (https://tools.ietf.org/html/rfc6750#section-2.1). Eg: 
Authorization: Bearer xxxxxxxxxxxxx
             String httpHeaderValue = authData.getHttpHeader(HTTP_HEADER_NAME);
             if (httpHeaderValue == null || 
!httpHeaderValue.startsWith(HTTP_HEADER_VALUE_PREFIX)) {
                 throw new AuthenticationException("Invalid HTTP Authorization 
header");
             }
 
             // Remove prefix
-            token = 
httpHeaderValue.substring(HTTP_HEADER_VALUE_PREFIX.length());
+            String token = 
httpHeaderValue.substring(HTTP_HEADER_VALUE_PREFIX.length());
+            return validateToken(token);
         } else {
             throw new AuthenticationException("No token credentials passed");
         }
+    }
 
-        // Validate the token
+    private String validateToken(final String token) throws 
AuthenticationException {
+        if(StringUtils.isNotBlank(token)) {
 
 Review comment:
   @sijie Thanks for review. Addressed via #3244

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services