michaeljmarshall commented on a change in pull request #14044:
URL: https://github.com/apache/pulsar/pull/14044#discussion_r798244326
##########
File path:
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
##########
@@ -76,8 +77,15 @@ public void doFilter(ServletRequest request, ServletResponse
response, FilterCha
// not sasl type, return role directly.
String role =
authenticationService.authenticateHttpRequest((HttpServletRequest) request);
Review comment:
Since this PR is adding the appropriate headers by default, I think we
should clean up and possibly deprecate this `authenticateHttpRequest` method.
If you look at its internal definition, it branches based on
`"X-Pulsar-Auth-Method-Name"`. Note also that the current design of this PR
will result in double verification of the authentication data, which should be
avoided.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
