michaeljmarshall commented on code in PR #19197:
URL: https://github.com/apache/pulsar/pull/19197#discussion_r1072462807
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java:
##########
@@ -52,54 +49,12 @@ public AuthenticationFilter(AuthenticationService
authenticationService) {
this.authenticationService = authenticationService;
}
- private boolean isSaslRequest(HttpServletRequest request) {
- if (request.getHeader(SaslConstants.SASL_HEADER_TYPE) == null
- ||
request.getHeader(SaslConstants.SASL_HEADER_TYPE).isEmpty()) {
- return false;
- }
- if (request.getHeader(SaslConstants.SASL_HEADER_TYPE)
- .equalsIgnoreCase(SaslConstants.SASL_TYPE_VALUE)) {
- return true;
- } else {
- return false;
- }
- }
-
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
try {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- if (!isSaslRequest(httpRequest)) {
- // not sasl type, return role directly.
- String authMethodName =
httpRequest.getHeader(PULSAR_AUTH_METHOD_NAME);
- String role;
- if (authMethodName != null &&
authenticationService.getAuthenticationProvider(authMethodName) != null) {
- AuthenticationState authenticationState =
authenticationService
-
.getAuthenticationProvider(authMethodName).newHttpAuthState(httpRequest);
- request.setAttribute(AuthenticatedDataAttributeName,
authenticationState.getAuthDataSource());
- role = authenticationService.authenticateHttpRequest(
- (HttpServletRequest) request,
authenticationState.getAuthDataSource());
- } else {
- request.setAttribute(AuthenticatedDataAttributeName,
- new AuthenticationDataHttps((HttpServletRequest)
request));
- role =
authenticationService.authenticateHttpRequest((HttpServletRequest) request);
- }
- request.setAttribute(AuthenticatedRoleAttributeName, role);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("[{}] Authenticated HTTP request with role {}",
request.getRemoteAddr(), role);
- }
- chain.doFilter(request, response);
- return;
- }
-
boolean doFilter = authenticationService
- .getAuthenticationProvider(SaslConstants.AUTH_METHOD_NAME)
- .authenticateHttpRequest(httpRequest, httpResponse);
-
+ .authenticateHttpRequest((HttpServletRequest) request,
(HttpServletResponse) response);
Review Comment:
Is there a reason we cannot rely on the header for
`PULSAR_AUTH_METHOD_NAME`? The official module has had the value set since HTTP
support was added here https://github.com/apache/pulsar/pull/4097.
https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderSasl.java#L115-L118
https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-client-auth-sasl/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationSasl.java#L87-L90
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
