michaeljmarshall commented on code in PR #19197:
URL: https://github.com/apache/pulsar/pull/19197#discussion_r1072480950
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java:
##########
@@ -52,54 +49,12 @@ public AuthenticationFilter(AuthenticationService
authenticationService) {
this.authenticationService = authenticationService;
}
- private boolean isSaslRequest(HttpServletRequest request) {
- if (request.getHeader(SaslConstants.SASL_HEADER_TYPE) == null
- ||
request.getHeader(SaslConstants.SASL_HEADER_TYPE).isEmpty()) {
- return false;
- }
- if (request.getHeader(SaslConstants.SASL_HEADER_TYPE)
- .equalsIgnoreCase(SaslConstants.SASL_TYPE_VALUE)) {
- return true;
- } else {
- return false;
- }
- }
-
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
try {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- if (!isSaslRequest(httpRequest)) {
- // not sasl type, return role directly.
- String authMethodName =
httpRequest.getHeader(PULSAR_AUTH_METHOD_NAME);
- String role;
- if (authMethodName != null &&
authenticationService.getAuthenticationProvider(authMethodName) != null) {
- AuthenticationState authenticationState =
authenticationService
-
.getAuthenticationProvider(authMethodName).newHttpAuthState(httpRequest);
- request.setAttribute(AuthenticatedDataAttributeName,
authenticationState.getAuthDataSource());
- role = authenticationService.authenticateHttpRequest(
- (HttpServletRequest) request,
authenticationState.getAuthDataSource());
- } else {
- request.setAttribute(AuthenticatedDataAttributeName,
- new AuthenticationDataHttps((HttpServletRequest)
request));
- role =
authenticationService.authenticateHttpRequest((HttpServletRequest) request);
- }
- request.setAttribute(AuthenticatedRoleAttributeName, role);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("[{}] Authenticated HTTP request with role {}",
request.getRemoteAddr(), role);
- }
- chain.doFilter(request, response);
- return;
- }
-
boolean doFilter = authenticationService
- .getAuthenticationProvider(SaslConstants.AUTH_METHOD_NAME)
- .authenticateHttpRequest(httpRequest, httpResponse);
-
+ .authenticateHttpRequest((HttpServletRequest) request,
(HttpServletResponse) response);
Review Comment:
I agree that this PR changes the logic where the previous SASL requests were
filtered based on the `SaslConstants.SASL_HEADER_TYPE` header. I am looking
closer at the implementation to understand why all tests passed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
