michaeljmarshall commented on code in PR #19197:
URL: https://github.com/apache/pulsar/pull/19197#discussion_r1072488581
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java:
##########
@@ -52,54 +49,12 @@ public AuthenticationFilter(AuthenticationService
authenticationService) {
this.authenticationService = authenticationService;
}
- private boolean isSaslRequest(HttpServletRequest request) {
- if (request.getHeader(SaslConstants.SASL_HEADER_TYPE) == null
- ||
request.getHeader(SaslConstants.SASL_HEADER_TYPE).isEmpty()) {
- return false;
- }
- if (request.getHeader(SaslConstants.SASL_HEADER_TYPE)
- .equalsIgnoreCase(SaslConstants.SASL_TYPE_VALUE)) {
- return true;
- } else {
- return false;
- }
- }
-
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
try {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- if (!isSaslRequest(httpRequest)) {
- // not sasl type, return role directly.
- String authMethodName =
httpRequest.getHeader(PULSAR_AUTH_METHOD_NAME);
- String role;
- if (authMethodName != null &&
authenticationService.getAuthenticationProvider(authMethodName) != null) {
- AuthenticationState authenticationState =
authenticationService
-
.getAuthenticationProvider(authMethodName).newHttpAuthState(httpRequest);
- request.setAttribute(AuthenticatedDataAttributeName,
authenticationState.getAuthDataSource());
- role = authenticationService.authenticateHttpRequest(
- (HttpServletRequest) request,
authenticationState.getAuthDataSource());
- } else {
- request.setAttribute(AuthenticatedDataAttributeName,
- new AuthenticationDataHttps((HttpServletRequest)
request));
- role =
authenticationService.authenticateHttpRequest((HttpServletRequest) request);
- }
- request.setAttribute(AuthenticatedRoleAttributeName, role);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("[{}] Authenticated HTTP request with role {}",
request.getRemoteAddr(), role);
- }
- chain.doFilter(request, response);
- return;
- }
-
boolean doFilter = authenticationService
- .getAuthenticationProvider(SaslConstants.AUTH_METHOD_NAME)
- .authenticateHttpRequest(httpRequest, httpResponse);
-
+ .authenticateHttpRequest((HttpServletRequest) request,
(HttpServletResponse) response);
Review Comment:
It looks like `X-Pulsar-Auth-Method-Name` is never set by our official ~HTTP
admin client~ SASL Authentication plugin. That is its own problem.
This PR likely has tests passing because when `X-Pulsar-Auth-Method-Name` is
not set, we iterate over all authentication providers. That would be a small
decrease in efficiency for systems with multiple authentication providers
loaded on the broker.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
