[GitHub] [pulsar] michaeljmarshall commented on a diff in pull request #19197: [feat][broker] Update AuthenticationProvider to simplify HTTP Authn

Tue, 17 Jan 2023 13:19:49 -0800 


michaeljmarshall commented on code in PR #19197:
URL: https://github.com/apache/pulsar/pull/19197#discussion_r1072833121


##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java:
##########
@@ -52,54 +49,12 @@ public AuthenticationFilter(AuthenticationService 
authenticationService) {
         this.authenticationService = authenticationService;
     }
 
-    private boolean isSaslRequest(HttpServletRequest request) {
-        if (request.getHeader(SaslConstants.SASL_HEADER_TYPE) == null
-                || 
request.getHeader(SaslConstants.SASL_HEADER_TYPE).isEmpty()) {
-            return false;
-        }
-        if (request.getHeader(SaslConstants.SASL_HEADER_TYPE)
-            .equalsIgnoreCase(SaslConstants.SASL_TYPE_VALUE)) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain)
             throws IOException, ServletException {
         try {
-            HttpServletRequest httpRequest = (HttpServletRequest) request;
-            HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-            if (!isSaslRequest(httpRequest)) {
-                // not sasl type, return role directly.
-                String authMethodName = 
httpRequest.getHeader(PULSAR_AUTH_METHOD_NAME);
-                String role;
-                if (authMethodName != null && 
authenticationService.getAuthenticationProvider(authMethodName) != null) {
-                    AuthenticationState authenticationState = 
authenticationService
-                            
.getAuthenticationProvider(authMethodName).newHttpAuthState(httpRequest);
-                    request.setAttribute(AuthenticatedDataAttributeName, 
authenticationState.getAuthDataSource());
-                    role = authenticationService.authenticateHttpRequest(
-                            (HttpServletRequest) request, 
authenticationState.getAuthDataSource());
-                } else {
-                    request.setAttribute(AuthenticatedDataAttributeName,
-                            new AuthenticationDataHttps((HttpServletRequest) 
request));
-                    role = 
authenticationService.authenticateHttpRequest((HttpServletRequest) request);
-                }
-                request.setAttribute(AuthenticatedRoleAttributeName, role);
-
-                if (LOG.isDebugEnabled()) {
-                    LOG.debug("[{}] Authenticated HTTP request with role {}", 
request.getRemoteAddr(), role);
-                }
-                chain.doFilter(request, response);
-                return;
-            }
-
             boolean doFilter = authenticationService
-                .getAuthenticationProvider(SaslConstants.AUTH_METHOD_NAME)
-                .authenticateHttpRequest(httpRequest, httpResponse);
-
+                    .authenticateHttpRequest((HttpServletRequest) request, 
(HttpServletResponse) response);

Review Comment:
   I moved the SASL logic into the `AuthenticationService` class because any 
class that uses that method will technically need to benefit from the logic. 
Please review.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to