This is an automated email from the ASF dual-hosted git repository.
zixuan pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 7ec3a5789de [fix][authentication] Improve AuthenticationFilter
response (#19464)
7ec3a5789de is described below
commit 7ec3a5789dee2eddbbb2621ea939d0d24de8961e
Author: Zixuan Liu <[email protected]>
AuthorDate: Tue Jun 13 15:02:59 2023 +0800
[fix][authentication] Improve AuthenticationFilter response (#19464)
Signed-off-by: Zixuan Liu <[email protected]>
Co-authored-by: tison <[email protected]>
(cherry picked from commit 491624395033c643f501e05276e23383f2fee61a)
---
.../pulsar/broker/web/AuthenticationFilter.java | 24 +++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
index 6f13185ca75..0670412e105 100644
---
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
+++
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
@@ -52,19 +52,29 @@ public class AuthenticationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
+ boolean allowed = false;
+ Exception authenticationException = null;
try {
- boolean doFilter = authenticationService
+ allowed = authenticationService
.authenticateHttpRequest((HttpServletRequest) request,
(HttpServletResponse) response);
- if (doFilter) {
- chain.doFilter(request, response);
- }
} catch (Exception e) {
+ authenticationException = e;
+ }
+
+ if (allowed) {
+ chain.doFilter(request, response);
+ return;
+ }
+
+ if (authenticationException != null) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication required");
- if (e instanceof AuthenticationException) {
- LOG.warn("[{}] Failed to authenticate HTTP request: {}",
request.getRemoteAddr(), e.getMessage());
+ if (authenticationException instanceof AuthenticationException) {
+ LOG.warn("[{}] Failed to authenticate HTTP request: {}",
request.getRemoteAddr(),
+ authenticationException.getMessage());
} else {
- LOG.error("[{}] Error performing authentication for HTTP",
request.getRemoteAddr(), e);
+ LOG.error("[{}] Error performing authentication for HTTP",
request.getRemoteAddr(),
+ authenticationException);
}
}
}
