This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.1 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 37250ef3ded446efc5829125992d2278ca8565be Author: Jiwei Guo <[email protected]> AuthorDate: Mon Feb 9 18:20:37 2026 +0800 [improve][broker] Give the detail error msg when authenticate failed with AuthenticationException (#25221) (cherry picked from commit 0a0ce6d012412f003b04f148548f6350fdcfb58c) --- .../pulsar/broker/web/AuthenticationFilter.java | 9 +- .../broker/web/AuthenticationFilterTest.java | 107 +++++++++++++++++++++ 2 files changed, 114 insertions(+), 2 deletions(-) diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java index 3b85d9b03e4..1a36c440554 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java @@ -60,10 +60,15 @@ public class AuthenticationFilter implements Filter { try { doFilter = authenticationService.authenticateHttpRequest(httpRequest, httpResponse); } catch (Exception e) { - httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); if (e instanceof AuthenticationException) { - LOG.warn("[{}] Failed to authenticate HTTP request: {}", request.getRemoteAddr(), e.getMessage()); + String msg = e.getMessage(); + if (msg == null) { + msg = "Authentication required"; + } + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + LOG.warn("[{}] Failed to authenticate HTTP request: {}", request.getRemoteAddr(), msg); } else { + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); LOG.error("[{}] Error performing authentication for HTTP", request.getRemoteAddr(), e); } return; diff --git a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java new file mode 100644 index 00000000000..744f4a1d189 --- /dev/null +++ b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.pulsar.broker.web; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import javax.naming.AuthenticationException; +import javax.servlet.FilterChain; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.pulsar.broker.authentication.AuthenticationService; +import org.testng.annotations.Test; + +public class AuthenticationFilterTest { + + @Test + public void testDoFilterWithAuthenticationException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + String errorMsg = "Specific authentication error"; + doThrow(new AuthenticationException(errorMsg)) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, errorMsg); + } + + @Test + public void testDoFilterWithGenericException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + String errorMsg = "Some internal error"; + doThrow(new RuntimeException(errorMsg)) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); + } + + @Test + public void testDoFilterWithNullMessageGenericException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + doThrow(new RuntimeException()) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); + } + + @Test + public void testDoFilterWithNullMessageAuthenticationException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + doThrow(new AuthenticationException(null)) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); + } +}
