This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 9cbfa588abe [improve][broker] Give the detail error msg when
authenticate failed with AuthenticationException (#25221)
9cbfa588abe is described below
commit 9cbfa588abecae293d23bdc032a5c9462649dd57
Author: Jiwei Guo <[email protected]>
AuthorDate: Mon Feb 9 18:20:37 2026 +0800
[improve][broker] Give the detail error msg when authenticate failed with
AuthenticationException (#25221)
(cherry picked from commit 0a0ce6d012412f003b04f148548f6350fdcfb58c)
---
.../pulsar/broker/web/AuthenticationFilter.java | 10 +-
.../broker/web/AuthenticationFilterTest.java | 107 +++++++++++++++++++++
2 files changed, 114 insertions(+), 3 deletions(-)
diff --git
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
index 0670412e105..23cc6519886 100644
---
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
+++
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
@@ -68,11 +68,15 @@ public class AuthenticationFilter implements Filter {
if (authenticationException != null) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
- httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication required");
if (authenticationException instanceof AuthenticationException) {
- LOG.warn("[{}] Failed to authenticate HTTP request: {}",
request.getRemoteAddr(),
- authenticationException.getMessage());
+ String msg = authenticationException.getMessage();
+ if (msg == null) {
+ msg = "Authentication required";
+ }
+ httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
msg);
+ LOG.warn("[{}] Failed to authenticate HTTP request: {}",
request.getRemoteAddr(), msg);
} else {
+ httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication required");
LOG.error("[{}] Error performing authentication for HTTP",
request.getRemoteAddr(),
authenticationException);
}
diff --git
a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java
b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java
new file mode 100644
index 00000000000..744f4a1d189
--- /dev/null
+++
b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.broker.web;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import javax.naming.AuthenticationException;
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.pulsar.broker.authentication.AuthenticationService;
+import org.testng.annotations.Test;
+
+public class AuthenticationFilterTest {
+
+ @Test
+ public void testDoFilterWithAuthenticationException() throws Exception {
+ AuthenticationService authenticationService =
mock(AuthenticationService.class);
+ AuthenticationFilter filter = new
AuthenticationFilter(authenticationService);
+
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
+ FilterChain chain = mock(FilterChain.class);
+
+ String errorMsg = "Specific authentication error";
+ doThrow(new AuthenticationException(errorMsg))
+ .when(authenticationService)
+ .authenticateHttpRequest(any(HttpServletRequest.class),
any(HttpServletResponse.class));
+
+ filter.doFilter(request, response, chain);
+
+ verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED,
errorMsg);
+ }
+
+ @Test
+ public void testDoFilterWithGenericException() throws Exception {
+ AuthenticationService authenticationService =
mock(AuthenticationService.class);
+ AuthenticationFilter filter = new
AuthenticationFilter(authenticationService);
+
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
+ FilterChain chain = mock(FilterChain.class);
+
+ String errorMsg = "Some internal error";
+ doThrow(new RuntimeException(errorMsg))
+ .when(authenticationService)
+ .authenticateHttpRequest(any(HttpServletRequest.class),
any(HttpServletResponse.class));
+
+ filter.doFilter(request, response, chain);
+
+ verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication required");
+ }
+
+ @Test
+ public void testDoFilterWithNullMessageGenericException() throws Exception
{
+ AuthenticationService authenticationService =
mock(AuthenticationService.class);
+ AuthenticationFilter filter = new
AuthenticationFilter(authenticationService);
+
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
+ FilterChain chain = mock(FilterChain.class);
+
+ doThrow(new RuntimeException())
+ .when(authenticationService)
+ .authenticateHttpRequest(any(HttpServletRequest.class),
any(HttpServletResponse.class));
+
+ filter.doFilter(request, response, chain);
+
+ verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication required");
+ }
+
+ @Test
+ public void testDoFilterWithNullMessageAuthenticationException() throws
Exception {
+ AuthenticationService authenticationService =
mock(AuthenticationService.class);
+ AuthenticationFilter filter = new
AuthenticationFilter(authenticationService);
+
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
+ FilterChain chain = mock(FilterChain.class);
+
+ doThrow(new AuthenticationException(null))
+ .when(authenticationService)
+ .authenticateHttpRequest(any(HttpServletRequest.class),
any(HttpServletResponse.class));
+
+ filter.doFilter(request, response, chain);
+
+ verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication required");
+ }
+}
