[ https://issues.apache.org/jira/browse/CALCITE-1487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16102376#comment-16102376 ]
Josh Elser commented on CALCITE-1487: ------------------------------------- The {{baseRequest}} needs to be marked as "handled" -- that will prevent it from filtering down to the other handlers that Jetty sets up (e.g. those serving static files). > Avatica{Json,Protobuf}Handler inadvertently returns HTTP/404 after > authentication failure > ----------------------------------------------------------------------------------------- > > Key: CALCITE-1487 > URL: https://issues.apache.org/jira/browse/CALCITE-1487 > Project: Calcite > Issue Type: Bug > Components: avatica > Reporter: Josh Elser > Assignee: Josh Elser > Labels: beginner > Fix For: avatica-1.11.0 > > > I'm looking into a case where there are some authentication issues into an > Avatica server. The SPNEGO handshake obviously failed via error in the > server, but the client ultimately saw an HTTP/404 error which doesn't make > sense (they should see a 401 or 403). > I think I see why this happens. In the handlers, when the server is > configured to require authenticated users and a user is not authenticated, > the {{handle()}} method just returns. > I believe the Handler implementation should set the Request as handled and > set the appropriate response code. I believe the 404 is coming from the > DefaultHandler (which has no html to serve for requests to "/"). -- This message was sent by Atlassian JIRA (v6.4.14#64029)