dimas-b commented on code in PR #1397:
URL: https://github.com/apache/polaris/pull/1397#discussion_r2060373660
##########
quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/internal/InternalAuthenticationMechanism.java:
##########
@@ -56,9 +84,34 @@ public Uni<SecurityIdentity> authenticate(
}
String credential = authHeader.substring(spaceIdx + 1);
+
+ DecodedToken token;
+ try {
+ token = decodeToken(credential);
+ } catch (Exception e) {
+ return configuration.type() == AuthenticationType.MIXED
Review Comment:
Performance-wise current approach is probably easiest and fastest. However,
`InternalIdentityProvider` looks like a no-op in the current state of the code,
which looks a bit odd to me. Also, the `if` in exception handling seems to be
coming exactly from the uncertainty of the token's origin.
If we parsed the token first, we could delegate to the right validation code
and then, if an validation fails it will always be a certain failure.
Regarding parsing penalty, if the token is external, the first attempt will
parse _and_ cause an exception on all call, which would be bigger overhead for
the lower priority authenticators, I guess.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
