You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@calcite.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2016/11/09 21:55:58 UTC
[jira] [Commented] (CALCITE-1487) Avatica{Json,Protobuf}Handler
inadvertently returns HTTP/404 after authentication failure
[ https://issues.apache.org/jira/browse/CALCITE-1487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15652160#comment-15652160 ]
Josh Elser commented on CALCITE-1487:
-------------------------------------
Relevant code snippets:
https://github.com/apache/calcite/blob/master/avatica/server/src/main/java/org/apache/calcite/avatica/server/AvaticaJsonHandler.java#L93-L97
https://github.com/apache/calcite/blob/master/avatica/server/src/main/java/org/apache/calcite/avatica/server/AvaticaProtobufHandler.java#L95-L99
> Avatica{Json,Protobuf}Handler inadvertently returns HTTP/404 after authentication failure
> -----------------------------------------------------------------------------------------
>
> Key: CALCITE-1487
> URL: https://issues.apache.org/jira/browse/CALCITE-1487
> Project: Calcite
> Issue Type: Bug
> Components: avatica
> Reporter: Josh Elser
> Labels: beginner
> Fix For: avatica-1.10.0
>
>
> I'm looking into a case where there are some authentication issues into an Avatica server. The SPNEGO handshake obviously failed via error in the server, but the client ultimately saw an HTTP/404 error which doesn't make sense (they should see a 401 or 403).
> I think I see why this happens. In the handlers, when the server is configured to require authenticated users and a user is not authenticated, the {{handle()}} method just returns.
> I believe the Handler implementation should set the Request as handled and set the appropriate response code. I believe the 404 is coming from the DefaultHandler (which has no html to serve for requests to "/").
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)