You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2018/02/02 04:46:00 UTC

[GitHub] yush1ga commented on a change in pull request #1087: Add basic authentication plugin

yush1ga commented on a change in pull request #1087: Add basic authentication plugin
URL: https://github.com/apache/incubator-pulsar/pull/1087#discussion_r165557612
 
 

 ##########
 File path: pulsar-broker/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java
 ##########
 @@ -60,8 +63,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             if (LOG.isDebugEnabled()) {
                 LOG.debug("[{}] Authenticated HTTP request with role {}", request.getRemoteAddr(), role);
             }
-        } catch (AuthenticationException e) {
+        } catch (PulsarHttpAuthenticationException e) {
             HttpServletResponse httpResponse = (HttpServletResponse) response;
+            if (isNotBlank(e.getRealmInformation())) {
+                ((HttpServletResponse) response).setHeader("WWW-Authenticate", e.getRealmInformation());
 
 Review comment:
   @maskit 
   I roughly agree with you.
   
   > using an exception to indicate simple authentication failure is a bad design
   
   I think this should not be fixed in this PR adding authentication plugin.
   We should consider good design and make another PR.
   That's why, I exclude the code about authentication header from this PR.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services