You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/06/01 07:33:00 UTC
[jira] [Commented] (TINKERPOP-2374)
SaslAndHttpBasicAuthenticationHandler can't extract authorization
[ https://issues.apache.org/jira/browse/TINKERPOP-2374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17120799#comment-17120799 ]
ASF GitHub Bot commented on TINKERPOP-2374:
-------------------------------------------
javeme commented on pull request #1289:
URL: https://github.com/apache/tinkerpop/pull/1289#issuecomment-636665995
> Do you agree that this is still a problem even after the fix you proposed and can lead to a similar misconfigured pipeline?
@divijvaidya I don't think this is still a problem after the fix, and I'm not sure this will happen "both the requests would try to modify the same pipeline at the same time", did you actually encounter this problem?
AFAIK, Netty bind a channel and a thread for each TCP connection, the requests on this connection are executed serially, so there should not be multiple threads modifying a pipeline.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> SaslAndHttpBasicAuthenticationHandler can't extract authorization
> -----------------------------------------------------------------
>
> Key: TINKERPOP-2374
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2374
> Project: TinkerPop
> Issue Type: Bug
> Reporter: Jermy Li
> Priority: Major
>
> When we use the following configuration and keep http connection alive, some requests will fail to get authorization information during consecutive requests.
> {code:yaml}
> channelizer: org.apache.tinkerpop.gremlin.server.channel.WsAndHttpChannelizer
> authentication: {
> authenticationHandler: org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler,
> }
> {code}
>
> We expect the sequence in the pipeline to be:
> {code:java}
> (http-response-encoder = io.netty.handler.codec.http.HttpResponseEncoder),
> (authenticator = org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler),
> (http-authentication = org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler),
> (request-handler = org.apache.tinkerpop.gremlin.server.handler.HttpGremlinEndpointHandler),
> {code}
> authenticator -> {color:#ff0000}http-authentication{color} -> request-handler
> But sometimes its order becomes the following, so that user information cannot be obtained:
> {code:java}
> (http-response-encoder = io.netty.handler.codec.http.HttpResponseEncoder),
> (authenticator = org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler),
> (request-handler = org.apache.tinkerpop.gremlin.server.handler.HttpGremlinEndpointHandler),
> (http-authentication = org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler),
> {code}
> authenticator -> request-handler -> {color:#ff0000}http-authentication{color}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)