The GitHub Actions job "License Binary Checker" on texera.git/main has failed. Run started by GitHub user bobbai00 (triggered by bobbai00).
Head commit for run: 6f9f0e355dfba403b5584d0a8703ff58f43b26e0 / Yicong Huang <[email protected]> fix(auth): JwtAuthFilter eager-401 with @PermitAll opt-out (#4903) ### What changes were proposed in this PR? Align the 4 microservices' `JwtAuthFilter` with amber's behavior: return `401` directly from the filter with an RFC 6750 `WWW-Authenticate: Bearer …` challenge, instead of silently passing through to Dropwizard's `@Auth` injection. `@PermitAll` (JSR-250) opts a resource out of the no-header `401`. An invalid token still fails — a tampered/stale token is never treated as anonymous. The only existing consumer is `DatasetResource.getDatasetCover` for anonymous public-dataset reads. ### Any related issues, documentation, discussions? Closes #4901. Out of scope: `RolesAllowedDynamicFeature` is registered only in amber. The 4 microservices' `@RolesAllowed` annotations are currently decorative; `workflow-compiling-service` registers no auth filter at all. Worth a separate issue. ### How was this PR tested? `Auth/test` covers `JwtAuthFilter` (header-missing / non-Bearer / invalid-token / valid-token; method- and class-level `@PermitAll`; resource-info-absent fallback) and `UnauthorizedExceptionMapper` (status, challenge passthrough, no entity body). Format / lint clean; all 4 microservices recompile. ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code Report URL: https://github.com/apache/texera/actions/runs/25627327452 With regards, GitHub Actions via GitBox
