smolnar82 commented on code in PR #1219:
URL: https://github.com/apache/knox/pull/1219#discussion_r3190944769
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -361,12 +361,15 @@ private Pair<TokenType, String>
parseFromHTTPBasicCredentials(final String heade
String passcode = values[1].isEmpty() ? null : values[1];
if (TOKEN.equalsIgnoreCase(username) ||
PASSCODE.equalsIgnoreCase(username)) {
parsed = Pair.of(TOKEN.equalsIgnoreCase(username) ? TokenType.JWT :
TokenType.Passcode, passcode);
- } else if (request != null &&
CLIENT_CREDENTIALS.equals(request.getParameter(GRANT_TYPE))) {
- // Allow client_credentials flow where client_id/client_secret are
provided via HTTP Basic
- if (passcode != null) {
- validateClientID(username, passcode);
- parsed = Pair.of(TokenType.Passcode, passcode);
- }
+ } else if (request != null) {
+ HttpServletRequest unwrappedRequest =
ServletRequestUtils.unwrapHttpServletRequest(request);
Review Comment:
As indicated offline, the reason for the wrapping was added in #719 by
@zeroflag a couple years ago.
I do agree with the proposal of having clear method names, and I still think
that having a utility method is a good idea.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
