[jira] [Commented] (TINKERPOP-2374) SaslAndHttpBasicAuthenticationHandler can't extract authorization

Wed, 03 Jun 2020 20:28:26 -0700 


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17125508#comment-17125508
 ] 

ASF GitHub Bot commented on TINKERPOP-2374:
-------------------------------------------

divijvaidya commented on pull request #1289:
URL: https://github.com/apache/tinkerpop/pull/1289#issuecomment-638580287


   Yes, it seems like there is no direct way today to write tests to assert the 
order of handlers in the pipeline. We will work towards adding such tests in 
the future. Meanwhile, the code looks good to me. No remaining comments.
   
   VOTE +1


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> SaslAndHttpBasicAuthenticationHandler can't extract authorization
> -----------------------------------------------------------------
>
>                 Key: TINKERPOP-2374
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2374
>             Project: TinkerPop
>          Issue Type: Bug
>            Reporter: Jermy Li
>            Priority: Major
>
> When we use the following configuration and keep http connection alive, some 
> requests will fail to get authorization information during consecutive 
> requests.
> {code:yaml}
> channelizer: org.apache.tinkerpop.gremlin.server.channel.WsAndHttpChannelizer
> authentication: {
>   authenticationHandler: 
> org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler,
> }
> {code}
>  
> We expect the sequence in the pipeline to be:
> {code:java}
> (http-response-encoder = io.netty.handler.codec.http.HttpResponseEncoder), 
> (authenticator = 
> org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler),
>  
> (http-authentication = 
> org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler),
> (request-handler = 
> org.apache.tinkerpop.gremlin.server.handler.HttpGremlinEndpointHandler), 
> {code}
> authenticator -> {color:#ff0000}http-authentication{color} -> request-handler
> But sometimes its order becomes the following, so that user information 
> cannot be obtained:
> {code:java}
> (http-response-encoder = io.netty.handler.codec.http.HttpResponseEncoder), 
> (authenticator = 
> org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler),
>  
> (request-handler = 
> org.apache.tinkerpop.gremlin.server.handler.HttpGremlinEndpointHandler), 
> (http-authentication = 
> org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler),
> {code}
> authenticator -> request-handler -> {color:#ff0000}http-authentication{color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to