[
https://issues.apache.org/jira/browse/CALCITE-1487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15652160#comment-15652160
]
Josh Elser commented on CALCITE-1487:
-------------------------------------
Relevant code snippets:
https://github.com/apache/calcite/blob/master/avatica/server/src/main/java/org/apache/calcite/avatica/server/AvaticaJsonHandler.java#L93-L97
https://github.com/apache/calcite/blob/master/avatica/server/src/main/java/org/apache/calcite/avatica/server/AvaticaProtobufHandler.java#L95-L99
> Avatica{Json,Protobuf}Handler inadvertently returns HTTP/404 after
> authentication failure
> -----------------------------------------------------------------------------------------
>
> Key: CALCITE-1487
> URL: https://issues.apache.org/jira/browse/CALCITE-1487
> Project: Calcite
> Issue Type: Bug
> Components: avatica
> Reporter: Josh Elser
> Labels: beginner
> Fix For: avatica-1.10.0
>
>
> I'm looking into a case where there are some authentication issues into an
> Avatica server. The SPNEGO handshake obviously failed via error in the
> server, but the client ultimately saw an HTTP/404 error which doesn't make
> sense (they should see a 401 or 403).
> I think I see why this happens. In the handlers, when the server is
> configured to require authenticated users and a user is not authenticated,
> the {{handle()}} method just returns.
> I believe the Handler implementation should set the Request as handled and
> set the appropriate response code. I believe the 404 is coming from the
> DefaultHandler (which has no html to serve for requests to "/").
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
