dimas-b commented on code in PR #765: URL: https://github.com/apache/polaris/pull/765#discussion_r1916911244
########## service/common/src/main/java/org/apache/polaris/service/ratelimiter/RateLimiterFilter.java: ########## @@ -29,6 +33,9 @@ /** Request filter that returns a 429 Too Many Requests if the rate limiter says so */ @Provider +@PreMatching +@Priority(Priorities.USER) Review Comment: Good point. Still, if the authenticator is merely validating access tokens, that should be fine, I guess... With JWT, the validation effort is not much higher than the effort to keep track of the request rate, I guess. That said, I think it would be worth moving the loading of principal information out the the authentication code and do that after all request checks are performed (including the rate limit filter). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
