chia7712 commented on code in PR #15280: URL: https://github.com/apache/kafka/pull/15280#discussion_r1511627095
########## clients/src/main/java/org/apache/kafka/common/security/scram/internals/ScramSaslServer.java: ########## @@ -143,7 +146,7 @@ public byte[] evaluateResponse(byte[] response) throws SaslException, SaslAuthen } catch (SaslException | AuthenticationException e) { throw e; } catch (Throwable e) { - throw new SaslException("Authentication failed: Credentials could not be obtained", e); + throw new SaslException("Authentication failed: Credentials could not be obtained" + (username == null ? "" : " for user " + Utils.sanitizeString(username, USERNAME_MAX_LEN)), e); Review Comment: why we handle null `username` here? the previous invocation of `Utils.sanitizeString` does not. ########## clients/src/main/java/org/apache/kafka/common/security/scram/internals/ScramSaslServer.java: ########## @@ -116,7 +118,7 @@ public byte[] evaluateResponse(byte[] response) throws SaslException, SaslAuthen credentialCallback = tokenCallback; callbackHandler.handle(new Callback[]{nameCallback, tokenCallback}); if (tokenCallback.tokenOwner() == null) - throw new SaslException("Token Authentication failed: Invalid tokenId : " + username); + throw new SaslException("Token Authentication failed: Invalid tokenId : " + Utils.sanitizeString(username, USERNAME_MAX_LEN)); Review Comment: How about "Token Authentication failed: Invalid tokenId from username " -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org