[TINKERPOP-2374] SaslAndHttpBasicAuthenticationHandler can't extract authorization - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.7
Fix Version/s: 3.5.0, 3.4.8
Component/s: server
Labels:
None

Description

When we use the following configuration and keep http connection alive, some requests will fail to get authorization information during consecutive requests.

channelizer: org.apache.tinkerpop.gremlin.server.channel.WsAndHttpChannelizer
authentication: {
  authenticationHandler: org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler,
}

We expect the sequence in the pipeline to be:

(http-response-encoder = io.netty.handler.codec.http.HttpResponseEncoder), 
(authenticator = org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler), 
(http-authentication = org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler),
(request-handler = org.apache.tinkerpop.gremlin.server.handler.HttpGremlinEndpointHandler),

authenticator -> http-authentication -> request-handler

But sometimes its order becomes the following, so that user information cannot be obtained:

(http-response-encoder = io.netty.handler.codec.http.HttpResponseEncoder), 
(authenticator = org.apache.tinkerpop.gremlin.server.handler.SaslAndHttpBasicAuthenticationHandler), 
(request-handler = org.apache.tinkerpop.gremlin.server.handler.HttpGremlinEndpointHandler), 
(http-authentication = org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler),

authenticator -> request-handler -> http-authentication

Attachments

Activity

People

Assignee:

Divij Vaidya

Reporter:

Jermy Li

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

26/May/20 20:37

Updated:

15/Jun/20 19:49

Resolved:

15/Jun/20 19:49