In HTTP authentication, throw exception from provider if there is one. (

apache#7100) Co-authored-by: Chris Kellogg <ckellogg@splunk.com>
hrsakai · May 29, 2020 · 09fc647 · 09fc647
1 parent c281d95
commit 09fc647
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/...r-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationService.java b/...r-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationService.java
@@ -84,12 +84,14 @@ public String authenticate(AuthenticationDataSource authData, String authMethodN
 
     public String authenticateHttpRequest(HttpServletRequest request) throws AuthenticationException {
         // Try to validate with any configured provider
+        AuthenticationException authenticationException = null;
         AuthenticationDataSource authData = new AuthenticationDataHttps(request);
         for (AuthenticationProvider provider : providers.values()) {
             try {
                 return provider.authenticate(authData);
             } catch (AuthenticationException e) {
-                // Ignore the exception because we don't know which authentication method is expected here.
+                // Store the exception so we can throw it later instead of a generic one
+                authenticationException = e;
             }
         }
 
@@ -99,7 +101,11 @@ public String authenticateHttpRequest(HttpServletRequest request) throws Authent
                 return anonymousUserRole;
             }
             // If at least a provider was configured, then the authentication needs to be provider
-            throw new AuthenticationException("Authentication required");
+            if (authenticationException != null) {
+                throw authenticationException;
+            } else {
+                throw new AuthenticationException("Authentication required");
+            }
         } else {
             // No authentication required
             return "<none>";