diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java index 3b85d9b03e4e6..1a36c4405545b 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/web/AuthenticationFilter.java @@ -60,10 +60,15 @@ public void doFilter( try { doFilter = authenticationService.authenticateHttpRequest(httpRequest, httpResponse); } catch (Exception e) { - httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); if (e instanceof AuthenticationException) { - LOG.warn("[{}] Failed to authenticate HTTP request: {}", request.getRemoteAddr(), e.getMessage()); + String msg = e.getMessage(); + if (msg == null) { + msg = "Authentication required"; + } + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + LOG.warn("[{}] Failed to authenticate HTTP request: {}", request.getRemoteAddr(), msg); } else { + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); LOG.error("[{}] Error performing authentication for HTTP", request.getRemoteAddr(), e); } return; diff --git a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java new file mode 100644 index 0000000000000..744f4a1d18975 --- /dev/null +++ b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/web/AuthenticationFilterTest.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.pulsar.broker.web; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import javax.naming.AuthenticationException; +import javax.servlet.FilterChain; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.pulsar.broker.authentication.AuthenticationService; +import org.testng.annotations.Test; + +public class AuthenticationFilterTest { + + @Test + public void testDoFilterWithAuthenticationException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + String errorMsg = "Specific authentication error"; + doThrow(new AuthenticationException(errorMsg)) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, errorMsg); + } + + @Test + public void testDoFilterWithGenericException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + String errorMsg = "Some internal error"; + doThrow(new RuntimeException(errorMsg)) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); + } + + @Test + public void testDoFilterWithNullMessageGenericException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + doThrow(new RuntimeException()) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); + } + + @Test + public void testDoFilterWithNullMessageAuthenticationException() throws Exception { + AuthenticationService authenticationService = mock(AuthenticationService.class); + AuthenticationFilter filter = new AuthenticationFilter(authenticationService); + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain chain = mock(FilterChain.class); + + doThrow(new AuthenticationException(null)) + .when(authenticationService) + .authenticateHttpRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + + filter.doFilter(request, response, chain); + + verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); + } +}