NVIDIA · yhwen · Apr 3, 2024 · Apr 3, 2024 · Apr 3, 2024
diff --git a/nvflare/private/fed/client/admin.py b/nvflare/private/fed/client/admin.py
@@ -125,39 +125,40 @@ def _dispatch_request(
                 try:
                     reply = None
 
-                    # see whether pre-authorization is needed
-                    authz_flag = req.get_header(RequestHeader.REQUIRE_AUTHZ)
-                    require_authz = authz_flag == "true"
-                    if require_authz:
-                        # authorize this command!
-                        cmd = req.get_header(RequestHeader.ADMIN_COMMAND, None)
-                        if cmd:
-                            user = Person(
-                                name=req.get_header(RequestHeader.USER_NAME, ""),
-                                org=req.get_header(RequestHeader.USER_ORG, ""),
-                                role=req.get_header(RequestHeader.USER_ROLE, ""),
-                            )
-                            submitter = Person(
-                                name=req.get_header(RequestHeader.SUBMITTER_NAME, ""),
-                                org=req.get_header(RequestHeader.SUBMITTER_ORG, ""),
-                                role=req.get_header(RequestHeader.SUBMITTER_ROLE, ""),
-                            )
-
-                            authz_ctx = AuthzContext(user=user, submitter=submitter, right=cmd)
-                            authorized, err = AuthorizationService.authorize(authz_ctx)
-                            if err:
-                                reply = error_reply(err)
-                            elif not authorized:
-                                reply = error_reply("not authorized")
-
-                            site_security = SiteSecurity()
-                            self._set_security_data(req, fl_ctx)
-                            authorized, messages = site_security.authorization_check(self.app_ctx, cmd, fl_ctx)
-                            if not authorized:
-                                reply = error_reply(messages)
+                    cmd = req.get_header(RequestHeader.ADMIN_COMMAND, None)
+                    if cmd:
+                        site_security = SiteSecurity()
+                        self._set_security_data(req, fl_ctx)
+                        authorized, messages = site_security.authorization_check(self.app_ctx, cmd, fl_ctx)
+                        if not authorized:
+                            reply = error_reply(messages)
 
-                        else:
-                            reply = error_reply("requires authz but missing admin command")
+                    if not reply:
+                        # see whether pre-authorization is needed
+                        authz_flag = req.get_header(RequestHeader.REQUIRE_AUTHZ)
+                        require_authz = authz_flag == "true"
+                        if require_authz:
+                            # authorize this command!
+                            if cmd:
+                                user = Person(
+                                    name=req.get_header(RequestHeader.USER_NAME, ""),
+                                    org=req.get_header(RequestHeader.USER_ORG, ""),
+                                    role=req.get_header(RequestHeader.USER_ROLE, ""),
+                                )
+                                submitter = Person(
+                                    name=req.get_header(RequestHeader.SUBMITTER_NAME, ""),
+                                    org=req.get_header(RequestHeader.SUBMITTER_ORG, ""),
+                                    role=req.get_header(RequestHeader.SUBMITTER_ROLE, ""),
+                                )
+
+                                authz_ctx = AuthzContext(user=user, submitter=submitter, right=cmd)
+                                authorized, err = AuthorizationService.authorize(authz_ctx)
+                                if err:
+                                    reply = error_reply(err)
+                                elif not authorized:
+                                    reply = error_reply("not authorized")
+                            else:
+                                reply = error_reply("requires authz but missing admin command")
 
                     if not reply:
                         reply = processor.process(req, self.app_ctx)

diff --git a/nvflare/private/fed/server/server_engine.py b/nvflare/private/fed/server/server_engine.py
@@ -760,7 +760,7 @@ def check_client_resources(self, job: Job, resource_reqs, fl_ctx: FLContext) ->
     def _make_message_for_check_resource(self, job, resource_requirements, fl_ctx):
         request = Message(topic=TrainingTopic.CHECK_RESOURCE, body=resource_requirements)
         request.set_header(RequestHeader.JOB_ID, job.job_id)
-        request.set_header(RequestHeader.REQUIRE_AUTHZ, "true")
+        request.set_header(RequestHeader.REQUIRE_AUTHZ, "false")
         request.set_header(RequestHeader.ADMIN_COMMAND, AdminCommandNames.CHECK_RESOURCES)
 
         set_message_security_data(request, job, fl_ctx)