chore(server): clear context after req done #2470
Conversation
# Conflicts: # hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java
dosubot
bot
added
size:XS
...raph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AccessLogFilter.java
Outdated
Show resolved
Hide resolved
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeAuthenticator.java
Outdated
Show resolved
Hide resolved
dosubot
bot
added
size:M
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2470 +/- ##
============================================
- Coverage 66.34% 66.25% -0.09%
+ Complexity 829 827 -2
============================================
Files 511 511
Lines 42624 42631 +7
Branches 5947 5948 +1
============================================
- Hits 28278 28246 -32
- Misses 11541 11563 +22
- Partials 2805 2822 +17 ☔ View full report in Codecov by Sentry. |
...server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
Outdated
Show resolved
Hide resolved
|
|
||
| RestClient arthasApiClientWithAuth = new RestClient(ARTHAS_API_BASE_URL); | ||
| r = arthasApiClientWithAuth.post(ARTHAS_API_PATH, body); | ||
| assertResponseStatus(401, r); |
There was a problem hiding this comment.
prefer to add some negative test cases
...server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
Outdated
Show resolved
Hide resolved
| "versions", | ||
| "openapi.json" | ||
| ); | ||
| private static final AntPathMatcher MATCHER = new AntPathMatcher(); | ||
| // Remove auth/login API from white list |
There was a problem hiding this comment.
we need to make sure the login api is accessible, it's used to get a user token.
and also update the comment after checked.
There was a problem hiding this comment.
we need to make sure the login api is accessible, it's used to get a user token. and also update the comment after checked.
@javeme Some context for the modification:
- When we
unset-contextin AccessLogFilter, the CI will fail inloginwhen(login) whiteList exist (refer CI link)
- follow the
loginAPI input param & the validate logic
loginis only used for hubble, and if we need set whitelist forlogin.jsp(to make user visit it without auth) , seems we should set it inhubblerather than set it inGraph/AuthServer-> AuthFilter, and after we remove theloginAPI from the whitelist, the login is fine now
There was a problem hiding this comment.
Because the login method itself will authenticate the user, there is no need to authenticate twice. Of course, it seems there is no problem when authenticating twice.
There was a problem hiding this comment.
- the CI will fail in
loginwhen(login) whiteList exist (refer CI link)
@javeme Yes, but after we fix the TLS leak, the login/tests can't run well if we only check auth once in LoginAPI, and we'll dig it out the reason, cc @SunnyBoy-WYH mark it as a TODO issue
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java
Outdated
Show resolved
Hide resolved
...raph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AccessLogFilter.java
Outdated
Show resolved
Hide resolved
dosubot
bot
added
size:L
hugegraph-server/hugegraph-test/src/main/java/org/apache/hugegraph/api/ArthasApiTest.java
Show resolved
Hide resolved
hugegraph-server/hugegraph-test/src/main/java/org/apache/hugegraph/api/ArthasApiTest.java
Outdated
Show resolved
Hide resolved
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/ConfigAuthenticator.java
Outdated
Show resolved
Hide resolved
...server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
Outdated
Show resolved
Hide resolved
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeAuthenticator.java
Outdated
Show resolved
Hide resolved
...raph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AccessLogFilter.java
Outdated
Show resolved
Hide resolved
| "versions", | ||
| "openapi.json" | ||
| ); | ||
| private static final AntPathMatcher MATCHER = new AntPathMatcher(); | ||
| // Remove auth/login API from white list |
There was a problem hiding this comment.
Because the login method itself will authenticate the user, there is no need to authenticate twice. Of course, it seems there is no problem when authenticating twice.
VGalaxies
changed the title
Co-authored-by: vaughn.zhang <vaughn.zhang@zoom.us> Co-authored-by: imbajin <jin@apache.org>
| @@ -107,7 +107,7 @@ default User authenticate(final Map<String, String> credentials) | |||
| } | |||
|
|
|||
| HugeGraphAuthProxy.logUser(user, credentials.get(KEY_PATH)); | |||
| // Set authentication context & unset in AccessLogFilter | |||
| // TODO: Ensure context lifecycle in GraphServer & AuthServer(#AccessLogFilter) | |||
There was a problem hiding this comment.
don't need TODO mark anymore since it's done
| @@ -76,7 +76,7 @@ public class AuthenticationFilter implements ContainerRequestFilter { | |||
| "versions", | |||
| "openapi.json" | |||
| ); | |||
| // Remove auth/login API from white list | |||
| /** Remove auth/login API from whitelist */ | |||
| @@ -122,7 +122,7 @@ public void filter(ContainerRequestContext requestContext, | |||
|
|
|||
| // Unset the context in "HugeAuthenticator", need distinguish Graph/Auth server lifecycle | |||
| GraphManager manager = managerProvider.get(); | |||
| // TODO transfer Authorizer if we need after. | |||
| // TODO: transfer Authorizer if we need after. | |||
There was a problem hiding this comment.
don't need TODO mark anymore since it's done
Note
complete the history todo