Add comment and code tweak to Basic HTTP Authenticator (apache#6029)

medb · Jul 21, 2018 · 0590293 · 0590293
1 parent efab3b0
commit 0590293
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/...security/src/main/java/io/druid/security/basic/authentication/BasicHTTPAuthenticator.java b/...security/src/main/java/io/druid/security/basic/authentication/BasicHTTPAuthenticator.java
@@ -149,6 +149,7 @@ public void init(FilterConfig filterConfig)
 
     }
 
+
     @Override
     public void doFilter(
         ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain
@@ -163,9 +164,12 @@ public void doFilter(
         return;
       }
 
+      // At this point, encodedUserSecret is not null, indicating that the request intends to perform
+      // Basic HTTP authentication. If any errors occur with the authentication, we send a 401 response immediately
+      // and do not proceed further down the filter chain.
       String decodedUserSecret = BasicAuthUtils.decodeUserSecret(encodedUserSecret);
       if (decodedUserSecret == null) {
-        // we recognized a Basic auth header, but could not decode the user secret
+        // We recognized a Basic auth header, but could not decode the user secret.
         httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
         return;
       }
@@ -182,12 +186,10 @@ public void doFilter(
       if (checkCredentials(user, password)) {
         AuthenticationResult authenticationResult = new AuthenticationResult(user, authorizerName, name, null);
         servletRequest.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, authenticationResult);
+        filterChain.doFilter(servletRequest, servletResponse);
       } else {
         httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-        return;
       }
-
-      filterChain.doFilter(servletRequest, servletResponse);
     }
 
     @Override