[KYUUBI #2763] Expected error code for invalid basic/spnego authentication should be SC_FORBIDDEN

lightning-L · turboFei · commit 60d559eff5e8 · 2022-05-28T21:27:59.000+08:00
### _Why are the changes needed?_ To close #2763 ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #2771 from lightning-L/kyuubi-2763. Closes #2763 03300aa [Tianlin Liao] [KYUUBI #2763] expected error code for invalid basic/spnego authentication should be SC_FORBIDDEN Authored-by: Tianlin Liao <tiliao@ebay.com> Signed-off-by: Fei Wang <fwang12@ebay.com>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -18,13 +18,12 @@
 package org.apache.kyuubi.server.http.authentication
 
 import java.io.IOException
+import javax.security.sasl.AuthenticationException
 import javax.servlet.{Filter, FilterChain, FilterConfig, ServletException, ServletRequest, ServletResponse}
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 
 import scala.collection.mutable.HashMap
 
-import org.apache.hadoop.security.authentication.client.AuthenticationException
-
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.AUTHENTICATION_METHOD
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala
@@ -103,7 +103,7 @@ class KyuubiRestAuthenticationSuite extends RestFrontendTestHelper with Kerberiz
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .get()
 
-    assert(HttpServletResponse.SC_INTERNAL_SERVER_ERROR == response.getStatus)
+    assert(HttpServletResponse.SC_FORBIDDEN == response.getStatus)
   }
 
   test("test without authorization") {
@@ -135,7 +135,7 @@ class KyuubiRestAuthenticationSuite extends RestFrontendTestHelper with Kerberiz
       .header(AUTHORIZATION_HEADER, s"NEGOTIATE $encodeAuthorization")
       .get()
 
-    assert(HttpServletResponse.SC_INTERNAL_SERVER_ERROR == response.getStatus)
+    assert(HttpServletResponse.SC_FORBIDDEN == response.getStatus)
   }
 
   test("test with not supported auth scheme") {

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ class KyuubiRestAuthenticationSuite extends RestFrontendTestHelper with Kerberiz`
`103`	`103`	`.header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")`
`104`	`104`	`.get()`
`105`	`105`
`106`		`- assert(HttpServletResponse.SC_INTERNAL_SERVER_ERROR == response.getStatus)`
	`106`	`+ assert(HttpServletResponse.SC_FORBIDDEN == response.getStatus)`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`test("test without authorization") {`
`@@ -135,7 +135,7 @@ class KyuubiRestAuthenticationSuite extends RestFrontendTestHelper with Kerberiz`
`135`	`135`	`.header(AUTHORIZATION_HEADER, s"NEGOTIATE $encodeAuthorization")`
`136`	`136`	`.get()`
`137`	`137`
`138`		`- assert(HttpServletResponse.SC_INTERNAL_SERVER_ERROR == response.getStatus)`
	`138`	`+ assert(HttpServletResponse.SC_FORBIDDEN == response.getStatus)`
`139`	`139`	`}`
`140`	`140`
`141`	`141`	`test("test with not supported auth scheme") {`