tiny improve

apache · Mar 19, 2024 · 5817ccd · 5817ccd
1 parent 2e3325c
commit 5817ccd
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 26 deletions.
diff --git a/...h-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AccessLogFilter.java b/...h-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AccessLogFilter.java
@@ -122,7 +122,7 @@ public void filter(ContainerRequestContext requestContext,
 
         // Unset the context in "HugeAuthenticator", need distinguish Graph/Auth server lifecycle
         GraphManager manager = managerProvider.get();
-        // TODO transfer Authorizer if we need after.
+        // TODO: transfer Authorizer if we need after.
         if (manager.requireAuthentication()) {
             manager.unauthorize(requestContext.getSecurityContext());
         }

diff --git a/...ver/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/...ver/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
@@ -76,7 +76,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
             "versions",
             "openapi.json"
     );
-    // Remove auth/login API from white list
+    /** Remove auth/login API from whitelist */
     private static final Set<String> FLEXIBLE_WHITE_API_SET = ImmutableSet.of();
 
     private static Boolean enabledWhiteIpCheck;
@@ -107,7 +107,7 @@ protected User authenticate(ContainerRequestContext context) {
         E.checkState(manager != null, "Context GraphManager is absent");
 
         if (!manager.requireAuthentication()) {
-            // Return anonymous user with admin role if disable authentication
+            // Return anonymous user with an admin role if disable authentication
             return User.ANONYMOUS;
         }
 
@@ -135,38 +135,32 @@ protected User authenticate(ContainerRequestContext context) {
             boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus();
             if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled &&
                 !whiteIpList.contains(remoteIp)) {
-                throw new ForbiddenException(
-                        String.format("Remote ip '%s' is not permitted",
-                                      remoteIp));
+                throw new ForbiddenException(String.format("Remote ip '%s' is not permitted",
+                                                           remoteIp));
             }
         }
 
         Map<String, String> credentials = new HashMap<>();
         // Extract authentication credentials
         String auth = context.getHeaderString(HttpHeaders.AUTHORIZATION);
         if (auth == null) {
-            throw new NotAuthorizedException(
-                    "Authentication credentials are required",
-                    "Missing authentication credentials");
+            throw new NotAuthorizedException("Authentication credentials are required",
+                                             "Missing authentication credentials");
         }
 
         if (auth.startsWith(BASIC_AUTH_PREFIX)) {
             auth = auth.substring(BASIC_AUTH_PREFIX.length());
-            auth = new String(DatatypeConverter.parseBase64Binary(auth),
-                              Charsets.ASCII_CHARSET);
+            auth = new String(DatatypeConverter.parseBase64Binary(auth), Charsets.ASCII_CHARSET);
             String[] values = auth.split(":");
             if (values.length != 2) {
-                throw new BadRequestException(
-                        "Invalid syntax for username and password");
+                throw new BadRequestException("Invalid syntax for username and password");
             }
 
             final String username = values[0];
             final String password = values[1];
 
-            if (StringUtils.isEmpty(username) ||
-                StringUtils.isEmpty(password)) {
-                throw new BadRequestException(
-                        "Invalid syntax for username and password");
+            if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+                throw new BadRequestException("Invalid syntax for username and password");
             }
 
             credentials.put(HugeAuthenticator.KEY_USERNAME, username);
@@ -175,8 +169,7 @@ protected User authenticate(ContainerRequestContext context) {
             String token = auth.substring(BEARER_TOKEN_PREFIX.length());
             credentials.put(HugeAuthenticator.KEY_TOKEN, token);
         } else {
-            throw new BadRequestException(
-                    "Only HTTP Basic or Bearer authentication is supported");
+            throw new BadRequestException("Only HTTP Basic or Bearer authentication is supported");
         }
 
         credentials.put(HugeAuthenticator.KEY_ADDRESS, peer);
@@ -186,8 +179,7 @@ protected User authenticate(ContainerRequestContext context) {
         try {
             return manager.authenticate(credentials);
         } catch (AuthenticationException e) {
-            throw new NotAuthorizedException("Authentication failed",
-                                             e.getMessage());
+            throw new NotAuthorizedException("Authentication failed", e.getMessage());
         }
     }
 
@@ -251,7 +243,7 @@ private boolean matchPermission(String required) {
                 requiredPerm = RequiredPerm.fromPermission(required);
 
                 /*
-                 * Replace owner value(it may be a variable) if the permission
+                 * Replace owner value (it may be a variable) if the permission
                  * format like: "$owner=$graph $action=vertex_write"
                  */
                 String owner = requiredPerm.owner();

diff --git a/...graph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeAuthenticator.java b/...graph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeAuthenticator.java
@@ -107,7 +107,7 @@ default User authenticate(final Map<String, String> credentials)
         }
 
         HugeGraphAuthProxy.logUser(user, credentials.get(KEY_PATH));
-        // Set authentication context & unset in AccessLogFilter
+        // TODO: Ensure context lifecycle in GraphServer & AuthServer(#AccessLogFilter)
         HugeGraphAuthProxy.setContext(new Context(user));
 
         return user;

diff --git a/...raph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java b/...raph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java
@@ -1752,9 +1752,9 @@ public void apply(Traversal.Admin<?, ?> traversal) {
             }
 
             /*
-             * Verify gremlin-execute permission for user gremlin(in gremlin-
-             * server-exec worker) and gremlin job(in task worker).
-             * But don't check permission in rest worker, because the following
+             * Verify gremlin-execute permission for user gremlin (in gremlin-server-exec worker)
+             * and gremlin job(in task worker).
+             * But don't check permission in rest worker because the following
              * places need to call traversal():
              *  1.vertices/edges rest api
              *  2.oltp rest api (like crosspointpath/neighborrank)