freesinger commented on PR #10818: URL: https://github.com/apache/gravitino/pull/10818#issuecomment-4280139957
@roryqi Thanks for the suggestion — I agree that returning a well-formed ErrorResponse JSON from the server side would be ideal when the 401/403 is generated by Gravitino itself. However, in practice we often see 401/403 coming from external components (auth gateways / reverse proxies / servlet filters) which may return an empty body or a non-JSON body. In those cases the client cannot rely on the server-side formatting, and today it may surface as a generic RESTException, losing the unauthorized/forbidden semantics. This PR aims to make the Java client robust and preserve 401/403 semantics even when the response body is missing/unparseable. We’d be happy to follow up with a separate server-side improvement to standardize 401/403 responses produced by Gravitino (if the community agrees), but we believe the client-side handling is still needed for compatibility and real-world deployments. If you have a preferred server-side place to standardize the 401/403 payload (e.g. specific auth filter / exception mapper), please point me to it and I can open a follow-up issue/PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
