abhioncbr commented on PR #11501: URL: https://github.com/apache/pinot/pull/11501#issuecomment-1705797051
> Hi, thank you very much for this quick fix. I would suggest to add `WWW-Authenticate: Basic` in the response header in case of 401 to be fully complaint with Http 1.1 Maybe adding an ExceptionMapper like the one on pinot-controller would help...? > > https://github.com/apache/pinot/blob/master/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/WebApplicationExceptionMapper.java Thanks for the suggestion. I think we don't need the ExceptionMapper, just instead of throwing the [javax.ws.rs.WebApplicationException](https://docs.oracle.com/javaee/7/api/javax/ws/rs/WebApplicationException.html); we should throw the [javax.ws.rs.NotAuthorizedException](https://docs.oracle.com/javaee/7/api/javax/ws/rs/NotAuthorizedException.html). The `challenge` will be set as `WWW-Authenticate: <challenge>` in response header. However, my worry is hardcoding the value to `Basic`. @Jackie-Jiang is it okay to hardcode the value to `Basic`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
