From 0590293538ff00b94ec2e4aeb49646cb9a8220ec Mon Sep 17 00:00:00 2001
From: Jonathan Wei <jon-wei@users.noreply.github.com>
Date: Fri, 20 Jul 2018 20:35:14 -0700
Subject: [PATCH] Add comment and code tweak to Basic HTTP Authenticator
 (#6029)

---
 .../basic/authentication/BasicHTTPAuthenticator.java   | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/BasicHTTPAuthenticator.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/BasicHTTPAuthenticator.java
index 1a4d717125f..bdd0aabf9a8 100644
--- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/BasicHTTPAuthenticator.java
+++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/BasicHTTPAuthenticator.java
@@ -149,6 +149,7 @@ public class BasicHTTPAuthenticator implements Authenticator
 
     }
 
+
     @Override
     public void doFilter(
         ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain
@@ -163,9 +164,12 @@ public class BasicHTTPAuthenticator implements Authenticator
         return;
       }
 
+      // At this point, encodedUserSecret is not null, indicating that the request intends to perform
+      // Basic HTTP authentication. If any errors occur with the authentication, we send a 401 response immediately
+      // and do not proceed further down the filter chain.
       String decodedUserSecret = BasicAuthUtils.decodeUserSecret(encodedUserSecret);
       if (decodedUserSecret == null) {
-        // we recognized a Basic auth header, but could not decode the user secret
+        // We recognized a Basic auth header, but could not decode the user secret.
         httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
         return;
       }
@@ -182,12 +186,10 @@ public class BasicHTTPAuthenticator implements Authenticator
       if (checkCredentials(user, password)) {
         AuthenticationResult authenticationResult = new AuthenticationResult(user, authorizerName, name, null);
         servletRequest.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, authenticationResult);
+        filterChain.doFilter(servletRequest, servletResponse);
       } else {
         httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-        return;
       }
-
-      filterChain.doFilter(servletRequest, servletResponse);
     }
 
     @Override