Skip to content

Fix generation of credentialType(bearer) for non-priority bearer operations #6201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix generation of credentialType(bearer) for non-priority bearer operations #6201

wants to merge 3 commits into from
+44 −19

Conversation

alextwoods
Copy link
Contributor

@alextwoods alextwoods commented Jun 23, 2025
edited
Loading

Fix generation of credentialType(bearer) for non-priority bearer operations - .credentialType(TOKEN) should only ever be set when an operation supports bearer as its first priority auth type - it should not be set when bearer is supported but not prefered (eg @auth[sigv4, bearer]).

Motivation and Context

This fixes an edge case when using legacy (non-sra) signing override on services with mixed sigv4 and bearer support. When a legacy (old, non-sra) signer override is set on the client/request, this code path is triggered and the presence of the Bearer CredentialType causes the AuthorizationStrategyFactory to return bearer instead of sigv4.

Modifications

  • Updated the AuthUtils.isOpBearerAuth to isOpBearerAuthPreferred and ensure it returns true IFF (if and only if) the operation should use bearer auth as the first preferred auth scheme.

Testing

Add new test cases to cover.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@alextwoods alextwoods requested a review from a team as a code owner June 23, 2025 16:22
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@alextwoods alextwoods enabled auto-merge June 23, 2025 18:32
@alextwoods alextwoods added this pull request to the merge queue Jun 25, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jun 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagnir dagnir dagnir approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alextwoods @dagnir