httpproxy: fix the order for filter: AuthZ & AuthN (#5840)

Signed-off-by: gang.liu <[email protected]>
projectcontour · Nov 15, 2023 · 42ee2b4 · 42ee2b4
1 parent 9b4f666
commit 42ee2b4
Show file tree

Hide file tree

Showing 6 changed files with 390 additions and 1,270 deletions.
diff --git a/changelogs/unreleased/5840-izturn-minor.md b/changelogs/unreleased/5840-izturn-minor.md
@@ -0,0 +1,3 @@
+## JWT Authentication happens before External Authorization
+
+Fixes a bug where when the external authorization filter and JWT authentication filter were both configured, the external authorization filter was executed _before_ the JWT authentication filter.  Now, JWT authentication happens before external authorization when they are both configured.
diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go
@@ -815,9 +815,9 @@ func FilterExternalAuthz(externalAuthorization *dag.ExternalAuthorization) *http
 	}
 }
 
-// FilterJWTAuth returns a `jwt_authn` filter configured with the
+// FilterJWTAuthN returns a `jwt_authn` filter configured with the
 // requested parameters.
-func FilterJWTAuth(jwtProviders []dag.JWTProvider) *http.HttpFilter {
+func FilterJWTAuthN(jwtProviders []dag.JWTProvider) *http.HttpFilter {
 	if len(jwtProviders) == 0 {
 		return nil
 	}