[AMORO-3873][FOLLOWUP] Rename rest auth bearer type to JWT (#3953)

Author: turboFei

amoro-ams/src/main/java/org/apache/amoro/server/AmoroManagementConf.java

@@ -275,8 +275,7 @@ public class AmoroManagementConf {
       ConfigOptions.key("http-server.rest-auth-type")
           .stringType()
           .defaultValue("token")
-          .withDescription(
-              "The authentication used by REST APIs, token (default), basic or bearer.");
+          .withDescription("The authentication used by REST APIs, token (default), basic or jwt.");
 
   public static final ConfigOption<Duration> HTTP_SERVER_SESSION_TIMEOUT =
       ConfigOptions.key("http-server.session-timeout")
@@ -292,12 +291,12 @@ public class AmoroManagementConf {
               "User-defined password authentication implementation of"
                   + " org.apache.amoro.authentication.PasswdAuthenticationProvider");
 
-  public static final ConfigOption<String> HTTP_SERVER_AUTH_BEARER_PROVIDER =
-      ConfigOptions.key("http-server.auth-bearer-provider")
+  public static final ConfigOption<String> HTTP_SERVER_AUTH_JWT_PROVIDER =
+      ConfigOptions.key("http-server.auth-jwt-provider")
           .stringType()
           .noDefaultValue()
           .withDescription(
-              "User-defined Bearer token such as JWT (JSON Web Token) authentication implementation"
+              "User-defined JWT (JSON Web Token) authentication implementation"
                   + " of org.apache.amoro.authentication.TokenAuthenticationProvider");
 
   public static final ConfigOption<String> HTTP_SERVER_PROXY_CLIENT_IP_HEADER =

amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java

@@ -74,7 +74,7 @@ public class DashboardServer {
   public static final Logger LOG = LoggerFactory.getLogger(DashboardServer.class);
 
   private static final String AUTH_TYPE_BASIC = "basic";
-  private static final String AUTH_TYPE_BEARER = "bearer";
+  private static final String AUTH_TYPE_JWT = "jwt";
   private static final String X_REQUEST_SOURCE_HEADER = "X-Request-Source";
   private static final String X_REQUEST_SOURCE_WEB = "Web";
   private final CatalogController catalogController;
@@ -91,7 +91,7 @@ public class DashboardServer {
   private final ApiTokenController apiTokenController;
 
   private final PasswdAuthenticationProvider basicAuthProvider;
-  private final TokenAuthenticationProvider bearerAuthProvider;
+  private final TokenAuthenticationProvider jwtAuthProvider;
   private final String proxyClientIpHeader;
 
   public DashboardServer(
@@ -126,11 +126,10 @@ public DashboardServer(
                 serviceConfig.get(AmoroManagementConf.HTTP_SERVER_AUTH_BASIC_PROVIDER),
                 serviceConfig)
             : null;
-    this.bearerAuthProvider =
-        AUTH_TYPE_BEARER.equalsIgnoreCase(authType)
+    this.jwtAuthProvider =
+        AUTH_TYPE_JWT.equalsIgnoreCase(authType)
             ? HttpAuthenticationFactory.getBearerAuthenticationProvider(
-                serviceConfig.get(AmoroManagementConf.HTTP_SERVER_AUTH_BEARER_PROVIDER),
-                serviceConfig)
+                serviceConfig.get(AmoroManagementConf.HTTP_SERVER_AUTH_JWT_PROVIDER), serviceConfig)
             : null;
     this.proxyClientIpHeader =
         serviceConfig.get(AmoroManagementConf.HTTP_SERVER_PROXY_CLIENT_IP_HEADER);
@@ -410,15 +409,15 @@ public void preHandleRequest(Context ctx) {
       }
       return;
     }
-    if (null != basicAuthProvider || null != bearerAuthProvider) {
+    if (null != basicAuthProvider || null != jwtAuthProvider) {
       Principal authPrincipal;
       if (null != basicAuthProvider) {
         authPrincipal =
             basicAuthProvider.authenticate(
                 HttpAuthenticationFactory.getPasswordCredential(ctx, proxyClientIpHeader));
       } else {
         authPrincipal =
-            bearerAuthProvider.authenticate(
+            jwtAuthProvider.authenticate(
                 HttpAuthenticationFactory.getBearerTokenCredential(ctx, proxyClientIpHeader));
       }
       LOG.info(

amoro-common/src/main/java/org/apache/amoro/authentication/TokenAuthenticationProvider.java

@@ -24,12 +24,11 @@
 
 public interface TokenAuthenticationProvider {
   /**
-   * TokenAuthenticationProvider is used by the Amoro server authentication layer to validate Bearer
-   * tokens, such as JWT (JSON Web Token), provided in client requests. If the token is invalid,
-   * expired, or fails signature verification, a {@link SignatureCheckException} should be thrown to
-   * deny access.
+   * TokenAuthenticationProvider is used by the Amoro server authentication layer to validate JSON
+   * Web Token (JWT) provided in client requests. If the token is invalid, expired, or fails
+   * signature verification, a {@link SignatureCheckException} should be thrown to deny access.
    *
-   * @param credential The Bearer token credential (e.g., JWT) received in the connection request
+   * @param credential The JSON Web Token credential received in the connection request
    * @return The {@link Principal} associated with the authenticated token
    * @throws SignatureCheckException If the token is invalid, expired, or fails verification
    */

docs/admin-guides/deployment.md

@@ -75,9 +75,9 @@ If you want to use AMS in a production environment, it is recommended to modify
 - The `ams.thrift-server.table-service.bind-port` configuration specifies the binding port of the Thrift Server that provides the table service. The compute engines access AMS through this port, and the default value is 1260.
 - The `ams.thrift-server.optimizing-service.bind-port` configuration specifies the binding port of the Thrift Server that provides the optimizing service. The optimizers access AMS through this port, and the default value is 1261.
 - The `ams.http-server.bind-port` configuration specifies the port to which the HTTP service is bound. The Dashboard and Open API are bound to this port, and the default value is 1630.
-- The `ams.http-server.rest-auth-type` configuration specifies the REST API auth type, which could be token(default), basic or bearer.
+- The `ams.http-server.rest-auth-type` configuration specifies the REST API auth type, which could be token(default), basic or jwt (JSON Web Token).
 - The `ams.http-server.auth-basic-provider` configuration specifies the REST API basic authentication provider. By default, it uses `ams.admin-username` and `ams.admin-password` for authentication. You can also specify a custom implementation by providing the fully qualified class name of a class that implements the `org.apache.amoro.authentication.PasswdAuthenticationProvider` interface.
-- The `ams.http-server.auth-bearer-provider` configuration specifies the REST API Bearer token authentication provider. Set this to the fully qualified class name of your custom provider implementing the `org.apache.amoro.authentication.TokenAuthenticationProvider` interface. This is required when `ams.http-server.rest-auth-type` is set to `bearer`.
+- The `ams.http-server.auth-jwt-provider` configuration specifies the REST API JWT authentication provider. Set this to the fully qualified class name of your custom provider implementing the `org.apache.amoro.authentication.TokenAuthenticationProvider` interface. This is required when `ams.http-server.rest-auth-type` is set to `jwt`.
 - The `ams.http-server.proxy-client-ip-header` configuration specifies the HTTP header to use for extracting the real client IP address when AMS is deployed behind a reverse proxy (such as Nginx or a load balancer). Common values include `X-Forwarded-For` or `X-Real-IP`. If not set, AMS will use the remote address from the connection.
 
 ```yaml