diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 5011fca94cf..1914e3be140 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -104,11 +104,7 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
 
   private def startInternal(): Unit = {
     val contextHandler = ApiRootResource.getServletHandler(this)
-    val holder = new FilterHolder(
-      new AuthenticationFilter(
-        conf,
-        conf.get(FRONTEND_REST_AUTHENTICATION_METHOD).map(AuthTypes.withName),
-        REST))
+    val holder = new FilterHolder(new AuthenticationFilter(conf, REST))
     contextHandler.addFilter(holder, "/v1/*", EnumSet.allOf(classOf[DispatcherType]))
     val authenticationFactory = new KyuubiHttpAuthenticationFactory(conf)
     server.addHandler(authenticationFactory.httpHandlerWrapperFactory.wrapHandler(contextHandler))
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/ThriftHttpServlet.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/ThriftHttpServlet.scala
index 769510455ee..91e1cc09cc6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/ThriftHttpServlet.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/ThriftHttpServlet.scala
@@ -57,11 +57,7 @@ class ThriftHttpServlet(
   private var isCookieSecure = false
   private var isHttpOnlyCookie = false
   private val X_FORWARDED_FOR_HEADER = "X-Forwarded-For"
-  private val authenticationFilter =
-    new AuthenticationFilter(
-      conf,
-      conf.get(AUTHENTICATION_METHOD).map(AuthTypes.withName),
-      THRIFT_HTTP)
+  private val authenticationFilter = new AuthenticationFilter(conf, THRIFT_HTTP)
 
   override def init(): Unit = {
     isCookieAuthEnabled = conf.get(KyuubiConf.FRONTEND_THRIFT_HTTP_COOKIE_AUTH_ENABLED)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index d484cefa3d6..b271cedf220 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -26,16 +26,13 @@ import scala.collection.mutable
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.FRONTEND_PROXY_HTTP_CLIENT_IP_HEADER
-import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.FrontendProtocol
+import org.apache.kyuubi.config.KyuubiConf.{AUTHENTICATION_METHOD, FRONTEND_PROXY_HTTP_CLIENT_IP_HEADER, FRONTEND_REST_AUTHENTICATION_METHOD}
+import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.{FrontendProtocol, REST}
 import org.apache.kyuubi.server.http.util.HttpAuthUtils.AUTHORIZATION_HEADER
 import org.apache.kyuubi.service.authentication.{AuthTypes, InternalSecurityAccessor}
 import org.apache.kyuubi.service.authentication.AuthTypes.{KERBEROS, NOSASL}
 
-class AuthenticationFilter(
-    conf: KyuubiConf,
-    authTypes: Seq[AuthTypes.Value],
-    protocol: FrontendProtocol) extends Filter
+class AuthenticationFilter(conf: KyuubiConf, protocol: FrontendProtocol) extends Filter
   with Logging {
   import AuthenticationFilter._
   import AuthSchemes._
@@ -60,6 +57,10 @@ class AuthenticationFilter(
   }
 
   private[kyuubi] def initAuthHandlers(): Unit = {
+    val authTypes = protocol match {
+      case REST => conf.get(FRONTEND_REST_AUTHENTICATION_METHOD).map(AuthTypes.withName)
+      case _ => conf.get(AUTHENTICATION_METHOD).map(AuthTypes.withName)
+    }
     val spnegoKerberosEnabled = authTypes.contains(KERBEROS)
     val basicAuthTypeOpt = {
       if (authTypes == Set(NOSASL)) {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/RestAuthenticationFilterSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/RestAuthenticationFilterSuite.scala
index 5a96d2108bb..f989be02435 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/RestAuthenticationFilterSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/RestAuthenticationFilterSuite.scala
@@ -19,18 +19,13 @@ package org.apache.kyuubi.server.http.authentication
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.AUTHENTICATION_METHOD
 import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.REST
 import org.apache.kyuubi.service.authentication.AuthTypes
 
 class RestAuthenticationFilterSuite extends KyuubiFunSuite {
   test("add auth handler and destroy") {
     val conf = KyuubiConf()
-    val filter =
-      new AuthenticationFilter(
-        conf,
-        conf.get(AUTHENTICATION_METHOD).map(AuthTypes.withName),
-        REST)
+    val filter = new AuthenticationFilter(conf, REST)
     filter.addAuthHandler(new BasicAuthenticationHandler(null, REST))
     assert(filter.authSchemeHandlers.isEmpty)
     filter.addAuthHandler(new BasicAuthenticationHandler(AuthTypes.LDAP, REST))
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/ThriftHttpAuthenticationFilterSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/ThriftHttpAuthenticationFilterSuite.scala
index 6dbe5f4d660..59a35a4d71c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/ThriftHttpAuthenticationFilterSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/ThriftHttpAuthenticationFilterSuite.scala
@@ -19,18 +19,13 @@ package org.apache.kyuubi.server.http.authentication
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.AUTHENTICATION_METHOD
 import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.THRIFT_HTTP
 import org.apache.kyuubi.service.authentication.AuthTypes
 
 class ThriftHttpAuthenticationFilterSuite extends KyuubiFunSuite {
   test("add auth handler and destroy") {
     val conf = KyuubiConf()
-    val filter =
-      new AuthenticationFilter(
-        conf,
-        conf.get(AUTHENTICATION_METHOD).map(AuthTypes.withName),
-        THRIFT_HTTP)
+    val filter = new AuthenticationFilter(conf, THRIFT_HTTP)
     filter.addAuthHandler(new BasicAuthenticationHandler(null, THRIFT_HTTP))
     assert(filter.authSchemeHandlers.isEmpty)
     filter.addAuthHandler(new BasicAuthenticationHandler(AuthTypes.LDAP, THRIFT_HTTP))