You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/03/19 01:34:45 UTC
[GitHub] [pulsar] Technoboy- commented on a change in pull request #14747: [cleanup][broker]: Refactor PulsarAuthorizationProvider.

Technoboy- commented on a change in pull request #14747:
URL: https://github.com/apache/pulsar/pull/14747#discussion_r830423195



##########
File path: pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
##########
@@ -106,63 +104,41 @@ public void initialize(ServiceConfiguration conf, PulsarResources pulsarResource
     @Override
     public CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String role,
             AuthenticationDataSource authenticationData, String subscription) {
-        CompletableFuture<Boolean> permissionFuture = new CompletableFuture<>();
-        try {
-            pulsarResources.getNamespaceResources().getPoliciesAsync(topicName.getNamespaceObject())
-                    .thenAccept(policies -> {
-                if (!policies.isPresent()) {
-                    if (log.isDebugEnabled()) {
-                        log.debug("Policies node couldn't be found for topic : {}", topicName);
-                    }
-                } else {
-                    if (isNotBlank(subscription)) {
-                        // validate if role is authorize to access subscription. (skip validatation if authorization
-                        // list is empty)
-                        Set<String> roles = policies.get().auth_policies
-                                .getSubscriptionAuthentication().get(subscription);
-                        if (roles != null && !roles.isEmpty() && !roles.contains(role)) {
-                            log.warn("[{}] is not authorized to subscribe on {}-{}", role, topicName, subscription);
-                            permissionFuture.complete(false);
-                            return;
+        return pulsarResources.getNamespaceResources().getPoliciesAsync(topicName.getNamespaceObject())
+                .thenCompose(policies -> {
+                    if (!policies.isPresent()) {
+                        if (log.isDebugEnabled()) {
+                            log.debug("Policies node couldn't be found for topic : {}", topicName);
                         }
+                    } else {
+                        if (isNotBlank(subscription)) {
+                            // validate if role is authorize to access subscription. (skip validatation if authorization
+                            // list is empty)
+                            Set<String> roles = policies.get().auth_policies

Review comment:
       Hi @eolivelli , I re-check the code, and field `auth_policies ` is `final`.
   ```
   public final AuthPolicies auth_policies = AuthPolicies.builder().build();
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org