You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/07/30 07:26:24 UTC
[GitHub] [pulsar] Joshhw opened a new issue #7693: AuthorizationService' canLookup method forgets authenticationData on canConsumeAsync call.
Joshhw opened a new issue #7693:
URL: https://github.com/apache/pulsar/issues/7693
**Describe the bug**
When pulsar's `AuthorizationService` `canLookUpAsync` is called the method tries to check a clients produce and consume capabilities it forgets to pass along the [authenticationData](https://github.com/apache/pulsar/blob/77dccd2824699c9be96f518a8a1079df51612c8e/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java#L307). which proceeds to check superUser status. If you don't have a null check in your AuthorizationProvider for the authenticationData your CompletableFuture<Boolean> might not return properly and will throw exceptions.
**To Reproduce**
Steps to reproduce the behavior:
1. Create a custom AuthorizationProvider class
2. Assume the `AuthenticationDataSource` object passed into many of the methods won't be null
3. try to consume without proper permission
4. watch a TimedOutException be thrown.
**Expected behavior**
I expect the `authenticationData` to be passed along to the method.
**Additional context**
I noticed the subscription value is not passed along as well although I'm not sure where that would come from in this situation. the `TopicName` class doesn't seem to contain it and thus if you're expecting to verify a subscription value then this will also throw a wrench into the problem.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jiazhai closed issue #7693: AuthorizationService' canLookup method forgets authenticationData on canConsumeAsync call.
Posted by GitBox <gi...@apache.org>.
jiazhai closed issue #7693:
URL: https://github.com/apache/pulsar/issues/7693
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org