You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/07/31 15:32:49 UTC

[GitHub] [pulsar] vzhikserg opened a new issue #7711: Broker doesn't use the original role to check if a client is allowed to consume or produce

vzhikserg opened a new issue #7711:
URL: https://github.com/apache/pulsar/issues/7711


   **Describe the bug**
   
   In the case when the [proxy roles](https://pulsar.apache.org/docs/en/security-authorization/#proxy-roles) are used to enable authentication between proxy and broker components, the **broker uses the proxy role instead of the original role** to check if it is allowed to consume or produce data from a topic. If the proxy role has more rights (consume and produce), then a client will be able to do both of these operations even if the original role says "only consume" or "only produce".
   
   A clear and concise description of what the bug is.
   
   **To Reproduce**
   Steps to reproduce the behavior:
   1. Enable the proxy role
   2. Allow the proxy role to consume and produce
   3. Allow the test role to consume
   4. Start producing messages with the test role
   5. Messages are successfully published
   
   **Expected behavior**
   Some kind of exception is expected - not allowed operation.
   
   **Screenshots**
   If applicable, add screenshots to help explain your problem.
   
   **Desktop (please complete the following information):**
    - OS: [e.g. iOS]
   
   **Additional context**
   Add any other context about the problem here.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codelipenghui closed issue #7711: Broker doesn't use the original role to check if a client is allowed to consume or produce

Posted by GitBox <gi...@apache.org>.
codelipenghui closed issue #7711:
URL: https://github.com/apache/pulsar/issues/7711


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org