You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/06/21 14:13:28 UTC

[GitHub] [pulsar] Anonymitaet commented on a diff in pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

Anonymitaet commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r902670626


##########
site2/docs/getting-started-helm.md:
##########
@@ -422,12 +428,12 @@ Then you can proceed with the following steps:
 
 3. In Pulsar Manager UI, you can create an environment. 
 
-   - Click `New Environment` button in the top-left corner.
+   - Click the `New Environment` button in the top-left corner.
    - Type `pulsar-mini` for the field `Environment Name` in the popup window.
    - Type `http://pulsar-mini-broker:8080` for the field `Service URL` in the popup window.
-   - Click `Confirm` button in the popup window.
+   - Click the `Confirm` button in the popup window.

Review Comment:
   ```suggestion
      - Click **Confirm** in the popup window.
   ```



##########
site2/docs/getting-started-standalone.md:
##########
@@ -257,15 +257,14 @@ If you have started Pulsar successfully, you will see `INFO`-level log messages
 
 :::tip
 
-* The service is running on your terminal, which is under your direct control. If you need to run other commands, open a new terminal window.  
+* The service is running on your terminal, which is under your direct control. If you need to run other commands, open a new terminal window. 
+* To run the service as a background process, you can use the `bin/pulsar-daemon start standalone` command. For more information, see [pulsar-daemon](/docs/en/reference-cli-tools/#pulsar-daemon).
+* To perform a health check, you can use the `bin/pulsar-admin brokers healthcheck` command. For more information, see [Pulsar-admin docs](/tools/pulsar-admin/).
+* When you start a local standalone cluster, a `public/default` [namespace](concepts-messaging.md#namespaces) is created automatically. The namespace is used for development purposes. All Pulsar topics are managed within namespaces. For more information, see [Topics](concepts-messaging.md#topics).
+* By default, there is no encryption, authentication, or authorization configured. Apache Pulsar can be accessed from a remote server without any authorization. Refer to [Security Overview](security-overview) document to secure your deployment. 

Review Comment:
   ```suggestion
   * To run the service as a background process, you can use the `bin/pulsar-daemon start standalone` command. For more information, see [pulsar-daemon](/docs/en/reference-cli-tools/#pulsar-daemon).
   * To perform a health check, you can use the `bin/pulsar-admin brokers healthcheck` command. For more information, see [Pulsar-admin docs](/tools/pulsar-admin/).
   * When you start a local standalone cluster, a `public/default` [namespace](concepts-messaging.md#namespaces) is created automatically. The namespace is used for development purposes. All Pulsar topics are managed within namespaces. For more information, see [Topics](concepts-messaging.md#topics).
   * By default, there is no encryption, authentication, or authorization configured. Apache Pulsar can be accessed from a remote server without any authorization. For more information, see [Security Overview](security-overview) document to secure your deployment. 
   ```
   keep consistent



##########
site2/docs/security-jwt.md:
##########
@@ -29,9 +29,11 @@ eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJKb2UifQ.ipevRNuRP6HflG8cFKnmUPtypruRC4fb1DWtoLL6
 
 Application specifies the token when you create the client instance. An alternative is to pass a "token supplier" (a function that returns the token when the client library needs one).
 
-> #### Always use TLS transport encryption
-> Sending a token is equivalent to sending a password over the wire. You had better use TLS encryption all the time when you connect to the Pulsar service. See
-> [Transport Encryption using TLS](security-tls-transport) for more details.
+:::note
+
+Always use TLS transport encryption when you connect to the Pulsar service, because sending a token is equivalent to sending a password over the wire. See [Transport Encryption using TLS](security-tls-transport) for more details.

Review Comment:
   ```suggestion
   Always use TLS transport encryption when you connect to the Pulsar service because sending a token is equivalent to sending a password over the wire. See [Transport Encryption using TLS](security-tls-transport) for more details.
   ```



##########
site2/docs/security-jwt.md:
##########
@@ -298,29 +293,31 @@ tokenSecretKey=file:///path/to/secret.key
 
 ```
 
-### Enable token authentication on Proxies
+:::note
+
+Equivalent to `brokerClientAuthenticationParameters`, you need to configure `authParams` in the `conf/client.conf` file. 
 
-To configure proxies to authenticate clients, add the following parameters to `proxy.conf`:
+:::
 
-The proxy uses its own token when connecting to brokers. You need to configure the role token for this key pair in the `proxyRoles` of the brokers. For more details, see the [authorization guide](security-authorization).
+### Enable token authentication on Proxies
+
+To configure proxies to authenticate clients, add the following parameters to the `conf/proxy.conf` file.
 
 ```properties
 
 # For clients connecting to the proxy
 authenticationEnabled=true
-authorizationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
 tokenSecretKey=file:///path/to/secret.key
 
 # For the proxy to connect to brokers
 brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
 brokerClientAuthenticationParameters={"token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw"}
-# Or, alternatively, read token from file
-# brokerClientAuthenticationParameters={"file":"///path/to/proxy-token.txt"}
-
-# Whether client authorization credentials are forwarded to the broker for re-authorization.
-# Authentication must be enabled via authenticationEnabled=true for this to take effect.
-forwardAuthorizationCredentials=true
+# Either configure the token string or specify to read it from a file. The following three available formats are all valid:
+# brokerClientAuthenticationParameters={"token":"your-token-string"}
+# brokerClientAuthenticationParameters=token:your-token-string
+# brokerClientAuthenticationParameters=file:///path/to/token
 
 ```
 
+The proxy uses its own token when connecting to brokers. You need to configure the role token for this key pair in the `proxyRoles` of the brokers. For more details, refer to [authorization](security-authorization).

Review Comment:
   ```suggestion
   The proxy uses its own token when connecting to brokers. You need to configure the role token for this key pair in the `proxyRoles` of the brokers. For more information, see [authorization](security-authorization).
   ```
   same as above



##########
site2/docs/getting-started-helm.md:
##########
@@ -422,12 +428,12 @@ Then you can proceed with the following steps:
 
 3. In Pulsar Manager UI, you can create an environment. 
 
-   - Click `New Environment` button in the top-left corner.
+   - Click the `New Environment` button in the top-left corner.

Review Comment:
   ```suggestion
      - Click **New Environment** in the upper-left corner.
   ```
   no `the` and bold: https://docs.google.com/document/d/1lc5j4RtuLIzlEYCBo97AC8-U_3Erzs_lxpkDuseU0n4/edit#bookmark=kix.m5ccxnsf33mu
   
   upper-left: https://docs.google.com/document/d/1lc5j4RtuLIzlEYCBo97AC8-U_3Erzs_lxpkDuseU0n4/edit#bookmark=id.9erkgdfwfyp4



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org