You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/06/22 16:22:15 UTC
[pulsar] branch branch-2.8 updated: [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch branch-2.8
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.8 by this push:
new 32f7340a5b4 [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777)
32f7340a5b4 is described below
commit 32f7340a5b425d957c3f7965919dec155a815cfd
Author: Michael Marshall <mi...@datastax.com>
AuthorDate: Thu Sep 2 00:45:41 2021 -0500
[Authorization] AuthorizationService should use provider's canLookupAsync method (#11777)
---
.../broker/authorization/AuthorizationService.java | 41 ++++++----------------
.../authorization/PulsarAuthorizationProvider.java | 7 +---
2 files changed, 11 insertions(+), 37 deletions(-)
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
index 4c4963a68ba..26d04776e5d 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
@@ -292,40 +292,19 @@ public class AuthorizationService {
*/
public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String role,
AuthenticationDataSource authenticationData) {
- CompletableFuture<Boolean> finalResult = new CompletableFuture<Boolean>();
- canProduceAsync(topicName, role, authenticationData).whenComplete((produceAuthorized, ex) -> {
- if (ex == null) {
- if (produceAuthorized) {
- finalResult.complete(produceAuthorized);
- return;
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug(
- "Topic [{}] Role [{}] exception occurred while trying to check Produce permissions. {}",
- topicName.toString(), role, ex.getMessage());
- }
- }
- canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> {
- if (e == null) {
- if (consumeAuthorized) {
- finalResult.complete(consumeAuthorized);
- return;
- }
+ if (!this.conf.isAuthorizationEnabled()) {
+ return CompletableFuture.completedFuture(true);
+ }
+ if (provider != null) {
+ return provider.isSuperUser(role, authenticationData, conf).thenComposeAsync(isSuperUser -> {
+ if (isSuperUser) {
+ return CompletableFuture.completedFuture(true);
} else {
- if (log.isDebugEnabled()) {
- log.debug(
- "Topic [{}] Role [{}] exception occurred while trying to check Consume permissions. {}",
- topicName.toString(), role, e.getMessage());
-
- }
- finalResult.completeExceptionally(e);
- return;
+ return provider.canLookupAsync(topicName, role, authenticationData);
}
- finalResult.complete(false);
});
- });
- return finalResult;
+ }
+ return FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured"));
}
public CompletableFuture<Boolean> allowFunctionOpsAsync(NamespaceName namespaceName, String role,
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index d0af3aa448b..b5ebf962ba1 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -200,10 +200,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider {
}
canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> {
if (e == null) {
- if (consumeAuthorized) {
- finalResult.complete(consumeAuthorized);
- return;
- }
+ finalResult.complete(consumeAuthorized);
} else {
if (log.isDebugEnabled()) {
log.debug(
@@ -212,9 +209,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider {
}
finalResult.completeExceptionally(e);
- return;
}
- finalResult.complete(false);
});
});
return finalResult;