You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/06/22 16:22:06 UTC
[pulsar] branch branch-2.7 updated: [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new aaa6ef5acc6 [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777)
aaa6ef5acc6 is described below
commit aaa6ef5acc6901865c2b31f9a5ab615e57e8d738
Author: Michael Marshall <mi...@datastax.com>
AuthorDate: Thu Sep 2 00:45:41 2021 -0500
[Authorization] AuthorizationService should use provider's canLookupAsync method (#11777)
---
.../broker/authorization/AuthorizationService.java | 44 ++++++----------------
.../authorization/PulsarAuthorizationProvider.java | 7 +---
2 files changed, 13 insertions(+), 38 deletions(-)
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
index 75c759f3193..ce287fa0735 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
@@ -289,41 +289,21 @@ public class AuthorizationService {
* @throws Exception
*/
public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String role,
- AuthenticationDataSource authenticationData) {
- CompletableFuture<Boolean> finalResult = new CompletableFuture<Boolean>();
- canProduceAsync(topicName, role, authenticationData).whenComplete((produceAuthorized, ex) -> {
- if (ex == null) {
- if (produceAuthorized) {
- finalResult.complete(produceAuthorized);
- return;
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug(
- "Topic [{}] Role [{}] exception occurred while trying to check Produce permissions. {}",
- topicName.toString(), role, ex.getMessage());
- }
- }
- canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> {
- if (e == null) {
- if (consumeAuthorized) {
- finalResult.complete(consumeAuthorized);
- return;
- }
+ AuthenticationDataSource authenticationData) {
+ if (!this.conf.isAuthorizationEnabled()) {
+ return CompletableFuture.completedFuture(true);
+ }
+ if (provider != null) {
+ return provider.isSuperUser(role, authenticationData, conf).thenComposeAsync(isSuperUser -> {
+ if (isSuperUser) {
+ return CompletableFuture.completedFuture(true);
} else {
- if (log.isDebugEnabled()) {
- log.debug(
- "Topic [{}] Role [{}] exception occurred while trying to check Consume permissions. {}",
- topicName.toString(), role, e.getMessage());
-
- }
- finalResult.completeExceptionally(e);
- return;
+ return provider.canLookupAsync(topicName, role, authenticationData);
}
- finalResult.complete(false);
});
- });
- return finalResult;
+ }
+
+ return FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured"));
}
public CompletableFuture<Boolean> allowFunctionOpsAsync(NamespaceName namespaceName, String role,
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index 26a4f6c0db0..7cdb89eecd8 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -197,10 +197,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider {
}
canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> {
if (e == null) {
- if (consumeAuthorized) {
- finalResult.complete(consumeAuthorized);
- return;
- }
+ finalResult.complete(consumeAuthorized);
} else {
if (log.isDebugEnabled()) {
log.debug(
@@ -209,9 +206,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider {
}
finalResult.completeExceptionally(e);
- return;
}
- finalResult.complete(false);
});
});
return finalResult;