You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/06/30 04:16:56 UTC
[pulsar] branch master updated: [fix][broker] Improve error msg when client is unauthorized (#16224)
This is an automated email from the ASF dual-hosted git repository.
mmarshall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new d7df54d0983 [fix][broker] Improve error msg when client is unauthorized (#16224)
d7df54d0983 is described below
commit d7df54d0983b0b0ee65cebdab091d699fc57d059
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Wed Jun 29 23:16:48 2022 -0500
[fix][broker] Improve error msg when client is unauthorized (#16224)
### Motivation
When a client attempts to perform certain actions using the pulsar protocol but is unauthorized, it gets an error that references the proxy, even when the proxy is not in use. This PR improves the clarity of the error message returned to the client.
Sample error from a client that targeted the broker directly:
> Caused by: org.apache.pulsar.client.api.PulsarClientException$AuthorizationException: {"errorMsg":"Proxy Client is not authorized to Get Partition Metadata","reqId":2752438136626111826, "remote":"broker.pulsar.com/10.53.129.179:6650", "local":"/10.233.82.53:63618"}
at org.apache.pulsar.client.api.PulsarClientException.unwrap(PulsarClientException.java:1026)
at org.apache.pulsar.client.impl.ProducerBuilderImpl.create(ProducerBuilderImpl.java:88)
### Modifications
* Remove `Proxy` from error messages that are due to insufficient permissions and not due to Proxy misconfiguration.
### Verifying this change
This is a trivial change.
### Does this pull request potentially affect one of the following parts:
This is not a breaking change in any way other than changing the message returned to the client.
### Documentation
- [x] `doc-not-needed`
---
.../src/main/java/org/apache/pulsar/broker/service/ServerCnx.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
index 07cf63d679f..4f8763330d3 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
@@ -472,7 +472,7 @@ public class ServerCnx extends PulsarHandler implements TransportCnx {
return null;
});
} else {
- final String msg = "Proxy Client is not authorized to Lookup";
+ final String msg = "Client is not authorized to Lookup";
log.warn("[{}] {} with role {} on topic {}", remoteAddress, msg, getPrincipal(), topicName);
ctx.writeAndFlush(newLookupErrorResponse(ServerError.AuthorizationError, msg, requestId));
lookupSemaphore.release();
@@ -545,7 +545,7 @@ public class ServerCnx extends PulsarHandler implements TransportCnx {
return null;
});
} else {
- final String msg = "Proxy Client is not authorized to Get Partition Metadata";
+ final String msg = "Client is not authorized to Get Partition Metadata";
log.warn("[{}] {} with role {} on topic {}", remoteAddress, msg, getPrincipal(), topicName);
ctx.writeAndFlush(
Commands.newPartitionMetadataResponse(ServerError.AuthorizationError, msg, requestId));
@@ -2036,7 +2036,7 @@ public class ServerCnx extends PulsarHandler implements TransportCnx {
return null;
});
} else {
- final String msg = "Proxy Client is not authorized to GetTopicsOfNamespace";
+ final String msg = "Client is not authorized to GetTopicsOfNamespace";
log.warn("[{}] {} with role {} on namespace {}", remoteAddress, msg, getPrincipal(), namespaceName);
commandSender.sendErrorResponse(requestId, ServerError.AuthorizationError, msg);
lookupSemaphore.release();