You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2023/02/17 04:53:39 UTC
[pulsar] 01/02: [fix][broker] Call originalAuthState.authenticate in ServerCnx
This is an automated email from the ASF dual-hosted git repository.
mmarshall pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit f9727ca7c18628d03362783a8feb8ce73bc67d07
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Thu Feb 16 22:37:16 2023 -0600
[fix][broker] Call originalAuthState.authenticate in ServerCnx
This change was introduced by https://github.com/apache/pulsar/pull/19295.
That PR had more changes than are worth cherry-picking, though, so this
commit only has the additional call to authenticate the original auth data.
As a result, this commit is slightly less efficient because in some
implementations, the authdata will be validated twice.
---
.../src/main/java/org/apache/pulsar/broker/service/ServerCnx.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
index 74079620ca8..7bf602f185a 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
@@ -917,10 +917,12 @@ public class ServerCnx extends PulsarHandler implements TransportCnx {
+ " using auth method [%s] is not available", originalAuthMethod));
}
+ AuthData originalAuthDataCopy = AuthData.of(connect.getOriginalAuthData().getBytes());
originalAuthState = originalAuthenticationProvider.newAuthState(
- AuthData.of(connect.getOriginalAuthData().getBytes()),
+ originalAuthDataCopy,
remoteAddress,
sslSession);
+ originalAuthState.authenticate(originalAuthDataCopy);
originalAuthData = originalAuthState.getAuthDataSource();
originalPrincipal = originalAuthState.getAuthRole();