You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by mm...@apache.org on 2023/02/17 04:53:39 UTC

[pulsar] 01/02: [fix][broker] Call originalAuthState.authenticate in ServerCnx

This is an automated email from the ASF dual-hosted git repository.

mmarshall pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit f9727ca7c18628d03362783a8feb8ce73bc67d07
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Thu Feb 16 22:37:16 2023 -0600

    [fix][broker] Call originalAuthState.authenticate in ServerCnx
    
    This change was introduced by https://github.com/apache/pulsar/pull/19295.
    
    That PR had more changes than are worth cherry-picking, though, so this
    commit only has the additional call to authenticate the original auth data.
    As a result, this commit is slightly less efficient because in some
    implementations, the authdata will be validated twice.
---
 .../src/main/java/org/apache/pulsar/broker/service/ServerCnx.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
index 74079620ca8..7bf602f185a 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
@@ -917,10 +917,12 @@ public class ServerCnx extends PulsarHandler implements TransportCnx {
                                     + " using auth method [%s] is not available", originalAuthMethod));
                 }
 
+                AuthData originalAuthDataCopy =  AuthData.of(connect.getOriginalAuthData().getBytes());
                 originalAuthState = originalAuthenticationProvider.newAuthState(
-                        AuthData.of(connect.getOriginalAuthData().getBytes()),
+                        originalAuthDataCopy,
                         remoteAddress,
                         sslSession);
+                originalAuthState.authenticate(originalAuthDataCopy);
                 originalAuthData = originalAuthState.getAuthDataSource();
                 originalPrincipal = originalAuthState.getAuthRole();