You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/05/26 05:17:44 UTC

[GitHub] [pulsar] BewareMyPower commented on a diff in pull request #15799: [improve][doc] Add information for chained authentication providers

BewareMyPower commented on code in PR #15799:
URL: https://github.com/apache/pulsar/pull/15799#discussion_r882322995


##########
site2/docs/security-extending.md:
##########
@@ -52,7 +52,19 @@ authenticationProviders=
 
 ```
 
-For the implementation of the `org.apache.pulsar.broker.authentication.AuthenticationProvider` interface, refer to [here](https://github.com/apache/pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProvider.java).
+:::tip
+
+Pulsar supports an authentication provider chain that contains multiple authentication providers with the same authentication method name. 
+
+For example, your Pulsar cluster uses JSON Web Token (JWT) authentication and you want to upgrade it to use OAuth2.0 authentication. Both JWT and OAuth2.0 share the same authentication method name. In this case, you can chain the two class names in `authenticationProviders` and separate them by using a comma.
+
+```properties
+authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderJWT,org.apache.pulsar.broker.authentication.AuthenticationProviderOAuth2

Review Comment:
   There is no `AuthenticationProviderJWT`, instead, it should be `AuthenticationProviderToken`.
   
   There is no `AuthenticationProviderOAuth2` in Pulsar repo as well. Pulsar uses `AuthenticationProviderToken`  to enable OAuth2 authentication as well, see https://pulsar.apache.org/docs/next/security-oauth2#broker-configuration.
   
   https://github.com/apache/pulsar/pull/9094 is not a PR that supports chained authentication providers, it supports chained authentication providers **with the same auth method name**.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org