You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by li...@apache.org on 2022/05/27 10:21:27 UTC
[pulsar] branch master updated: [feature][doc] Add docs about how to use basic authentication (#15734)
This is an automated email from the ASF dual-hosted git repository.
liuyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new d5cfc9dc41d [feature][doc] Add docs about how to use basic authentication (#15734)
d5cfc9dc41d is described below
commit d5cfc9dc41d35d5c2d30ca16c3e8630ae63ac8c1
Author: momo-jun <60...@users.noreply.github.com>
AuthorDate: Fri May 27 18:21:21 2022 +0800
[feature][doc] Add docs about how to use basic authentication (#15734)
---
site2/docs/security-basic-auth.md | 127 +++++++++++++++++++++
site2/docs/security-overview.md | 2 +-
site2/website/sidebars.json | 1 +
.../version-2.10.0/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.10.0/security-overview.md | 2 +-
.../version-2.8.0/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.8.0/security-overview.md | 3 +-
.../version-2.8.1/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.8.1/security-overview.md | 3 +-
.../version-2.8.2/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.8.2/security-overview.md | 3 +-
.../version-2.8.3/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.8.3/security-overview.md | 3 +-
.../version-2.9.0/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.9.0/security-overview.md | 3 +-
.../version-2.9.1/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.9.1/security-overview.md | 3 +-
.../version-2.9.2/security-basic-auth.md | 127 +++++++++++++++++++++
.../version-2.9.2/security-overview.md | 2 +
.../version-2.10.0-sidebars.json | 4 +
.../versioned_sidebars/version-2.8.0-sidebars.json | 4 +
.../versioned_sidebars/version-2.8.1-sidebars.json | 4 +
.../versioned_sidebars/version-2.8.2-sidebars.json | 4 +
.../versioned_sidebars/version-2.8.3-sidebars.json | 4 +
.../versioned_sidebars/version-2.9.0-sidebars.json | 4 +
.../versioned_sidebars/version-2.9.1-sidebars.json | 4 +
.../versioned_sidebars/version-2.9.2-sidebars.json | 4 +
27 files changed, 1192 insertions(+), 8 deletions(-)
diff --git a/site2/docs/security-basic-auth.md b/site2/docs/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/docs/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/docs/security-overview.md b/site2/docs/security-overview.md
index 8cbaa0926aa..0d62358844d 100644
--- a/site2/docs/security-overview.md
+++ b/site2/docs/security-overview.md
@@ -31,6 +31,6 @@ Currently Pulsar supports the following authentication providers:
- [Kerberos authentication](security-kerberos)
- [JSON Web Token (JWT) authentication](security-jwt)
- [OAuth 2.0 authentication](security-oauth2)
-- Basic authentication
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/sidebars.json b/site2/website/sidebars.json
index 6322540ca1a..0fb5eb4c52e 100644
--- a/site2/website/sidebars.json
+++ b/site2/website/sidebars.json
@@ -145,6 +145,7 @@
"security-athenz",
"security-kerberos",
"security-oauth2",
+ "security-basic-auth",
"security-authorization",
"security-encryption",
"security-extending",
diff --git a/site2/website/versioned_docs/version-2.10.0/security-basic-auth.md b/site2/website/versioned_docs/version-2.10.0/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.10.0/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.10.0/security-overview.md b/site2/website/versioned_docs/version-2.10.0/security-overview.md
index 4b7b71085d1..2d59df5893d 100644
--- a/site2/website/versioned_docs/version-2.10.0/security-overview.md
+++ b/site2/website/versioned_docs/version-2.10.0/security-overview.md
@@ -32,6 +32,6 @@ Currently Pulsar supports the following authentication providers:
- [Kerberos authentication](security-kerberos)
- [JSON Web Token (JWT) authentication](security-jwt)
- [OAuth 2.0 authentication](security-oauth2)
-- Basic authentication
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_docs/version-2.8.0/security-basic-auth.md b/site2/website/versioned_docs/version-2.8.0/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.8.0/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.8.0/security-overview.md b/site2/website/versioned_docs/version-2.8.0/security-overview.md
index 82a289fb67e..3cea9b848c6 100644
--- a/site2/website/versioned_docs/version-2.8.0/security-overview.md
+++ b/site2/website/versioned_docs/version-2.8.0/security-overview.md
@@ -31,5 +31,6 @@ Currently Pulsar supports the following authentication providers:
- [Athenz](security-athenz)
- [Kerberos](security-kerberos)
- [JSON Web Token Authentication](security-jwt)
-
+- [OAuth 2.0 authentication](security-oauth2)
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_docs/version-2.8.1/security-basic-auth.md b/site2/website/versioned_docs/version-2.8.1/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.8.1/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.8.1/security-overview.md b/site2/website/versioned_docs/version-2.8.1/security-overview.md
index 82a289fb67e..3cea9b848c6 100644
--- a/site2/website/versioned_docs/version-2.8.1/security-overview.md
+++ b/site2/website/versioned_docs/version-2.8.1/security-overview.md
@@ -31,5 +31,6 @@ Currently Pulsar supports the following authentication providers:
- [Athenz](security-athenz)
- [Kerberos](security-kerberos)
- [JSON Web Token Authentication](security-jwt)
-
+- [OAuth 2.0 authentication](security-oauth2)
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_docs/version-2.8.2/security-basic-auth.md b/site2/website/versioned_docs/version-2.8.2/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.8.2/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.8.2/security-overview.md b/site2/website/versioned_docs/version-2.8.2/security-overview.md
index 82a289fb67e..3cea9b848c6 100644
--- a/site2/website/versioned_docs/version-2.8.2/security-overview.md
+++ b/site2/website/versioned_docs/version-2.8.2/security-overview.md
@@ -31,5 +31,6 @@ Currently Pulsar supports the following authentication providers:
- [Athenz](security-athenz)
- [Kerberos](security-kerberos)
- [JSON Web Token Authentication](security-jwt)
-
+- [OAuth 2.0 authentication](security-oauth2)
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_docs/version-2.8.3/security-basic-auth.md b/site2/website/versioned_docs/version-2.8.3/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.8.3/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.8.3/security-overview.md b/site2/website/versioned_docs/version-2.8.3/security-overview.md
index 82a289fb67e..3cea9b848c6 100644
--- a/site2/website/versioned_docs/version-2.8.3/security-overview.md
+++ b/site2/website/versioned_docs/version-2.8.3/security-overview.md
@@ -31,5 +31,6 @@ Currently Pulsar supports the following authentication providers:
- [Athenz](security-athenz)
- [Kerberos](security-kerberos)
- [JSON Web Token Authentication](security-jwt)
-
+- [OAuth 2.0 authentication](security-oauth2)
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_docs/version-2.9.0/security-basic-auth.md b/site2/website/versioned_docs/version-2.9.0/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.9.0/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.9.0/security-overview.md b/site2/website/versioned_docs/version-2.9.0/security-overview.md
index 82a289fb67e..3cea9b848c6 100644
--- a/site2/website/versioned_docs/version-2.9.0/security-overview.md
+++ b/site2/website/versioned_docs/version-2.9.0/security-overview.md
@@ -31,5 +31,6 @@ Currently Pulsar supports the following authentication providers:
- [Athenz](security-athenz)
- [Kerberos](security-kerberos)
- [JSON Web Token Authentication](security-jwt)
-
+- [OAuth 2.0 authentication](security-oauth2)
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_docs/version-2.9.1/security-basic-auth.md b/site2/website/versioned_docs/version-2.9.1/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.9.1/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.9.1/security-overview.md b/site2/website/versioned_docs/version-2.9.1/security-overview.md
index 82a289fb67e..3cea9b848c6 100644
--- a/site2/website/versioned_docs/version-2.9.1/security-overview.md
+++ b/site2/website/versioned_docs/version-2.9.1/security-overview.md
@@ -31,5 +31,6 @@ Currently Pulsar supports the following authentication providers:
- [Athenz](security-athenz)
- [Kerberos](security-kerberos)
- [JSON Web Token Authentication](security-jwt)
-
+- [OAuth 2.0 authentication](security-oauth2)
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_docs/version-2.9.2/security-basic-auth.md b/site2/website/versioned_docs/version-2.9.2/security-basic-auth.md
new file mode 100644
index 00000000000..2585526bb47
--- /dev/null
+++ b/site2/website/versioned_docs/version-2.9.2/security-basic-auth.md
@@ -0,0 +1,127 @@
+---
+id: security-basic-auth
+title: Authentication using HTTP basic
+sidebar_label: "Authentication using HTTP basic"
+---
+
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
+[Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.
+
+## Prerequisites
+
+Install [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) in your environment to create a password file for storing username-password pairs.
+
+* For Ubuntu/Debian, run the following command to install `htpasswd`.
+
+ ```
+ apt install apache2-utils
+ ```
+
+* For CentOS/RHEL, run the following command to install `htpasswd`.
+
+ ```
+ yum install httpd-tools
+ ```
+
+## Create your authentication file
+
+:::note
+Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.
+:::
+
+Create a password file named `.htpasswd` with a user account `superuser/admin`:
+* Use MD5 encryption (recommended):
+
+ ```
+ htpasswd -cmb /path/to/.htpasswd superuser admin
+ ```
+
+* Use CRYPT encryption:
+
+ ```
+ htpasswd -cdb /path/to/.htpasswd superuser admin
+ ```
+
+You can preview the content of your password file by running the following command:
+
+```
+cat path/to/.htpasswd
+superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
+```
+
+## Enable basic authentication on brokers
+
+To configure brokers to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+
+ ```
+ # Configuration to enable Basic authentication
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # If this flag is set then the broker authenticates the original Auth data
+ # else it just accepts the originalPrincipal and authorizes it (if required).
+ authenticateOriginalAuthData=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Enable basic authentication on proxies
+
+To configure proxies to authenticate clients, complete the following steps.
+
+1. Add the following parameters to the `conf/proxy.conf` file:
+
+ ```
+ # For clients connecting to the proxy
+ authenticationEnabled=true
+ authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+ # For the proxy to connect to brokers
+ brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+ brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+ # Whether client authorization credentials are forwarded to the broker for re-authorization.
+ # Authentication must be enabled via authenticationEnabled=true for this to take effect.
+ forwardAuthorizationCredentials=true
+ ```
+
+2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+## Configure basic authentication in CLI tools
+
+[Command-line tools](/docs/next/reference-cli-tools), such as [Pulsar-admin](/tools/pulsar-admin/), [Pulsar-perf](/tools/pulsar-perf/) and [Pulsar-client](/tools/pulsar-client/), use the `conf/client.conf` file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the `conf/client.conf` file.
+
+```
+authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+authParams={"userId":"superuser","password":"admin"}
+```
+
+
+## Configure basic authentication in Pulsar clients
+
+The following example shows how to configure basic authentication when using Pulsar clients.
+
+<Tabs>
+ <TabItem value="Java" label="Java" default>
+
+ ```java
+ AuthenticationBasic auth = new AuthenticationBasic();
+ auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
+ PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://broker.example.com:6650")
+ .authentication(auth)
+ .build();
+ ```
+
+ </TabItem>
+</Tabs>
diff --git a/site2/website/versioned_docs/version-2.9.2/security-overview.md b/site2/website/versioned_docs/version-2.9.2/security-overview.md
index 82a289fb67e..af1327314a8 100644
--- a/site2/website/versioned_docs/version-2.9.2/security-overview.md
+++ b/site2/website/versioned_docs/version-2.9.2/security-overview.md
@@ -31,5 +31,7 @@ Currently Pulsar supports the following authentication providers:
- [Athenz](security-athenz)
- [Kerberos](security-kerberos)
- [JSON Web Token Authentication](security-jwt)
+- [OAuth 2.0 authentication](security-oauth2)
+- [HTTP basic authentication](security-basic-auth)
diff --git a/site2/website/versioned_sidebars/version-2.10.0-sidebars.json b/site2/website/versioned_sidebars/version-2.10.0-sidebars.json
index 0c54cf7e69d..62b63e6a438 100644
--- a/site2/website/versioned_sidebars/version-2.10.0-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.10.0-sidebars.json
@@ -386,6 +386,10 @@
"type": "doc",
"id": "version-2.10.0/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.10.0/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.10.0/security-authorization"
diff --git a/site2/website/versioned_sidebars/version-2.8.0-sidebars.json b/site2/website/versioned_sidebars/version-2.8.0-sidebars.json
index 6fb95c8a1c9..93086cb7439 100644
--- a/site2/website/versioned_sidebars/version-2.8.0-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.8.0-sidebars.json
@@ -382,6 +382,10 @@
"type": "doc",
"id": "version-2.8.0/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.8.0/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.8.0/security-authorization"
diff --git a/site2/website/versioned_sidebars/version-2.8.1-sidebars.json b/site2/website/versioned_sidebars/version-2.8.1-sidebars.json
index 1c0d1bb19e2..a2663dfc1ab 100644
--- a/site2/website/versioned_sidebars/version-2.8.1-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.8.1-sidebars.json
@@ -382,6 +382,10 @@
"type": "doc",
"id": "version-2.8.1/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.8.1/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.8.1/security-authorization"
diff --git a/site2/website/versioned_sidebars/version-2.8.2-sidebars.json b/site2/website/versioned_sidebars/version-2.8.2-sidebars.json
index 2d23ba4eee8..e4042e191d7 100644
--- a/site2/website/versioned_sidebars/version-2.8.2-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.8.2-sidebars.json
@@ -382,6 +382,10 @@
"type": "doc",
"id": "version-2.8.2/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.8.2/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.8.2/security-authorization"
diff --git a/site2/website/versioned_sidebars/version-2.8.3-sidebars.json b/site2/website/versioned_sidebars/version-2.8.3-sidebars.json
index 4b7111c2fd7..aeeb61b6399 100644
--- a/site2/website/versioned_sidebars/version-2.8.3-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.8.3-sidebars.json
@@ -382,6 +382,10 @@
"type": "doc",
"id": "version-2.8.3/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.8.2/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.8.3/security-authorization"
diff --git a/site2/website/versioned_sidebars/version-2.9.0-sidebars.json b/site2/website/versioned_sidebars/version-2.9.0-sidebars.json
index 72961d55cba..ddad14652a4 100644
--- a/site2/website/versioned_sidebars/version-2.9.0-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.9.0-sidebars.json
@@ -382,6 +382,10 @@
"type": "doc",
"id": "version-2.9.0/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.9.0/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.9.0/security-authorization"
diff --git a/site2/website/versioned_sidebars/version-2.9.1-sidebars.json b/site2/website/versioned_sidebars/version-2.9.1-sidebars.json
index a155ed85dbf..e230a876636 100644
--- a/site2/website/versioned_sidebars/version-2.9.1-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.9.1-sidebars.json
@@ -382,6 +382,10 @@
"type": "doc",
"id": "version-2.9.1/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.9.1/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.9.1/security-authorization"
diff --git a/site2/website/versioned_sidebars/version-2.9.2-sidebars.json b/site2/website/versioned_sidebars/version-2.9.2-sidebars.json
index 1688c80d695..1972923755d 100644
--- a/site2/website/versioned_sidebars/version-2.9.2-sidebars.json
+++ b/site2/website/versioned_sidebars/version-2.9.2-sidebars.json
@@ -382,6 +382,10 @@
"type": "doc",
"id": "version-2.9.2/security-oauth2"
},
+ {
+ "type": "doc",
+ "id": "version-2.9.2/security-basic-auth"
+ },
{
"type": "doc",
"id": "version-2.9.2/security-authorization"