You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/05/26 06:27:15 UTC

[GitHub] [pulsar] nodece commented on a diff in pull request #15799: [improve][doc] Add support for chained authentication providers with the same auth method name

nodece commented on code in PR #15799:
URL: https://github.com/apache/pulsar/pull/15799#discussion_r882356334


##########
site2/docs/security-extending.md:
##########
@@ -52,7 +52,19 @@ authenticationProviders=
 
 ```
 
-For the implementation of the `org.apache.pulsar.broker.authentication.AuthenticationProvider` interface, refer to [here](https://github.com/apache/pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProvider.java).
+:::tip
+
+Pulsar supports an authentication provider chain that contains multiple authentication providers with the same authentication method name. 
+
+For example, your Pulsar cluster uses JSON Web Token (JWT) authentication and you want to upgrade it to use OAuth2.0 authentication. Both JWT and OAuth2.0 share the same authentication method name. In this case, you can chain the two class names in `authenticationProviders` and separate them by using a comma.
+
+```properties
+authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderJWT,org.apache.pulsar.broker.authentication.AuthenticationProviderOAuth2

Review Comment:
   > The chained authentication providers means multiple authentication providers can be configured at the same time. For example, with the following config
   > 
   > ```ini
   > authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls,org.apache.pulsar.broker.authentication.AuthenticationProviderToken
   > ```
   > 
   > Pulsar can enable authentication for [JWT](https://pulsar.apache.org/docs/next/security-jwt/#enable-token-authentication-on-brokers) and [TLS](https://pulsar.apache.org/docs/next/security-tls-authentication#enable-tls-authentication-on-brokers) at the same time.
   
   The old version can also do this thing. 
   
   The chained authentication version can support you configure the multiple authentication providers that has same auth name.
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org