You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by zh...@apache.org on 2019/07/19 01:05:37 UTC

[pulsar] branch master updated: Remove fixed server type check in kerberos client (#4758)

This is an automated email from the ASF dual-hosted git repository.

zhaijia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new f5b20cd  Remove fixed server type check in kerberos client (#4758)
f5b20cd is described below

commit f5b20cd3f08513fb82d93a22b2019753ae698e44
Author: Yong Zhang <zh...@gmail.com>
AuthorDate: Fri Jul 19 09:05:31 2019 +0800

    Remove fixed server type check in kerberos client (#4758)
    
    ## Motivation
    
    Currently, In Pulsar Kerberos authentication, The server type part of pulsar node principle is hard coded as "broker" and "proxy". The expected principle for pulsar nodes would be like "broker/brokera.host.name@your.com" or "proxy/proxyb.host.name@your.com".
    
    But some times, user may want to re-use existing principle like "u-service/host.name@some.com", to test and play around, then "u-service" will not match service type of "broker" or "proxy", and the authentication will be rejected.
    This change is to remove the check of "broker" or "proxy" service type check.
    
    ## Modifaction
    
    Remove the check of "broker" or "proxy" service type check.
---
 .../java/org/apache/pulsar/client/impl/auth/PulsarSaslClient.java  | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pulsar-client-auth-sasl/src/main/java/org/apache/pulsar/client/impl/auth/PulsarSaslClient.java b/pulsar-client-auth-sasl/src/main/java/org/apache/pulsar/client/impl/auth/PulsarSaslClient.java
index 59ee47c5e..c84754d 100644
--- a/pulsar-client-auth-sasl/src/main/java/org/apache/pulsar/client/impl/auth/PulsarSaslClient.java
+++ b/pulsar-client-auth-sasl/src/main/java/org/apache/pulsar/client/impl/auth/PulsarSaslClient.java
@@ -52,9 +52,10 @@ public class PulsarSaslClient {
     public PulsarSaslClient(String serverHostname, String serverType, Subject subject) throws SaslException {
         checkArgument(subject != null, "Cannot create SASL client with NULL JAAS subject");
         checkArgument(!Strings.isNullOrEmpty(serverHostname), "Cannot create SASL client with NUll server name");
-        checkArgument(serverType.equalsIgnoreCase(SaslConstants.SASL_BROKER_PROTOCOL) ||
-                serverType.equalsIgnoreCase(SaslConstants.SASL_PROXY_PROTOCOL),
-            "Server type [" + serverType + "] invalid, should be broker or proxy");
+        if (!serverType.equals(SaslConstants.SASL_BROKER_PROTOCOL) && !serverType
+                                                                           .equals(SaslConstants.SASL_PROXY_PROTOCOL)) {
+            log.warn("The server type {} is not recommended", serverType);
+        }
 
         String serverPrincipal = serverType.toLowerCase() + "/" + serverHostname;
         this.clientSubject = subject;