You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/03/22 02:37:53 UTC

[GitHub] [pulsar] Anonymitaet commented on a change in pull request #14773: [feature][doc][Do-not-merge] Add doc for how to use MultiRolesTokenAuthorizationProvider

Anonymitaet commented on a change in pull request #14773:
URL: https://github.com/apache/pulsar/pull/14773#discussion_r831719184



##########
File path: site2/docs/security-authorization.md
##########
@@ -98,3 +98,15 @@ PulsarAdmin admin = PulsarAdmin.builder()
                     .tlsTrustCertsFilePath("/path/to/trust/cert")
                     .build();
 ```
+
+## Authorize an authenticated client with multiple roles
+
+When a client is identified with multiple roles in a token (the type of role claim in the token is an array) during the authentication process, Pulsar supports to check the permissions of all the roles and further authorize the client as long as one of its roles has the required permissions.
+
+> Note: This authorization method is only compatible with [JWT authentication](security-jwt.md).

Review comment:
       ```suggestion
   > **Note**
   > This authorization method is only compatible with [JWT authentication](security-jwt.md).
   ```

##########
File path: site2/docs/security-authorization.md
##########
@@ -98,3 +98,15 @@ PulsarAdmin admin = PulsarAdmin.builder()
                     .tlsTrustCertsFilePath("/path/to/trust/cert")
                     .build();
 ```
+
+## Authorize an authenticated client with multiple roles
+
+When a client is identified with multiple roles in a token (the type of role claim in the token is an array) during the authentication process, Pulsar supports to check the permissions of all the roles and further authorize the client as long as one of its roles has the required permissions.
+
+> Note: This authorization method is only compatible with [JWT authentication](security-jwt.md).
+
+To enable the support, configure the authorization provider as `MultiRolesTokenAuthorizationProvider` in the `conf/broker.conf` file.

Review comment:
       do we need to configure it in the `conf/standalone.conf` file? @RobertIndie 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org