You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by te...@apache.org on 2022/08/08 09:24:20 UTC
[pulsar] 04/11: [improve][doc] Add more configuration methods for basic authentication (#16941)
This is an automated email from the ASF dual-hosted git repository.
technoboy pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit f58acfa834bb140a103860255bb78af4f0238527
Author: Zixuan Liu <no...@gmail.com>
AuthorDate: Sun Aug 7 11:48:21 2022 +0800
[improve][doc] Add more configuration methods for basic authentication (#16941)
Signed-off-by: Zixuan Liu <no...@gmail.com>
---
site2/docs/security-basic-auth.md | 92 ++++++++++++++++++++++++++-------------
1 file changed, 62 insertions(+), 30 deletions(-)
diff --git a/site2/docs/security-basic-auth.md b/site2/docs/security-basic-auth.md
index 2585526bb47..4a211199edc 100644
--- a/site2/docs/security-basic-auth.md
+++ b/site2/docs/security-basic-auth.md
@@ -55,47 +55,63 @@ superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
## Enable basic authentication on brokers
-To configure brokers to authenticate clients, complete the following steps.
+To configure brokers to authenticate clients, add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file:
-1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
+```
+# Configuration to enable Basic authentication
+authenticationEnabled=true
+authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+basicAuthConf=file:///path/to/.htpasswd
+# basicAuthConf=/path/to/.htpasswd
+# When use the base64 format, you need to encode the .htpaswd content to bas64
+# basicAuthConf=data:;base64,YOUR-BASE64
+# basicAuthConf=YOUR-BASE64
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+# If this flag is set then the broker authenticates the original Auth data
+# else it just accepts the originalPrincipal and authorizes it (if required).
+authenticateOriginalAuthData=true
+```
- ```
- # Configuration to enable Basic authentication
- authenticationEnabled=true
- authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+:::note
- # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
- brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
- brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
- # If this flag is set then the broker authenticates the original Auth data
- # else it just accepts the originalPrincipal and authorizes it (if required).
- authenticateOriginalAuthData=true
- ```
-
-2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+:::
## Enable basic authentication on proxies
-To configure proxies to authenticate clients, complete the following steps.
+To configure proxies to authenticate clients, add the following parameters to the `conf/proxy.conf` file:
-1. Add the following parameters to the `conf/proxy.conf` file:
-
- ```
- # For clients connecting to the proxy
- authenticationEnabled=true
- authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+```
+# For clients connecting to the proxy
+authenticationEnabled=true
+authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+basicAuthConf=file:///path/to/.htpasswd
+# basicAuthConf=/path/to/.htpasswd
+# When use the base64 format, you need to encode the .htpaswd content to bas64
+# basicAuthConf=data:;base64,YOUR-BASE64
+# basicAuthConf=YOUR-BASE64
+
+# For the proxy to connect to brokers
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+# Whether client authorization credentials are forwarded to the broker for re-authorization.
+# Authentication must be enabled via authenticationEnabled=true for this to take effect.
+forwardAuthorizationCredentials=true
+```
- # For the proxy to connect to brokers
- brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
- brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+:::note
- # Whether client authorization credentials are forwarded to the broker for re-authorization.
- # Authentication must be enabled via authenticationEnabled=true for this to take effect.
- forwardAuthorizationCredentials=true
- ```
+You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
-2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+:::
## Configure basic authentication in CLI tools
@@ -124,4 +140,20 @@ The following example shows how to configure basic authentication when using Pul
```
</TabItem>
+ <TabItem value="C++" label="C++" default>
+
+ ```c++
+ #include <pulsar/Client.h>
+
+ int main() {
+ pulsar::ClientConfiguration config;
+ AuthenticationPtr auth = pulsar::AuthBasic::create("admin", "123456")
+ config.setAuth(auth);
+ pulsar::Client client("pulsar://broker.example.com:6650/", config);
+
+ return 0;
+ }
+ ```
+
+ </TabItem>
</Tabs>