sijie commented on a change in pull request #3677: [WIP]PIP-30: interface and
mutual change authentication
URL: https://github.com/apache/pulsar/pull/3677#discussion_r259895483
##########
File path:
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
##########
@@ -446,36 +453,68 @@ private String getOriginalPrincipal(String
originalAuthData, String originalAuth
return originalPrincipal;
}
+ private boolean isMutualAuthenticationMethod() {
+ return false;
+ }
+
@Override
protected void handleConnect(CommandConnect connect) {
checkArgument(state == State.Start);
if (service.isAuthenticationEnabled()) {
try {
- String authMethod = "none";
if (connect.hasAuthMethodName()) {
authMethod = connect.getAuthMethodName();
} else if (connect.hasAuthMethod()) {
// Legacy client is passing enum
authMethod =
connect.getAuthMethod().name().substring(10).toLowerCase();
}
- String authData = connect.getAuthData().toStringUtf8();
- ChannelHandler sslHandler =
ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
- SSLSession sslSession = null;
- if (sslHandler != null) {
- sslSession = ((SslHandler)
sslHandler).engine().getSession();
- }
- originalPrincipal = getOriginalPrincipal(
+ byte[] clientData = connect.getAuthData().toByteArray();
+
+ // init authenticationState.
+ if (authState == null) {
+ ChannelHandler sslHandler =
ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
+ SSLSession sslSession = null;
+ if (sslHandler != null) {
+ sslSession = ((SslHandler)
sslHandler).engine().getSession();
+ }
+ originalPrincipal = getOriginalPrincipal(
connect.hasOriginalAuthData() ?
connect.getOriginalAuthData() : null,
connect.hasOriginalAuthMethod() ?
connect.getOriginalAuthMethod() : null,
connect.hasOriginalPrincipal() ?
connect.getOriginalPrincipal() : null,
sslSession);
- authenticationData = new AuthenticationDataCommand(authData,
remoteAddress, sslSession);
- authRole = getBrokerService().getAuthenticationService()
- .authenticate(authenticationData, authMethod);
- log.info("[{}] Client successfully authenticated with {} role
{} and originalPrincipal {}", remoteAddress, authMethod, authRole,
originalPrincipal);
- } catch (AuthenticationException e) {
+ authenticationProvider = getBrokerService()
+ .getAuthenticationService()
+ .getAuthenticationProvider(authMethod);
+
+ if (isMutualAuthenticationMethod()) {
Review comment:
why this has to be if..else? Can't just provide `clientData` to
newAuthDataSource()?
e.g. `authenticationData =
authenticationProvider.getAuthDataSource(clientData);`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
