This is an automated email from the ASF dual-hosted git repository. technoboy pushed a commit to branch branch-2.11 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit f58acfa834bb140a103860255bb78af4f0238527 Author: Zixuan Liu <[email protected]> AuthorDate: Sun Aug 7 11:48:21 2022 +0800 [improve][doc] Add more configuration methods for basic authentication (#16941) Signed-off-by: Zixuan Liu <[email protected]> --- site2/docs/security-basic-auth.md | 92 ++++++++++++++++++++++++++------------- 1 file changed, 62 insertions(+), 30 deletions(-) diff --git a/site2/docs/security-basic-auth.md b/site2/docs/security-basic-auth.md index 2585526bb47..4a211199edc 100644 --- a/site2/docs/security-basic-auth.md +++ b/site2/docs/security-basic-auth.md @@ -55,47 +55,63 @@ superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/ ## Enable basic authentication on brokers -To configure brokers to authenticate clients, complete the following steps. +To configure brokers to authenticate clients, add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file: -1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file. +``` +# Configuration to enable Basic authentication +authenticationEnabled=true +authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic + +basicAuthConf=file:///path/to/.htpasswd +# basicAuthConf=/path/to/.htpasswd +# When use the base64 format, you need to encode the .htpaswd content to bas64 +# basicAuthConf=data:;base64,YOUR-BASE64 +# basicAuthConf=YOUR-BASE64 + +# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters +brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic +brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"} + +# If this flag is set then the broker authenticates the original Auth data +# else it just accepts the originalPrincipal and authorizes it (if required). +authenticateOriginalAuthData=true +``` - ``` - # Configuration to enable Basic authentication - authenticationEnabled=true - authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic +:::note - # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters - brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic - brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"} +You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. - # If this flag is set then the broker authenticates the original Auth data - # else it just accepts the originalPrincipal and authorizes it (if required). - authenticateOriginalAuthData=true - ``` - -2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. +::: ## Enable basic authentication on proxies -To configure proxies to authenticate clients, complete the following steps. +To configure proxies to authenticate clients, add the following parameters to the `conf/proxy.conf` file: -1. Add the following parameters to the `conf/proxy.conf` file: - - ``` - # For clients connecting to the proxy - authenticationEnabled=true - authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic +``` +# For clients connecting to the proxy +authenticationEnabled=true +authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic + +basicAuthConf=file:///path/to/.htpasswd +# basicAuthConf=/path/to/.htpasswd +# When use the base64 format, you need to encode the .htpaswd content to bas64 +# basicAuthConf=data:;base64,YOUR-BASE64 +# basicAuthConf=YOUR-BASE64 + +# For the proxy to connect to brokers +brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic +brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"} + +# Whether client authorization credentials are forwarded to the broker for re-authorization. +# Authentication must be enabled via authenticationEnabled=true for this to take effect. +forwardAuthorizationCredentials=true +``` - # For the proxy to connect to brokers - brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic - brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"} +:::note - # Whether client authorization credentials are forwarded to the broker for re-authorization. - # Authentication must be enabled via authenticationEnabled=true for this to take effect. - forwardAuthorizationCredentials=true - ``` +You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. -2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. +::: ## Configure basic authentication in CLI tools @@ -124,4 +140,20 @@ The following example shows how to configure basic authentication when using Pul ``` </TabItem> + <TabItem value="C++" label="C++" default> + + ```c++ + #include <pulsar/Client.h> + + int main() { + pulsar::ClientConfiguration config; + AuthenticationPtr auth = pulsar::AuthBasic::create("admin", "123456") + config.setAuth(auth); + pulsar::Client client("pulsar://broker.example.com:6650/", config); + + return 0; + } + ``` + + </TabItem> </Tabs>
