[GitHub] rdhabalia commented on a change in pull request #1002: Making Pulsar Proxy more secure

Thu, 11 Jan 2018 14:41:37 -0800 

rdhabalia commented on a change in pull request #1002: Making Pulsar Proxy more 
secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#discussion_r161081263
 
 

 ##########
 File path: 
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
 ##########
 @@ -174,77 +174,115 @@ public void exceptionCaught(ChannelHandlerContext ctx, 
Throwable cause) throws E
     @Override
     protected void handleLookup(CommandLookupTopic lookup) {
         final long requestId = lookup.getRequestId();
-        final String topic = lookup.getTopic();
+        final String topicName = lookup.getTopic();
         if (log.isDebugEnabled()) {
-            log.debug("[{}] Received Lookup from {} for {}", topic, 
remoteAddress, requestId);
-        }
-        final Semaphore lookupSemaphore = service.getLookupRequestSemaphore();
-        if (lookupSemaphore.tryAcquire()) {
-            lookupDestinationAsync(getBrokerService().pulsar(), 
DestinationName.get(topic), lookup.getAuthoritative(),
-                    getRole(), lookup.getRequestId()).handle((lookupResponse, 
ex) -> {
-                        if (ex == null) {
-                            ctx.writeAndFlush(lookupResponse);
-                        } else {
-                            // it should never happen
-                            log.warn("[{}] lookup failed with error {}, {}", 
remoteAddress, topic, ex.getMessage(), ex);
-                            ctx.writeAndFlush(
-                                    
newLookupErrorResponse(ServerError.ServiceNotReady, ex.getMessage(), 
requestId));
-                        }
-                        lookupSemaphore.release();
-                        return null;
-                    });
-        } else {
-            if (log.isDebugEnabled()) {
-                log.debug("[{}] Failed lookup due to too many lookup-requests 
{}", remoteAddress, topic);
-            }
-            
ctx.writeAndFlush(newLookupErrorResponse(ServerError.TooManyRequests,
-                    "Failed due to too many pending lookup requests", 
requestId));
+            log.debug("[{}] Received Lookup from {} for {}", topicName, 
remoteAddress, requestId);
         }
-
+        final String proxyClientAuthRole = lookup.hasOriginalPrincipal() ? 
lookup.getOriginalPrincipal() : this.proxyClientAuthRole;
 
 Review comment:
   can't we use `OriginalPrincipal` that broker received on `handleConnect()`? 
is this different auth-role?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to