Hi Prabhaker, Bookie exposes only one client port, and in order to use TLS we are using the StartTLS approach, so the client requires to upgrade to TLS mode once the connection is established.
you have two ways to achive your goal: 1) Enable client TLS authentication with tlsClientAuthentication=true but this way you have to provide TLS certificates to clients and provide a trust store to the bookies 2) You can add an Auth plugin that performs the check you want: This is a relevant test case in BookKeeper repository that is a good example https://github.com/apache/bookkeeper/blob/master/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java#L498 In my opinion it would be easy to add some out-of-the-box support to forbid access to unsecured clients or provide such Auth Plugin in the standard bookeeper bundle Best regards Enrico Il giorno mar 17 dic 2019 alle ore 10:08 <[email protected]> ha scritto: > Hi Team, > > > > I am working for a group which is using apache bookkeeper 4.7.3, I am > trying to enable tls in apache bookkeeper I have added tls properties in > the bk_server.conf file and I have created a sample java application which > communicates to the bookkeeper server, the problem that I am facing is that > the bookkeeper is tls enabled and the client is not tls enabled even then > the client can communicate to the server which shouldn't be happening, can > you let me know why this might be happening. I have attached the > bk_server.conf file as well as the java client code in the mail as well. > > > > Thanks, > > Prabhaker Saxena >
