tuteng opened a new issue #14404: URL: https://github.com/apache/pulsar/issues/14404
**Describe the bug** Currently, pulsar auth is divided into two parts, one is the authn and authz of the pulsar protocol (e.g. produce and consume) and the other is the authn and authz of the HTTP protocol (e.g. management of pulsar clusters), auth is divided into two phases authn and authz, currently in the authn phase will return a string role, authz phase will check this role's permissions, The string role contains very little information and that blocks some work in the authz phase, so in pulsar, there is an interface `AuthenticationDataSource` which is used to pass more information from the authn to the authz phase In auth, there are two classes `AuthenticationDataHttps` and `AuthenticationDataCommand` that implement this interface `AuthenticationDataSource`. AuthenticationDataCommand is used to pass the state information after the pulsar protocol authentication. `AuthenticationDataHttps` is used to pass the status information after the HTTP protocol authentication. `AuthenticationDataCommand` and `AuthenticationDataHttps` are both default implementations, but now for the pulsar protocol there is support for using user-defined implementations https://github.com/apache/pulsar/blob/master/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java#L817, that gives the user the ability to extend the auth state and pass more information, but for the HTTP protocol data does not yet support the use of user-defined data **To Reproduce** Steps to reproduce the behavior: 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' 4. See error **Expected behavior** A clear and concise description of what you expected to happen. **Screenshots** If applicable, add screenshots to help explain your problem. **Desktop (please complete the following information):** - OS: [e.g. iOS] **Additional context** Add any other context about the problem here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
