BewareMyPower commented on code in PR #15799: URL: https://github.com/apache/pulsar/pull/15799#discussion_r882324800
########## site2/docs/security-extending.md: ########## @@ -52,7 +52,19 @@ authenticationProviders= ``` -For the implementation of the `org.apache.pulsar.broker.authentication.AuthenticationProvider` interface, refer to [here](https://github.com/apache/pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProvider.java). +:::tip + +Pulsar supports an authentication provider chain that contains multiple authentication providers with the same authentication method name. + +For example, your Pulsar cluster uses JSON Web Token (JWT) authentication and you want to upgrade it to use OAuth2.0 authentication. Both JWT and OAuth2.0 share the same authentication method name. In this case, you can chain the two class names in `authenticationProviders` and separate them by using a comma. + +```properties +authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderJWT,org.apache.pulsar.broker.authentication.AuthenticationProviderOAuth2 Review Comment: The chained authentication providers means multiple authentication providers can be configured at the same time. For example, with the following config ```properties authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls,org.apache.pulsar.broker.authentication.AuthenticationProviderToken ``` Pulsar can enable authentication for [JWT](https://pulsar.apache.org/docs/next/security-jwt/#enable-token-authentication-on-brokers) and [TLS](https://pulsar.apache.org/docs/next/security-tls-authentication#enable-tls-authentication-on-brokers) at the same time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
