Anonymitaet commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r902670626
##########
site2/docs/getting-started-helm.md:
##########
@@ -422,12 +428,12 @@ Then you can proceed with the following steps:
3. In Pulsar Manager UI, you can create an environment.
- - Click `New Environment` button in the top-left corner.
+ - Click the `New Environment` button in the top-left corner.
- Type `pulsar-mini` for the field `Environment Name` in the popup window.
- Type `http://pulsar-mini-broker:8080` for the field `Service URL` in the
popup window.
- - Click `Confirm` button in the popup window.
+ - Click the `Confirm` button in the popup window.
Review Comment:
```suggestion
- Click **Confirm** in the popup window.
```
##########
site2/docs/getting-started-standalone.md:
##########
@@ -257,15 +257,14 @@ If you have started Pulsar successfully, you will see
`INFO`-level log messages
:::tip
-* The service is running on your terminal, which is under your direct control.
If you need to run other commands, open a new terminal window.
+* The service is running on your terminal, which is under your direct control.
If you need to run other commands, open a new terminal window.
+* To run the service as a background process, you can use the
`bin/pulsar-daemon start standalone` command. For more information, see
[pulsar-daemon](/docs/en/reference-cli-tools/#pulsar-daemon).
+* To perform a health check, you can use the `bin/pulsar-admin brokers
healthcheck` command. For more information, see [Pulsar-admin
docs](/tools/pulsar-admin/).
+* When you start a local standalone cluster, a `public/default`
[namespace](concepts-messaging.md#namespaces) is created automatically. The
namespace is used for development purposes. All Pulsar topics are managed
within namespaces. For more information, see
[Topics](concepts-messaging.md#topics).
+* By default, there is no encryption, authentication, or authorization
configured. Apache Pulsar can be accessed from a remote server without any
authorization. Refer to [Security Overview](security-overview) document to
secure your deployment.
Review Comment:
```suggestion
* To run the service as a background process, you can use the
`bin/pulsar-daemon start standalone` command. For more information, see
[pulsar-daemon](/docs/en/reference-cli-tools/#pulsar-daemon).
* To perform a health check, you can use the `bin/pulsar-admin brokers
healthcheck` command. For more information, see [Pulsar-admin
docs](/tools/pulsar-admin/).
* When you start a local standalone cluster, a `public/default`
[namespace](concepts-messaging.md#namespaces) is created automatically. The
namespace is used for development purposes. All Pulsar topics are managed
within namespaces. For more information, see
[Topics](concepts-messaging.md#topics).
* By default, there is no encryption, authentication, or authorization
configured. Apache Pulsar can be accessed from a remote server without any
authorization. For more information, see [Security Overview](security-overview)
document to secure your deployment.
```
keep consistent
##########
site2/docs/security-jwt.md:
##########
@@ -29,9 +29,11 @@
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJKb2UifQ.ipevRNuRP6HflG8cFKnmUPtypruRC4fb1DWtoLL6
Application specifies the token when you create the client instance. An
alternative is to pass a "token supplier" (a function that returns the token
when the client library needs one).
-> #### Always use TLS transport encryption
-> Sending a token is equivalent to sending a password over the wire. You had
better use TLS encryption all the time when you connect to the Pulsar service.
See
-> [Transport Encryption using TLS](security-tls-transport) for more details.
+:::note
+
+Always use TLS transport encryption when you connect to the Pulsar service,
because sending a token is equivalent to sending a password over the wire. See
[Transport Encryption using TLS](security-tls-transport) for more details.
Review Comment:
```suggestion
Always use TLS transport encryption when you connect to the Pulsar service
because sending a token is equivalent to sending a password over the wire. See
[Transport Encryption using TLS](security-tls-transport) for more details.
```
##########
site2/docs/security-jwt.md:
##########
@@ -298,29 +293,31 @@ tokenSecretKey=file:///path/to/secret.key
```
-### Enable token authentication on Proxies
+:::note
+
+Equivalent to `brokerClientAuthenticationParameters`, you need to configure
`authParams` in the `conf/client.conf` file.
-To configure proxies to authenticate clients, add the following parameters to
`proxy.conf`:
+:::
-The proxy uses its own token when connecting to brokers. You need to configure
the role token for this key pair in the `proxyRoles` of the brokers. For more
details, see the [authorization guide](security-authorization).
+### Enable token authentication on Proxies
+
+To configure proxies to authenticate clients, add the following parameters to
the `conf/proxy.conf` file.
```properties
# For clients connecting to the proxy
authenticationEnabled=true
-authorizationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
tokenSecretKey=file:///path/to/secret.key
# For the proxy to connect to brokers
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
brokerClientAuthenticationParameters={"token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw"}
-# Or, alternatively, read token from file
-# brokerClientAuthenticationParameters={"file":"///path/to/proxy-token.txt"}
-
-# Whether client authorization credentials are forwarded to the broker for
re-authorization.
-# Authentication must be enabled via authenticationEnabled=true for this to
take effect.
-forwardAuthorizationCredentials=true
+# Either configure the token string or specify to read it from a file. The
following three available formats are all valid:
+# brokerClientAuthenticationParameters={"token":"your-token-string"}
+# brokerClientAuthenticationParameters=token:your-token-string
+# brokerClientAuthenticationParameters=file:///path/to/token
```
+The proxy uses its own token when connecting to brokers. You need to configure
the role token for this key pair in the `proxyRoles` of the brokers. For more
details, refer to [authorization](security-authorization).
Review Comment:
```suggestion
The proxy uses its own token when connecting to brokers. You need to
configure the role token for this key pair in the `proxyRoles` of the brokers.
For more information, see [authorization](security-authorization).
```
same as above
##########
site2/docs/getting-started-helm.md:
##########
@@ -422,12 +428,12 @@ Then you can proceed with the following steps:
3. In Pulsar Manager UI, you can create an environment.
- - Click `New Environment` button in the top-left corner.
+ - Click the `New Environment` button in the top-left corner.
Review Comment:
```suggestion
- Click **New Environment** in the upper-left corner.
```
no `the` and bold:
https://docs.google.com/document/d/1lc5j4RtuLIzlEYCBo97AC8-U_3Erzs_lxpkDuseU0n4/edit#bookmark=kix.m5ccxnsf33mu
upper-left:
https://docs.google.com/document/d/1lc5j4RtuLIzlEYCBo97AC8-U_3Erzs_lxpkDuseU0n4/edit#bookmark=id.9erkgdfwfyp4
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
