[GitHub] [pulsar] nodece commented on a diff in pull request #16201: [fix][broker] Fix passing incorrect authentication data

GitBox Fri, 24 Jun 2022 10:43:01 -0700


nodece commented on code in PR #16201:
URL: https://github.com/apache/pulsar/pull/16201#discussion_r906267103



##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java:
##########
@@ -382,19 +382,24 @@ private boolean invalidOriginalPrincipal(String 
originalPrincipal) {
     // ////
 
     private CompletableFuture<Boolean> isTopicOperationAllowed(TopicName 
topicName, TopicOperation operation,
-                    AuthenticationDataSource authData) {
+                    AuthenticationDataSource authDataSource, 
AuthenticationDataSource originalAuthDataSource) {
         if (!service.isAuthorizationEnabled()) {
             return CompletableFuture.completedFuture(true);
         }
         CompletableFuture<Boolean> isProxyAuthorizedFuture;
-        if (originalPrincipal != null) {
-            isProxyAuthorizedFuture = 
service.getAuthorizationService().allowTopicOperationAsync(
-                topicName, operation, originalPrincipal, authData);
+        if 
(service.getPulsar().getConfiguration().isAuthenticateOriginalAuthData()) {

Review Comment:
   There looks to have breaking change.
   
   In old version, when `authenticateOriginalAuthData() == false`, we checked 
the original permission, this is incorrect behavior.
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar] nodece commented on a diff in pull request #16201: [fix][broker] Fix passing incorrect authentication data

Reply via email to