[GitHub] [pulsar] nodece commented on a diff in pull request #17831: [fix][proxy] Fix refresh client auth

Wed, 28 Sep 2022 22:26:09 -0700 


nodece commented on code in PR #17831:
URL: https://github.com/apache/pulsar/pull/17831#discussion_r983077155


##########
pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConnection.java:
##########
@@ -535,6 +542,42 @@ protected void handleAuthResponse(CommandAuthResponse 
authResponse) {
         try {
             AuthData clientData = 
AuthData.of(authResponse.getResponse().getAuthData());
             doAuthentication(clientData);
+            if (connectionPool != null && state == State.ProxyLookupRequests) {
+                if 
(service.getConfiguration().isForwardAuthorizationCredentials()) {
+                    connectionPool.getPool().values().forEach(n -> 
n.values().forEach(cnxFuture -> {
+                        String clientVersion;
+                        if (authResponse.hasClientVersion()) {
+                            clientVersion = authResponse.getClientVersion();
+                        } else {
+                            clientVersion = PulsarVersion.getVersion();
+                        }
+                        int protocolVersion;
+                        if (authResponse.hasProtocolVersion()) {
+                            protocolVersion = 
authResponse.getProtocolVersion();
+                        } else {
+                            protocolVersion = 
Commands.getCurrentProtocolVersion();
+                        }
+
+                        ByteBuf cmd =
+                                Commands.newAuthResponse(clientAuthMethod, 
clientData, protocolVersion, clientVersion);
+                        cnxFuture.thenAccept(clientCnx -> 
clientCnx.ctx().writeAndFlush(cmd)
+                                .addListener(writeFuture -> {
+                                    if (writeFuture.isSuccess()) {
+                                        if (LOG.isDebugEnabled()) {
+                                            LOG.debug(
+                                                    "{} authentication is 
refreshed successfully by {}, auth method: {} ",
+                                                    clientCnx.ctx().channel(), 
ctx.channel(), clientAuthMethod);
+                                        }
+                                    } else {
+                                        LOG.error("{} Failed to refresh 
request for mutual auth to client {}",
+                                                clientCnx.ctx().channel(),
+                                                writeFuture.cause());
+                                        
ctx.channel().pipeline().fireExceptionCaught(writeFuture.cause());

Review Comment:
   > If we write to the broker failed, should we retry or close the user client 
channel?
   Close the proxy client channel.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to