[GitHub] [pulsar] nodece commented on a diff in pull request #17831: [fix][proxy] Fix refresh client auth

Thu, 29 Sep 2022 03:48:42 -0700 


nodece commented on code in PR #17831:
URL: https://github.com/apache/pulsar/pull/17831#discussion_r983331693


##########
pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyClientCnx.java:
##########
@@ -54,10 +59,54 @@ protected ByteBuf newConnectCommand() throws Exception {
 
         authenticationDataProvider = 
authentication.getAuthData(remoteHostName);
         AuthData authData = 
authenticationDataProvider.authenticate(AuthData.INIT_AUTH_DATA);
-        return Commands.newConnect(authentication.getAuthMethodName(), 
authData, this.protocolVersion,
-            PulsarVersion.getVersion(), proxyToTargetBrokerAddress, 
clientAuthRole, clientAuthData,
-            clientAuthMethod);
+        return Commands.newConnect(authentication.getAuthMethodName(), 
authData, protocolVersion,
+                PulsarVersion.getVersion(), proxyToTargetBrokerAddress, 
clientAuthRole, clientAuthData,
+                clientAuthMethod);
     }
 
-    private static final Logger log = 
LoggerFactory.getLogger(ProxyClientCnx.class);
+    @Override
+    protected void handleAuthChallenge(CommandAuthChallenge authChallenge) {
+        checkArgument(authChallenge.hasChallenge());
+        checkArgument(authChallenge.getChallenge().hasAuthData());
+
+        boolean isRefresh = Arrays.equals(AuthData.REFRESH_AUTH_DATA_BYTES, 
authChallenge.getChallenge().getAuthData());
+        if (!forwardClientAuthData || !isRefresh) {
+            super.handleAuthChallenge(authChallenge);
+            return;
+        }
+
+        try {
+            if (log.isDebugEnabled()) {
+                log.debug("Proxy {} request to refresh the original client 
authentication data for "
+                        + "the proxy client {}", 
proxyConnection.ctx().channel(), ctx.channel());
+            }
+
+            
proxyConnection.ctx().writeAndFlush(Commands.newAuthChallenge(clientAuthMethod, 
AuthData.REFRESH_AUTH_DATA,

Review Comment:
   It looks like it could be improved, but I remember there's only one 
connection here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to