This is an automated email from the ASF dual-hosted git repository.
zixuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new c875365c648 [fix][broker] Let TokenAuthState update
authenticationDataSource (#19282)
c875365c648 is described below
commit c875365c648584910b1b2de4cf8492121f4e0c4e
Author: Michael Marshall <[email protected]>
AuthorDate: Fri Jan 20 01:35:55 2023 -0600
[fix][broker] Let TokenAuthState update authenticationDataSource (#19282)
---
.../AuthenticationProviderToken.java | 9 ++++++
.../AuthenticationProviderTokenTest.java | 36 ++++++++++++++++++++++
2 files changed, 45 insertions(+)
diff --git
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java
index bc72d4b4ea9..61235caa20b 100644
---
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java
+++
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java
@@ -331,6 +331,8 @@ public class AuthenticationProviderToken implements
AuthenticationProvider {
private static final class TokenAuthenticationState implements
AuthenticationState {
private final AuthenticationProviderToken provider;
+ private final SocketAddress remoteAddress;
+ private final SSLSession sslSession;
private AuthenticationDataSource authenticationDataSource;
private Jwt<?, Claims> jwt;
private long expiration;
@@ -344,6 +346,8 @@ public class AuthenticationProviderToken implements
AuthenticationProvider {
String token = new String(authData.getBytes(), UTF_8);
this.authenticationDataSource = new
AuthenticationDataCommand(token, remoteAddress, sslSession);
this.checkExpiration(token);
+ this.remoteAddress = remoteAddress;
+ this.sslSession = sslSession;
}
TokenAuthenticationState(
@@ -359,6 +363,10 @@ public class AuthenticationProviderToken implements
AuthenticationProvider {
String token =
httpHeaderValue.substring(HTTP_HEADER_VALUE_PREFIX.length());
this.authenticationDataSource = new
AuthenticationDataHttps(request);
this.checkExpiration(token);
+
+ // These are not used when this constructor is invoked, set them
to null.
+ this.sslSession = null;
+ this.remoteAddress = null;
}
@Override
@@ -375,6 +383,7 @@ public class AuthenticationProviderToken implements
AuthenticationProvider {
public AuthData authenticate(AuthData authData) throws
AuthenticationException {
String token = new String(authData.getBytes(), UTF_8);
checkExpiration(token);
+ this.authenticationDataSource = new
AuthenticationDataCommand(token, remoteAddress, sslSession);
return null;
}
diff --git
a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java
b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java
index ee4534e1ab7..cd37bab8f5a 100644
---
a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java
+++
b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java
@@ -23,7 +23,9 @@ import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNotEquals;
import static org.testng.Assert.assertNotNull;
+import static org.testng.Assert.assertNull;
import static org.testng.Assert.assertTrue;
import static org.testng.Assert.fail;
import com.google.common.collect.Lists;
@@ -914,6 +916,40 @@ public class AuthenticationProviderTokenTest {
assertTrue(doFilter, "Authentication should have passed");
}
+ @Test
+ public void testTokenStateUpdatesAuthenticationDataSource() throws
Exception {
+ SecretKey secretKey =
AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
+
+ @Cleanup
+ AuthenticationProviderToken provider = new
AuthenticationProviderToken();
+
+ Properties properties = new Properties();
+
properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_SECRET_KEY,
+ AuthTokenUtils.encodeKeyBase64(secretKey));
+
+ ServiceConfiguration conf = new ServiceConfiguration();
+ conf.setProperties(properties);
+ provider.initialize(conf);
+
+ String firstToken = AuthTokenUtils.createToken(secretKey, SUBJECT,
Optional.empty());
+
+ AuthenticationState authState =
provider.newAuthState(AuthData.of(firstToken.getBytes()),null, null);
+
+ AuthenticationDataSource firstAuthDataSource =
authState.getAuthDataSource();
+ assertNotNull(firstAuthDataSource, "Should be initialized.");
+
+ String secondToken = AuthTokenUtils.createToken(secretKey, SUBJECT,
+ Optional.of(new Date(System.currentTimeMillis() +
TimeUnit.SECONDS.toMillis(3))));
+
+ AuthData challenge =
authState.authenticate(AuthData.of(secondToken.getBytes()));
+ AuthenticationDataSource secondAuthDataSource =
authState.getAuthDataSource();
+
+ assertNull(challenge, "TokenAuth doesn't respond with challenges");
+ assertNotNull(secondAuthDataSource, "Created authDataSource");
+
+ assertNotEquals(firstAuthDataSource, secondAuthDataSource);
+ }
+
private static String createTokenWithAudience(Key signingKey, String
audienceClaim, List<String> audience) {
JwtBuilder builder = Jwts.builder()
.setSubject(SUBJECT)
