michaeljmarshall commented on code in PR #19295:
URL: https://github.com/apache/pulsar/pull/19295#discussion_r1084406263
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/OneStageAuthenticationState.java:
##########
@@ -61,13 +80,47 @@ public AuthenticationDataSource getAuthDataSource() {
return authenticationDataSource;
}
+ /**
+ * Warning: this method is not intended to be called concurrently.
+ */
+ @Override
+ public CompletableFuture<AuthData> authenticateAsync(AuthData authData) {
+ if (authRole != null) {
+ // Authentication is already completed
+ return CompletableFuture.completedFuture(null);
+ }
+ this.authenticationDataSource = new AuthenticationDataCommand(
Review Comment:
> single-stage authentication doesn't refresh authentication data
Yes, that is what I mean. However, I don't agree that it means we need to
create a new `AuthenticationState`.
My understanding of the the protocol is that the `AuthenticationState`
method `isExpired` returns `true`, Pulsar will then call
`refreshAuthentication()` to get the bytes to send to the client. The client
responds with `AuthData`, and Pulsar passes the response to
`authenticate(AuthData)`. Since `isExpired` is always false for
`OneStateAuthenticationState`, there is no expectation of getting an
`AuthChallenge` back. The single stage authentication is truly one stage.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
