michaeljmarshall commented on code in PR #19390:
URL: https://github.com/apache/pulsar/pull/19390#discussion_r1099631924
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java:
##########
@@ -971,6 +973,7 @@ protected void handleConnect(CommandConnect connect) {
authRole =
getBrokerService().getAuthenticationService().getAnonymousUserRole()
Review Comment:
> This means that the proxy cannot use the anonymous role to connect to the
broker
Yes, this is the design I am proposing we move towards. That is why I said
this earlier in this PR:
> I propose that we consider a proxy connecting as the anonymous role as a
misconfiguration.
> Usually, the proxy always enable the authentication feature, but we also
should consider a case that the proxy doesn't enable the authentication feature.
In this case, the broker wouldn't enable authentication either. In the admin
API, we only look for the original principal when the `authRole` is in the
`proxyRoles` set. Given that the proxy has to have at least as much permission
as the `originalPrincipal`, I do not see what the point of authentication would
be if the anonymous role is also a proxy role.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
