michaeljmarshall commented on code in PR #19390:
URL: https://github.com/apache/pulsar/pull/19390#discussion_r1099690410
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java:
##########
@@ -971,6 +973,7 @@ protected void handleConnect(CommandConnect connect) {
authRole =
getBrokerService().getAuthenticationService().getAnonymousUserRole()
Review Comment:
> We have a case in which we don't want to check the proxy authentication in
the broker, only check the original authentication. Would you have any idea?
That context helps a lot, thanks! Is it possible to add a configuration to
the proxy so that it forwards the original authentication data as the
`authData` part of the `Connect` command? The broker wouldn't necessarily know
the connection is from the proxy, but I think this should be fine.
I think this discussion probably relates to
https://github.com/apache/pulsar/issues/19332. I have been thinking that our
authentication state integration between proxy and broker is very complicated
and doesn't appear to be working in all cases (see also
https://github.com/apache/pulsar/issues/19291).
It seems like we could always drop the proxy auth data in cases where the
authentication data can be forwarded.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
