nodece commented on code in PR #19519:
URL: https://github.com/apache/pulsar/pull/19519#discussion_r1106723472
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java:
##########
@@ -737,15 +737,15 @@ public void authChallengeSuccessCallback(AuthData
authChallenge,
// 2. an authentication refresh, in which case we need to
refresh authenticationData
AuthenticationState authState = useOriginalAuthState ?
originalAuthState : this.authState;
String newAuthRole = authState.getAuthRole();
+ AuthenticationDataSource newAuthDataSource =
authState.getAuthDataSource();
- // Refresh the auth data.
- this.authenticationData = authState.getAuthDataSource();
- if (log.isDebugEnabled()) {
- log.debug("[{}] Auth data refreshed for role={}",
remoteAddress, this.authRole);
- }
-
+ // Refresh the auth data and role.
if (!useOriginalAuthState) {
this.authRole = newAuthRole;
+ this.authenticationData = newAuthDataSource;
+ } else {
+ this.originalAuthData = newAuthDataSource;
+ this.originalPrincipal = newAuthRole;
Review Comment:
Simplifying the authentication process is an important thing, I also think
is a good goal, but I've thought about it and haven't found a way to do it yet,
so made this PR.
This PR does not affect the built-in plugins.
After `AuthChallenge`, once the AuthorizationProvider checks the role and
authentication data, which will find a mismatch, this happened in our project.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
