nodece commented on code in PR #19519:
URL: https://github.com/apache/pulsar/pull/19519#discussion_r1106729856
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java:
##########
@@ -737,15 +737,15 @@ public void authChallengeSuccessCallback(AuthData
authChallenge,
// 2. an authentication refresh, in which case we need to
refresh authenticationData
AuthenticationState authState = useOriginalAuthState ?
originalAuthState : this.authState;
String newAuthRole = authState.getAuthRole();
+ AuthenticationDataSource newAuthDataSource =
authState.getAuthDataSource();
- // Refresh the auth data.
- this.authenticationData = authState.getAuthDataSource();
- if (log.isDebugEnabled()) {
- log.debug("[{}] Auth data refreshed for role={}",
remoteAddress, this.authRole);
- }
-
+ // Refresh the auth data and role.
if (!useOriginalAuthState) {
this.authRole = newAuthRole;
+ this.authenticationData = newAuthDataSource;
+ } else {
+ this.originalAuthData = newAuthDataSource;
+ this.originalPrincipal = newAuthRole;
Review Comment:
> the `authRole` and the `originalPrincipal` are not allowed to change.
I suggest updating the role to keep correct with authentication data.
In the next logic, when the new role doesn't equal the old role, the broker
disconnects the client.
I don't know why it is so designed, but I still follow this rule. Maybe we
can remove this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
