michaeljmarshall opened a new issue, #20237: URL: https://github.com/apache/pulsar/issues/20237
## Problem The current `AuthenticationProvider` interface has the following method: https://github.com/apache/pulsar/blob/fb7f14ceb04d612e456b2e5a834385ae3a97f68f/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProvider.java#L158-L174 The `HttpServletResponse` appears to have been introduced for multi-stage http authentication, which is only used by the `AuthenticationProviderSasl`: https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderSasl.java#L229-L313 However, the WebSocket Proxy does not have access to an `HttpServletResponse`. It only has access to a `ServletUpgradeResponse`, as seen here: https://github.com/apache/pulsar/blob/516437e370a711d48fe1d444a0c47e64e7cf2f4b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java#L91-L122 Therefore, the current API does not allow for multi-phased http authentication. ## Observations `ServletUpgradeResponse` is a wrapper for `HttpServletResponse`, but it doesn't provide direct access. Does that mean we should add a new method to the `AuthenticationProvider` interface just for the WebSocket? For now, the current state is that multi-stage auth is not supported in the WebSocket proxy. This technically aligns with the current limitation that multi-stage auth is not available in the regular pulsar proxy #19291. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
