michaeljmarshall commented on code in PR #593: URL: https://github.com/apache/pulsar-site/pull/593#discussion_r1212570856
########## versioned_docs/version-2.10.x/security-authorization.md: ########## @@ -38,6 +38,12 @@ By default, the broker treats the connection between a proxy and the broker as a Pulsar uses *Proxy roles* to enable the authentication. Proxy roles are specified in the broker configuration file, [`conf/broker.conf`](reference-configuration.md#broker). If a client that is authenticated with a broker is one of its ```proxyRoles```, all requests from that client must also carry information about the role of the client that is authenticated with the proxy. This information is called the *original principal*. If the *original principal* is absent, the client is not able to access anything. +:::note + +Starting from 2.10.4, if a Proxy is not correctly configured to use a role that is in the `proxyRoles`, the connection will get rejected. Review Comment: This requirement was only introduced in 3.0.0. It isn't present for any prior versions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
