This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 2a27e7bf624 [fix][broker]Fixed produce and consume when
anonymousUserRole enabled (#21237)
2a27e7bf624 is described below
commit 2a27e7bf624755bf62f3b6d911ced4e27de1e60e
Author: Guangning E <[email protected]>
AuthorDate: Sun Sep 24 20:22:59 2023 +0800
[fix][broker]Fixed produce and consume when anonymousUserRole enabled
(#21237)
---
.../apache/pulsar/broker/service/ServerCnx.java | 19 +++++++++---
.../pulsar/broker/service/ServerCnxTest.java | 35 ++++++++++++++++++++++
2 files changed, 50 insertions(+), 4 deletions(-)
diff --git
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
index 5809e1297fc..0517fff0f03 100644
---
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
+++
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
@@ -990,7 +990,6 @@ public class ServerCnx extends PulsarHandler implements
TransportCnx {
try {
byte[] authData = connect.hasAuthData() ? connect.getAuthData() :
emptyArray;
AuthData clientData = AuthData.of(authData);
-
// init authentication
if (connect.hasAuthMethodName()) {
authMethod = connect.getAuthMethodName();
@@ -1049,10 +1048,22 @@ public class ServerCnx extends PulsarHandler implements
TransportCnx {
.getAuthenticationService()
.getAuthenticationProvider(originalAuthMethod);
+ /**
+ * When both the broker and the proxy are configured with
anonymousUserRole
+ * if the client does not configure an authentication method
+ * the proxy side will set the value of anonymousUserRole to
clientAuthRole when it creates a connection
+ * and the value of clientAuthMethod will be none.
+ * Similarly, should also set the value of authRole to
anonymousUserRole on the broker side.
+ */
if (originalAuthenticationProvider == null) {
- throw new AuthenticationException(
- String.format("Can't find AuthenticationProvider
for original role"
- + " using auth method [%s] is not
available", originalAuthMethod));
+ authRole =
getBrokerService().getAuthenticationService().getAnonymousUserRole()
+ .orElseThrow(() ->
+ new AuthenticationException("No anonymous
role, and can't find "
+ + "AuthenticationProvider for
original role using auth method "
+ + "[" + originalAuthMethod + "] is
not available"));
+ originalPrincipal = authRole;
+ completeConnect(clientProtocolVersion, clientVersion);
+ return;
}
originalAuthDataCopy =
AuthData.of(connect.getOriginalAuthData().getBytes());
diff --git
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ServerCnxTest.java
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ServerCnxTest.java
index 2ea5e28880b..5fd48819813 100644
---
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ServerCnxTest.java
+++
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ServerCnxTest.java
@@ -506,6 +506,41 @@ public class ServerCnxTest {
channel.finish();
}
+ @Test(timeOut = 30000)
+ public void
testConnectCommandWithPassingOriginalAuthDataAndSetAnonymousUserRole() throws
Exception {
+ AuthenticationService authenticationService =
mock(AuthenticationService.class);
+ AuthenticationProvider authenticationProvider = new
MockAuthenticationProvider();
+ String authMethodName = authenticationProvider.getAuthMethodName();
+
+ String anonymousUserRole = "admin";
+
when(brokerService.getAuthenticationService()).thenReturn(authenticationService);
+
when(authenticationService.getAuthenticationProvider(authMethodName)).thenReturn(authenticationProvider);
+
when(authenticationService.getAnonymousUserRole()).thenReturn(Optional.of(anonymousUserRole));
+ svcConfig.setAuthenticationEnabled(true);
+ svcConfig.setAuthenticateOriginalAuthData(true);
+ svcConfig.setProxyRoles(Collections.singleton("pass.proxy"));
+ svcConfig.setAnonymousUserRole(anonymousUserRole);
+
+ resetChannel();
+ assertTrue(channel.isActive());
+ assertEquals(serverCnx.getState(), State.Start);
+
+ // When both the proxy and the broker set the anonymousUserRole option
+ // the proxy will use anonymousUserRole to delegate the client's role
when connecting.
+ ByteBuf clientCommand = Commands.newConnect(authMethodName,
"pass.proxy", 1, null,
+ null, anonymousUserRole, null, null);
+ channel.writeInbound(clientCommand);
+
+ Object response1 = getResponse();
+ assertTrue(response1 instanceof CommandConnected);
+ assertEquals(serverCnx.getState(), State.Connected);
+ assertEquals(serverCnx.getAuthRole(), anonymousUserRole);
+ assertEquals(serverCnx.getPrincipal(), anonymousUserRole);
+ assertEquals(serverCnx.getOriginalPrincipal(), anonymousUserRole);
+ assertTrue(serverCnx.isActive());
+ channel.finish();
+ }
+
@Test(timeOut = 30000)
public void testConnectCommandWithPassingOriginalPrincipal() throws
Exception {
AuthenticationService authenticationService =
mock(AuthenticationService.class);
