merlimat commented on a change in pull request #5718: [WIP][Issue 5712][broker]
Auth provider superuser
URL: https://github.com/apache/pulsar/pull/5718#discussion_r349200653
##########
File path:
pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
##########
@@ -200,8 +200,21 @@ protected void validateSuperUserAccess() {
}
log.debug("Successfully authorized {} (proxied by {}) as
super-user",
originalPrincipal, appId);
- } else if (!config().getSuperUserRoles().contains(appId)) {
- throw new RestException(Status.UNAUTHORIZED, "This operation
requires super-user access");
+ } else {
+ CompletableFuture<Boolean> isSuperUserFuture;
+ try {
+ isSuperUserFuture = pulsar.getBrokerService()
+ .getAuthorizationService()
+ .isSuperUser(appId);
+
+ if (!isSuperUserFuture.get()) {
+ throw new RestException(Status.UNAUTHORIZED, "This
operation requires super-user access");
+ }
+ } catch (InterruptedException | ExecutionException e) {
Review comment:
Using `.join()` instead of `.get()` would simplify the code here. In any
case an exception thrown will trigger a 500 error.
eg:
```java
if (!pulsar.getBrokerService()
.getAuthorizationService()
.isSuperUser(appId)
.join()) {
throw new RestException(Status.UNAUTHORIZED, "This operation requires
super-user access");
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
