[GitHub] [pulsar] rdhabalia commented on a change in pull request #6074: PIP-55: Refresh Authentication Credentials

Fri, 24 Jan 2020 14:11:24 -0800 

rdhabalia commented on a change in pull request #6074: PIP-55: Refresh 
Authentication Credentials
URL: https://github.com/apache/pulsar/pull/6074#discussion_r370864152
 
 

 ##########
 File path: 
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
 ##########
 @@ -497,8 +523,60 @@ private void doAuthentication(AuthData clientData,
             log.debug("[{}] Authentication in progress client by method {}.",
                 remoteAddress, authMethod);
         }
-        state = State.Connecting;
-        return;
+        return State.Connecting;
+    }
+
+    public void refreshAuthenticationCredentials() {
+        if (getState() != State.Connected || !isActive) {
+            // Connection is either still being established or already closed.
+            return;
+        }
+
+        AuthenticationState authState = this.originalAuthState != null ? 
originalAuthState : this.authState;
+        if (authState != null && !authState.isExpired()) {
+            // Credentials are still valid. Nothing to do at this point
+            return;
+        }
+
+        if (originalPrincipal != null && originalAuthState == null) {
+            log.info(
+                    "[{}] Cannot revalidate user credential when using proxy 
and not forwarding the credentials. Closing connection",
+                    remoteAddress);
+            return;
+        }
+
+        ctx.executor().execute(SafeRun.safeRun(() -> {
+            log.info("[{}] Refreshing authentication credentials", 
remoteAddress);
+
+            if (!supportsAuthenticationRefresh()) {
+                log.warn("[{}] Closing connection because client doesn't 
support auth credentials refresh", remoteAddress);
+                ctx.close();
 
 Review comment:
   if client doesn't support then let's not change the behavior and don't close 
the connection, because closing connection will interrupt the client side 
processing and it requires them to upgrade client lib immediately if client 
wants to fix auto disconnect. So, we don't want our client to complain for such 
changed behavior which requires them to upgrade client lib.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to